Connect with us

Market Research

FortiGuard Labs Predicts the Convergence of Advanced Persistent Threat Methods with Cybercrime

Published

on

Fortinet has unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the cyber threat landscape for the next 12 months and beyond. From quickly evolving Cybercrime-as-a-Service (CaaS)-fueled attacks to new exploits on nontraditional targets like edge devices or online worlds, the volume, variety, and scale of cyber threats will keep security teams on high alert in 2023 and beyond.

Derek Manky, Chief Security Strategist and VP for Global Threat Intelligence, FortiGuard Labs said, “As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction. They are not just targeting the traditional attack surface but also beneath it, meaning both outside and inside traditional network environments. At the same time, they are spending more time on reconnaissance to attempt to evade detection, intelligence, and controls. All of this means cyber risk continues to escalate, and CISOs need to be just as nimble and methodical as the adversary. Organizations will be better positioned to protect against these attacks with a cybersecurity platform integrated across networks, endpoints, and clouds to enable automated and actionable threat intelligence, coupled with advanced behavioral-based detection and response capabilities.”

Success of RaaS is a Preview of What Is to Come with CaaS
Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available as a service through the dark web to fuel a significant expansion of Cybercrime-as-a-Service. Beyond the sale of ransomware and other Malware-as-a-Service offerings, new a la carte services will emerge. CaaS presents an attractive business model for threat actors. With varying skill levels they can easily take advantage of turnkey offerings without investing the time and resources upfront to craft their own unique attack plan.

And for seasoned cybercriminals, creating and selling attack portfolios as-a-service offers a simple, quick, and repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams. In addition, threat actors will also begin to leverage emerging attack vectors such as deepfakes, offering these videos and audio recordings, and related algorithms more broadly for purchase.

One of the most important methods to defend against these developments is cybersecurity awareness education and training. While many organizations offer basic security training programs for employees, organizations should consider adding new modules that provide education on spotting evolving methods such as AI-enabled threats.

Reconnaissance-as-a-Service Models Could Make Attacks More Effective
Another aspect of how the organized nature of cybercrime will enable more effective attack strategies involves the future of reconnaissance. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organization’s security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack.

Attacks fueled by CaaS models mean stopping adversaries earlier during reconnaissance will be important. Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organizations know the enemy and gain an advantage.

Money Laundering Gets a Boost from Automation to Create LaaS
To grow cybercriminal organizations, leaders, and affiliate programs employ money mules who are knowingly or unknowingly used to help launder money. The money shuffling is typically done through anonymous wire transfer services or through crypto exchanges to avoid detection. Setting up money mule recruitment campaigns has historically been a time-consuming process, as cybercrime leaders go to great lengths to create websites for fake organizations and subsequent job listings to make their businesses seem legitimate.

Cybercriminals will soon start using machine learning (ML) for recruitment targeting, helping them to better identify potential mules while reducing the time it takes to find these recruits. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace. Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organizations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds.

Looking outside an organization for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and help gain contextual insights on current and imminent threats before an attack takes place.

Virtual Cities and Online Worlds Are New Attack Surfaces to Fuel Cybercrime
The metaverse is giving rise to new, fully immersive experiences in the online world, and virtual cities are some of the first to foray into this new version of the internet-driven through augmented reality technologies. Retailers are even launching digital goods available for purchase in these virtual worlds. While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in unchartered territory.

For example, an individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers. Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, NFTs, and any currencies used to transact offer threat actors yet another emerging attack surface. Biometric hacking could also become a real possibility because of the AR and VR-driven components of virtual cities, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans and then use them for malicious purposes.

In addition, the applications, protocols, and transactions within these environments are also possible targets for adversaries. Regardless of work-from-anywhere, learning-from-anywhere, or immersive experiences-from-anywhere, real-time visibility, protection, and mitigation is essential with advanced endpoint detection and response (EDR) to enable real-time analysis, protection, and remediation.

Commoditization of Wiper Malware Will Enable More Destructive Attacks
Wiper malware has made a dramatic comeback in 2022, with attackers introducing new variants of this decade-old attack method. According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe. Its growth in prevalence is alarming because this could be just the start of something more destructive.

Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today.

This makes time for detection and the speed at which security teams can remediate paramountly. Using AI-powered inline sandboxing is a good starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.

What These Attack Trends Mean for Cybersecurity Professionals
The world of cybercrime and the attack methods of cyber adversaries, in general, continue to scale at great speed. The good news is that many of the tactics they are using to execute these attacks are familiar, which better positions security teams to protect against them.

