What’s in the article?
- Trending threats and tactics in cybersecurity
- Ways to secure your network from these threats
There has been significant growth in the awareness of cybersecurity. However, cybercrime is still on the rise, and its damage costs expected to rise to $6 trillion by 2021, according to a report by Cybersecurity Ventures. Threats by cybercriminals are getting more sophisticated each day, and the magnitude of cyberattacks has grown. Tactics used by threat actors have evolved to increase the scale of damages from cyberattacks. As we draw close to the end of 2019, some threats have become more frequent, exploiting new, and previously existing vulnerabilities. Here are some of these trends in attacks that have been witnessed recently:
1. Google Chrome Zero-Day Exploit
Before diving into these trends and to avoid your being a new entry on this list, please update your Chrome browser by using the “Help | About Good Chrome “ menu option. The CVE-2019-13720 vulnerability allows an attacker to take control of the affected system. This vulnerability was discovered just before Halloween….spooky! With that said, the vulnerability only permits exploitation through certain specially crafted website, but a good phishing campaign is all it takes. Hopefully, this story dies with your updating your Chrome browser.
2. The Rise of Keylogger Agent Tesla
Agent Tesla is a program that can track keystrokes on a victim’s computer. This dates back to around 2014 and has gained popularity lately, especially in the third quarter of 2019. The surge in the use of the keylogger has been attributed to the ease of application and its efficiency. Threat actors find Agent Tesla a simple tool to execute their malicious activities on victims’ computers. The tool is readily available on the internet and can exploit vulnerabilities through various tactics.
The most commonly used tactic by cyber attackers is phishing, and its elusiveness against intrusion detection systems (IDS) makes the program’s execution on a victim’s computer frequently successful in the attack. Agent Tesla has eased threat actors’ work for stealing their victims’ credentials, including emails, usernames, and passwords, by tracking keystrokes made by the victims on the infected computer. The keylogger has advanced features in addition to taking snapshots of keystrokes. Agent Tesla allows the threat actor to remotely download and run programs on the victim’s system, steal passwords from several major internet browsers like Chrome and Firefox, and access the victim’s webcam. The keylogger also supports multiple languages, thus increasing its potential usability worldwide.
Agent Tesla and other keyloggers have become more attractive tools for exploiting vulnerabilities, especially in CVE-2017-11882, on systems as they are more powerful and effective compared to information stealers. The keyloggers are quickly delivered with barely any suspicion, to victims through files like documents. With little training or awareness on phishing, individuals and organizations could be tricked into running the keylogger in their system, exposing their policies to control by threat actors.
3. The decline of phishing-delivered ransomware-as-a-service (RaaS)
Ransomware has been a significant threat to businesses and individuals throughout the world. Most of the current ransomware encrypts files on the infected system or network. There are some few versions of such attacks that are known to erase data or block access to the target system using other systems such as locker ransomware.
Phishing is a common method of delivering ransomware attacks. This attack is known for widespread destruction and rampant use. Ransomware attack occasionally gives off large impact headlines. A June 2019 New York Times headline “Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000” shows just how significant such attacks could be.
Despite such striking headlines, phishing-delivered ransomware has been consistently declining since 2016, according to Cofense Analytics. The decline in ransomware-as-a-service is attributed to several factors. Such factors include the emerging protection technology, system patching, improved law enforcement of digital currency tracking, and costly infrastructure upkeep.
Also, threat actors depend on other secondary malware families such as data stealers like Emotet for efficient execution of an attack against high-value victims. These secondary malware families facilitate an effective attack vector, thereby increasing the success of phishing attempts. An IDS may not readily detect such attack vectors like Emotet, which is an email-borne Trojan that threat actors could use to install other attack tools. This Trojan has been offline for parts of this year, and a rumored resurfacing could increase email ransomware attacks.
