Connect with us

Cyber Security

Cybercriminals Narrow Their Focus on SMBs: Acronis

Published

on

A Mid-year Cyberthreats Report 2021 by global cyber protection leader Acronis, warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. Released at Black Hat 2021 event, where Acronis was a Diamond sponsor, the report is an in-depth review of the cyber threat trends the company’s experts are tracking.

The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000. While that represents a major financial hit to any organization, those amounts would sound the death-knell for most SMBs, which Acronis believes is a major concern for the second half of 2021.

“While the increase in attacks affects organizations of all sizes, something that’s under-reported in the coverage of current cyber threat trends is the impact on the small business community,” explained Candid Wüest, Acronis VP of Cyber Protection Research. “Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats. That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”

By utilizing supply-chain attacks against managed service providers (MSPs), attackers gain access to both the MSP business and all of its clients. As seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021, one successful attack means they can breach hundreds or thousands of SMBs downstream. At Black Hat 2021, Wüest will provide an in-depth look at how supply-chain attacks against IT service providers pose a particular threat to SMBs in a session titled Ransomware Attacks Against MSPs – A Nightmare for SMBs.

Additional takeaways at the mid-year mark
Beyond the high-profile attacks that have dominated the headlines during the past six months and the concerns raised about the impact on MSPs and small businesses, the report also noted:

  • Phishing attacks are rampant. Using social engineering techniques to trick unwary users into clicking malicious attachments or links, phishing emails rose 62% from Q1 to Q2. That spike is of particular concern since 94% of malware is delivered by email. During the same period, Acronis blocked more than 393,000 phishing and malicious URLs for clients, preventing attackers from accessing valuable data and injecting malware into the client’s system.
  • Data exfiltration continues to increase. In 2020, more than 1,300 victims of ransomware had their data publicly leaked following an attack, as cybercriminals look to maximize the financial gain from successful incidents. During the first half of 2021, more than 1,100 data leaks have already been published – which projects a 70% increase for the year.
  • Remote workers continue to be a prime target. The reliance on remote workers continues in the wake of the COVID-19 pandemic. Two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities. As a result, attackers have been actively probing remote workers. Acronis observed more than twice the number of global cyberattacks, with a 300% increase in brute-force attacks against remote machines via RDP.

Creating the Cyberthreats Report Mid-year 2021
The Cyberthreats Report Mid-year 2021 is based on examining attack and threat data collected by the company’s global network of Acronis CPOCs, which monitor and research cyber threats 24/7. Malware data was collected by more than 250,000 unique endpoints around the world running Acronis Cyber Protect (either as a client of an MSP using Acronis Cyber Protect Cloud or a business running Acronis Cyber Protect 15). The mid-year update covers attacks targeting endpoints detected between January and June 2021.

The full report provides in-depth insights into the top security/threat trends the CPOCs observed during the first half of 2021, a review of malware families and related statistics, a deep dive into ransomware’s most dangerous groups, the vulnerabilities that contribute to successful attacks, and Acronis’ security recommendations for the remainder of 2021 and beyond.

Cyber Security

Telecom Sector: Cyber Attack Target Number One for Nation-State Actors

Published

on

Written by Roland Daccache, Systems Engineer Manager MEA, CrowdStrike

Telecommunications providers play a unique and crucial role in modern societies. Businesses, governments, and individuals rely on the smooth functioning of communications. However, it is precisely this centrality and ubiquitous presence of telecommunications systems that also make them valuable targets for governments and criminals worldwide.

Targeting the telecommunications sector is becoming more and more popular
The latest Overwatch Report from CrowdStrike shows that attacks on the telecommunications industry have more than doubled in the last 12 months. Overall, 40 percent of all targeted attack attempts detected by OverWatch experts were directed at this industry. Especially for nation-state actors, this target industry is very attractive, because targeted attacks can be used to realise their own surveillance, intelligence, and counterintelligence missions. It comes as no surprise that the telecommunications industry tops the list of the top 5 industry targets among nation-state actors.

Most attacks on telecom companies come from groups close to China. However, actors with an Iranian background have also been spotted attacking the telecom sector. The operations against telecommunication providers illustrate that the protection of sensitive data and critical infrastructure is becoming increasingly important. One more reason to take a close look at the constantly changing threat landscape and its actors is to find effective methods against their tools, techniques, and procedures (TTPs).

Attacks on the telecommunications industry – The typical TTPs
To gain initial access to their victim networks, communications sector attackers use a variety of techniques. Among the most common is spear phishing, exploiting vulnerabilities, compromising the supply chain, and misusing legitimate credentials.

Once the first step is taken, the attackers use native tools such as Windows Management Instrumentation or even various command and script interpreters such as Powershell to carry out their mission. To avoid detection and be able to carry out the attack without interference, the perpetrators keep looking for new hosts that offer the possibility to collect credentials to continue moving laterally through the target environment unnoticed.

To grab the desired credentials in Microsoft environments, attackers often use Mimikatz, read LSASS memory (often via comsvcs.dll or using ProcDump), or modify the WDigest registry key to store passwords in plain text.

In Linux environments, attackers often look at the contents of sensitive files, such as .bash_history, passwd, shadow, and other configuration files and administrative scripts when trying to discover credentials. OverWatch has also observed attackers using newer techniques. For example, in one case, an attacker deployed SSH daemons via a backdoor that was capable of logging credentials.

