Information technology is in many ways a blessing for modern society. But there are individuals and even entire structures who want to use them for their own enrichment or banal sabotage. Therefore, a confrontation between cyber fraudsters and information security specialists (IS) is going on now and will continue for a long time. While some are improving defense tools, others are inventing more sophisticated methods of attack.
As a result, a whole set of factors (human, technical, financial, temporal) and conditions that give rise to the likelihood of an information security violation is obtained. These are cyber threats that change and improve from year to year, as the mechanisms for their detection and elimination change.
Cyber threat Trends in 2020
- More than 50% of cyber attacks target information theft
- The main target of attacks in companies is personal data. For individuals - credentials and bank card details
- Mechanisms of hidden mining are improving due to the growth of the bitcoin rate
- Pinpoint attacks prevail over mass attacks
- The public sector is more likely to be infected by malware
- Cybercriminal group RTM escalates attacks on industrial companies due to their relatively weak security
- Attackers exploit supply chain management vulnerabilities in IT companies, as a result of which hacked supplier addresses become the target of phishing emails
- Attacks like Magecart on payment services are developing. Experts also detect traffic analyzers on sites that do not have a payment function
What Cyberthreats Are Currently Relevant?
1) Malicious Software
Multifunctional Trojans have the palm here, their main goal is extortion. These programs are able to:
- encrypt data (for example, DanaBot);
- remotely administer the victim's computer (monitor what is happening on the user's computer in real-time and intercept the mouse and keyboard);
- get access to the file system (sending and receiving files, creating and destroying them);
- intercept passwords (keylogger Trojans);
- bypass applications that interfere with their work.
Experts note that the RTM group began using the AZORult info-stealer. The Trojan is distributed via software sites as a data cleaning utility G-Cleaner or VPN Private Check. It is noteworthy that there are resources on the Internet offering to download and install an info-stealer, and users are actively discussing the advantages and disadvantages of this malicious software.
2) Social Engineering
Not only specialized services but also popular platforms, such as YouTube, are exposed to cyber threats using social engineering techniques. Attackers recently ran campaigns showing people in videos how to work with free bitcoin generators. Links to the generator were under the video, and clicking on it meant the automatic loading of the info-stealer. Another video hosting campaign distributed njRAT, a Remote Administration Tool.
Attackers are known to actively use the Microsoft Azure cloud computing service for fraudulent activities. Accordingly, and similar platforms need to be managed and protected.
3) Hacking
This technique is used to make changes to the program code to achieve certain goals.
In 2019, attackers targeted Docker, a platform for automatically deploying and managing applications in containerized environments. They are looking for a Docker API with public access, for which they scan the network for hosts with an open port 2375 (unencrypted socket with remote access without a password to the host).
If the configuration of the Docker container is incorrect, attackers can install the Dofloo ransomware Trojan into it. It takes over the computing power of the victims for hidden mining and DDoS attacks.
The problem with hacking is that due to untimely updates or the use of old versions of programs, attackers can hack them, using even outdated methods and tools for this.
4) Exploiting Web Vulnerabilities
Web vulnerabilities are used not only for their “intended purpose” - data theft - but also in order to draw the attention of the general public to an event. Suffice it to recall the talk of hacker attacks on the Pentagon or on Pakistani government agencies after the terrorist attack in February this year.
Currently, attacks on sites with online payment options, where attackers use MageCart JavaScript sniffers (these are scripts to steal payment card data), are relevant.
Sniffers are dangerous because users of the sites where they are installed are not able to understand the threat because malware works imperceptibly: a form for entering card data that is indistinguishable from a real form appears on the site page.
It is worth noting that such an interface should become available only upon the fact that the user is redirected to the secure page of the payment system operator. The very fact that it requires two times in a row to enter payment details on the website and on the page of the payment operator should inspire fear in the user! But this is often ignored.
Although the attacks mainly target payment systems and online stores, cybercriminals also hack sites without payment options in order, for example, to steal user personal data.
It remains to say that the authors of the MageCart attacks do not stand still and are constantly improving the scripts.
5) Selection of Credentials
This cyber threat exploits the most vulnerable area in information security - weak passwords. At the Ethiopian Information Network Security Agency (by the way, engaged in security), the passwords of three hundred employees turned out to be too simple, as a result of which they fell into the hands of third parties and were in the public domain. More than 50% of the agency's passwords are variations of "p @ $$ w0rd", and a few dozen more are the digital combination "123".
The credential stuffing technique does not lose its relevance. It lies in the fact that cyber fraudsters use stolen credential databases. Uniqlo and GU, online clothing stores from Japan and China, have been subjected to similar attacks.
In 2019, experts reported on attacks by the Brute botnet designed to brute-force remote access passwords using the RDP protocol. As a result, 1.5 million Windows PCs were attacked. The analysis has not yet shown why cybercriminals need this, possibly to sell stolen user data in the closed communities of the shadow Internet.
Tips to Use Some Preventive Measures
- All software should be kept up to date
- An advanced antivirus like total security or complete security with data recovery software needs to be installed
- Always there should be back up data before any data loss happen
- Employees should be given training about recent cyber threats and preventive measure
No comments:
Post a Comment