Cyber Attacks: Cybercriminals are always looking for new vulnerabilities to attack companies. Fortinet’s current quarterly, Global Threat Landscape Report shows that cyberattacks criminals are increasingly looking for new vulnerabilities on companies’ entire digital attack surface. Cyber attacks are becoming more and more sophisticated with evasive and anti-analysis processes. In addition, the Threat Landscape Index increased by almost four percent year-on-year and reached a new high this quarter. The increase is mainly due to the increase in malware and exploits activities.
Cyber Attacks: Criminals Bypass Threat Detection
Modern malware often already has features to bypass antivirus or other threat detection measures. Just recently, a large-scale spam campaign showed how attackers use and optimize these techniques. Phishing emails were sent that contained an Excel document with a malicious macro. The macro’s attributes were designed to disable security tools, execute arbitrary commands, and cause memory problems. In addition, it should be ensured that the macro could only be executed on Japanese systems. An xlDate variable, which the manufacturer has not yet documented, also played a role.
Another example is a variant of the Dridex banking Trojan, which changes the names and hashes of files each time the victim logs on. This makes it difficult to detect malware on infected host systems. The use of anti-analysis and evasive tactics is therefore increasing. Layered defense and behavior-based threat detection are therefore essential.
Cyber Attacks: Disguised Attacks Lead To Long-Term Threats
The Zest malware is the basic element of a spear-phishing campaign. As with other info stealers, the main target of the malware is to collect and export device information. Compared to other malware, however, Zegost has unique configurations in order not to be detected. For example, there is a function for clearing event logs. This type of cleanup is not seen with typical malware. Another evasive strategy from Zegost is an order that puts the info dealer in a kind of rest position until February 14, 2019. Only then did he start his infection routine. The cybercriminals behind Zegost use a whole arsenal of exploits. Your goal is to establish and maintain a connection with the targeted victim.
The Trend Is Towards More And More Targeted Attacks
Increased attacks on cities, local governments and educational institutions show that ransomware poses a serious threat to organizations. The trend is also moving away from mass attacks towards increasingly targeted attacks. Popular victims are companies that both fear sensitive data and are financially able to pay the ransom. In some cases that have come to light, cybercriminals have already carried out extensive research in advance. This enabled them to use their ransomware on carefully selected systems and thus maximize their chances of success.
One example of this is the “RobbinHood” ransomware. It was developed to attack a company’s network infrastructure. The malware can prevent data encryption by disabling Windows services and disconnecting shared drives. New ransomware called “Sodinokibi” could pose another threat to businesses. Functionally, it does not differ much from other current blackmail Trojans, but its attack vector is problematic. This exploits a newer vulnerability that allows arbitrary code execution. This means that no user interaction is necessary, as with other ransomware, which is delivered via phishing emails, for example.
Regardless of the attack vector, ransomware continues to pose a serious threat to companies. Regular patches and education about information security are therefore of fundamental importance. In addition, weaknesses in remote desktop protocols (RDP) such as Blue Keep show that cybercriminals can use remote access services as attack vectors to spread ransomware.
Cyber Attacks: IT Systems In Smaller Companies Are A New Target
Between the simple domestic printer network and the complex IT systems in companies with critical infrastructures (KRITIS), there are also more and more control systems for private households and smaller companies. Attackers have so far paid little attention to this, but that could change. Recently, increased activity on air conditioning, surveillance cameras and security systems has been detected. Building management solutions exhibited unusual behavior in one percent of the companies. At first glance, this doesn’t seem like much, but this rate is higher than normal with ICS or SCADA systems.
Cybercriminals are looking for new ways to gain access to control systems in homes and small businesses. Often such devices are classified as unimportant or are not under the control of an IT department. However, the security of such intelligent systems deserves more attention. Because: Access to these can have fatal consequences for security. Secure access is essential, especially concerning the trend towards remote workplaces.
Integrated And Automated Security Solutions
Dynamic, proactive and real-time threat intelligence can help identify trends and monitor attack patterns. In this way, companies can set priorities in their security strategy. However, this is only possible to a very limited extent if threat information is not available in real-time on every connected security tool. Only a comprehensive security architecture, a security fabric that is broadly designed, integrated and works automatically, can protect the entire network environment – IoT, edge, network core and multi-cloud – and offer scalability and speed.