Cyber attackers also often use web-based login pages. They are modified in such a way that the login information can also be stored for later retrieval. Thus, hackers are no longer under time pressure for their initial access. So-called web shells also make it possible to manage multiple victim networks via a single interface. This leads to the very real danger of multiple attacks being launched simultaneously by one hacker group.

This is because the effort required to carry out operations is thus considerably reduced for the attackers. In addition, web shells can be used because of their simplicity and cross-platform compatibility or in different web server environments. With all these tools, actors manage to know when, how, and where call details and SMS messages are forwarded and recorded in order to strike.

Collateral damage from hacker attacks
To disguise their true goals and intentions, attackers often carry out very large-scale data exfiltrations. In reality, however, they are often only interested in specific information from very few people. The damage caused is therefore often immense. It is therefore all the more important to identify and stop the attackers. However, this undertaking is often more difficult than expected, because criminals often have extensive knowledge of a target network and are therefore difficult to distinguish from legitimate administrators.

A comprehensive cyber defence that also detects and successfully defends against these activities is therefore indispensable, especially for critical infrastructures. To successfully counter the tactics and techniques of modern attackers, it is advisable to rely not only on the latest technologies but also on human know-how and active threat hunting.  These specialists tirelessly search for novel and anomalous tactics, techniques and procedures (TTPs) of attackers that remain undetected by technical detection measures and stop them as soon as they are identified.

Continue Reading

Cyber Security

ESET Presents Plans for ESET Campus

Published

on

ESET has unveiled its plans for the previously announced ESET Campus – an innovation and technology hub based in its headquarters city, Bratislava, Slovakia. The 55,000 m2 campus designed by world-renowned architectural studio BIG-Bjarke Ingels Group will house the company’s new headquarters and will become a center of excellence, creating strong cybersecurity, AI, and innovation ecosystem for Slovakia and Central Europe.

Reflecting the shifting post-pandemic working patterns and the wishes of its employees, ESET Campus is being built to be fit-for-purpose for employees, customers and partners, and their business needs. The Campus’ core function for being a welcoming work environment is going to be supported by a whole array of facilities and amenities for ESET and the local community. Richard Marko, Chief Executive Officer for ESET, said: “I envision the ESET Campus as a creative hub where bold cybersecurity solutions come to life so that we all can enjoy the vast potential of advanced technologies.  By building an inclusive, diverse, green, and collaborative workplace fit for the future, we are addressing the pressing needs of our employees, customers, partners, and our communities. We will continue our strong alignment with societal needs in order to support science, education, and innovation.”

ESET campus will be built on the principles of functionality and ecology by being sustainably built, sustainably operating, and responsibly reporting on its results. The business has already taken the first step towards reporting on its carbon footprint which has seen a 40 percent decrease in carbon emissions in 2020. Palo Luka, Chief Operating Officer for ESET, said: “We think it’s crucial for ESET to lead by example in innovation and technology We want to ensure that our ESET Campus houses the latest technologies and clever and efficient solutions to achieve the highest levels of sustainability. We will aim for a carbon-neutral campus operation, but we’ve got an ambition to also reduce the embodied carbon by building it in the most carbon-neutral way possible, and we hope our partnership with architectural firm BIG will help us achieve this.”

Bjarke Ingels, the founding partner of BIG, presented the finalized plans to the city officials and the public in Bratislava on Wednesday 24th November at a press conference. Ingels said: “The new ESET HQ materializes the brief and challenge we got from the ESET leadership as literally as possible – the architecture is not only ecologically and economically sustainable, it is also socially sustainable: rather than a single hermetic entity, we have dissolved the new campus into a series of buildings framing a central square. An abundance of public spaces, pathways and human-scale pavilions welcome ESET employees, university students, and citizens of Bratislava to gather, exchange knowledge and enjoy. The architecture of the campus can expand organically over time but also feels as a single unified identity that is open, integrated, and accessible to the community from day one. We’re excited for the new ESET HQ to be part of the city’s transformation towards a more engaging public realm and we believe the new ESET HQ has the true potential to become the seed for a new innovation district the city deserves.”

Continue Reading

Cyber Security

Dragos to Open New Office in Dubai in Q1 2022

Published

on

Dragos today announced an accelerated expansion in the United Arab Emirates to provide organizations in the region with more direct access to its industrial cybersecurity technology and services so they can respond more quickly to threats, while also developing and training ICS/OT cybersecurity talent to ensure worldwide customer success. The expansion includes a new office in Dubai, which has a planned opening in Q1 2022.

The expansion aligns with the UAE’s cybersecurity strategy established by the Telecommunications and Digital Government Regulatory Authority. Dragos addresses the burgeoning global market for ICS/OT cybersecurity solutions and meets the cybersecurity needs of critical infrastructure organizations in all regions and of any size or complexity.

Within the UAE, Dragos is already protecting the industrial environments of a number of companies, enabling them to maintain comprehensive asset visibility, assess OT-specific threats and vulnerabilities, and respond to threats based on the latest threat intelligence. Their use of Dragos allows them to minimise risk to plant operations and improve security, while also meeting regulatory compliance requirements.

“Many industrial organizations in the UAE are leading the way with digital transformation and recognizing that ICS/OT cybersecurity is more critical than ever in a hyperconnected world,” said Robert M. Lee, Chief Executive Officer and Co-Founder of Dragos, Inc. “We are excited to make ICS/OT cybersecurity expertise and technology more accessible to organizations in the UAE as well as to partner with organizations and local ICS/OT cybersecurity practitioner communities here to help grow a needed pool of talented cybersecurity practitioners.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.