4. Continued Preference for CVE-2017-11882 Microsoft Office Vulnerability to Deliver Phishing Campaigns
Cyber attackers have shown a consistent preference for the use of the CVE-2017-11882 Microsoft Office Vulnerability to deliver phishing attacks over the past two quarters. This attack exploits a vulnerability that exists in Microsoft Office software when the software fails to handle objects in memory properly. An attacker can successfully exploit the vulnerability and run arbitrary code in the context of the current user. Such attacks could lead to the attacker taking control of the affected system if the current user is logged on. A threat actor who has succeeded to gain access into the target network can install programs; view, change, or delete data; or create a new account with new user rights.
The equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 offer malware authors simple, logical bugs which they prefer. For this reason, CVE-2017-11882 and CVE-2018-0802 have become the most exploited bugs in MS Office. These vulnerabilities have proved reliable and have worked for threat actors since they were first exploited. Also, building an exploit for these vulnerabilities does not require advanced skills since the equation binary does not have any of the current protections and mitigations. IDS can help in monitoring network traffic and give signs of a suspicious activity or any anomalies. However, it may not offer any protection against the attack.
Following these trends, attackers will continue to use phishing delivery methods that work best for them and identify the most effective keyloggers for stealing victims’ credentials. Therefore, it is upon every individual or organization to protect their systems. Here are some few recommendations on how to protect your network:
Often, the point of interaction of the employees and the network is a weak point, preferably targeted by threat actors.Your firm needs to organize phishing training for its employees to equip them with the necessary knowledge to detect phishing attempts and take appropriate steps to stop the attack as soon as they are detected.
Having employees who have received security awareness training is the first step to network protection against cyber-attack. Such employees will be at a better position of avoiding careless acts such as accepting ‘invites to competitions’ or executing files from untrusted or unknown sources, following links provided by unknown or untrusted sources, and carelessly exposing their passwords. Security awareness training also improves your personnel’s cybersecurity skills to ensure they practice cyber hygiene and eliminate risks that may arise from their activities.
Deploying Network Intrusion Detection System for Threat Detection
Network intrusion detection systems monitor network traffic for any malicious activity that attackers may execute after penetrating the target network system. Detecting a ransomware attack at its early stage helps in dealing with the attack before the attacker causes any significant harm. Further, it can be more comfortable and more efficient, recovering from such successful attacks. It is also essential to regularly review all applicable logs, and proactively evaluate any potential vulnerabilities.
Update Your Security
One of the newest ways that threat actors go into your systems undetected by the intrusion detection systems is via your vendors. Vendors who have access to your cyberinfrastructure may have their vulnerabilities exploited by threat actors to, in turn, gain access to your systems. Such is a supply chain attack and can be kept in check through a vendor risk assessment. It is essential to identify and implement functional cybersecurity products that will cover each scope of such trending attacks to ensure that your network is secured firmly.
At the core, the initial step for a cybersecurity threat, that is before an attack can ever happen, is to stop it. Efficient tools at this face of attacks are significant to the healthiness of the system’s security. Intrusion detection systems that have the latest threat tactics and vulnerabilities configured can flag suspicious events like traffic from the network, detect ransomware, and spot an intrusion.
Risks arising from trending threats are easier to eliminate with proper cybersecurity infrastructure and employee training. Adopting efficient tools for identifying and detecting intrusions help you to locate security holes in your system and put efficient systems to eliminate the risks. Reducing the vulnerability that makes the trending threat possible makes it less preferred by threat actors and hence more secure network environment.
Training is essential for employees to help them participate in securing the systems as they are the first contact for targeted attacks, especially phishing. Being knowledgeable of old and new phishing tactics makes them alert and willing to report incidents that are abnormal for further scrutiny.
Helical’s security platform provides access to cybersecurity risk assessments, vendor risk assessments, IT security policy validation and enforcement, integrated monitoring of security and third party security solutions, and reporting, among other cybersecurity solutions. Contact us today for more information.
Tags: Cybersecurity risk assessments | Cybersecurity | Cybersecurity threats | Cybersecurity threat | Vendor risk assessment | Cybersecurity threat report | Threat report | 2019 cybersecurity threat report | 2019 threat report