Security solutions should be enhanced with machine learning (ML) and artificial intelligence (AI) so they can detect attack patterns and stop threats in real-time. However, a collection of point security solutions is not effective in today’s landscape. A broad, integrated, and automated cybersecurity mesh platform is essential for reducing complexity and increasing security resiliency. It can enable tighter integration, improved visibility, and more rapid, coordinated, and effective response to threats across the network.

Cyber Security

Kaspersky Reports Growth in Gamer Cyberattacks in 2023

Published

on

The global gaming community, which currently accounts for nearly half of the world’s population, has found itself increasingly under fire by cybercriminals, according to a comprehensive investigation by Kaspersky. In the period spanning from July 2022 to July 2023, the cybersecurity company discovered the growing vulnerability of the gaming user base. Cybercriminals exploited this vast community to access personal data, launching a range of attacks, including web vulnerabilities, Distributed Denial of Service (DDoS) attacks, cryptocurrency mining, and complex Trojan or phishing campaigns.

In the period from July 1, 2022, to July 1, 2023, Kaspersky’s solutions detected a substantial 4,076,530 attempts to download 30,684 unique files masked as popular games, mods, cheats, and other game-related software. These incidents affected 192,456 users worldwide. These files – primarily classified as unwanted software and often labelled as not-a-virus:Downloader (89.7%), – are not innately perilous, but they are capable of downloading various other programs, even malicious ones, onto the user’s device. Adware (5.3%) and Trojans (2.4%) were also noteworthy threats to desktop gamers.

Minecraft emerged as the favoured target among cybercriminals, responsible for triggering 70.3% of all alerts. The threats using Minecraft as bait impacted 130,619 players across the globe during the reporting period. Roblox was the second most targeted game title, contributing to 20.4% of all alerts affecting 30,367 users. Counter-Strike: Global Offensive (4.8%), PUBG (2.9%), Hogwarts Legacy (0.6%), DOTA 2 (0.5%), and League of Legends (0.3%) were also among the prominent games subjected to cyber threats.

The mobile gaming community, which, according to the Newzoo 2023 report consists of over three billion gamers or nearly 40% of the world’s population, is characterized by its significant growth and accessibility and has become an enticing target for cybercriminals. Between July 1, 2022, and July 1, 2023, Kaspersky documented 436,786 attempts to infect mobile devices, impacting 84,539 users.

Various game titles were employed as bait to target mobile gamers. Minecraft enthusiasts once again were the primary targets, as 90.4% of attacks focused on the 80,128 gamers who fell victim. Indonesian users in particular faced exploitation through Minecraft, resulting in a Trojan.AndroidOS.Pootel.a attack, discreetly registering mobile subscriptions. Iran witnessed the highest prevalence of these attacks, with 140,482 alerts impacting 54,467 Minecraft players.

PUBG: Battlegrounds Battle Royale, was the second most exploited mobile game among cybercriminals, accounting for 5.09% of all alerts, with the majority of incidents originating from Russian Federation users. Roblox (3.33%) ranked third in terms of detections but second in the number of affected users.

A noteworthy discovery involves the emergence of SpyNote, a spy Trojan distributed among Roblox users on the Android mobile platform under the guise of a mod. This Trojan exhibits various spying capabilities, including keylogging, screen recording, video streaming from phone cameras, and the ability to impersonate Google and Facebook applications to deceive users into divulging their passwords.

Phishing and counterfeit distribution pages continue to pose a significant threat to gamers. Malicious and undesired software often masquerades as popular games, disseminated through third-party websites offering pirated versions. These deceptive pages typically display inflated download counts, potentially misleading users into a false sense of security. Nonetheless, clicking the download button typically results in an archive that may contain harmful or unrelated elements, diverging from the promised content.

“In the dynamic gaming industry, which hosts a wealth of personal and financial data, cybercriminals are seizing enticing opportunities. They exploit gaming accounts by pilfering in-game assets, and virtual currency, and selling compromised gaming accounts, often with real-world value. The relentless pursuit of personal data has led to a surge in ransomware attacks, even affecting professional gamers who depend on uninterrupted play. This underscores the critical need for enhanced cybersecurity awareness within the gaming community,” comments Vasily Kolesnikov, a cybersecurity expert at Kaspersky.

To stay safe while gaming, here are some recommendations:

  • It is safer to download your games from official stores like Steam, Apple App Store, Google Play or Amazon Appstore only. Games from these markets are not 100 % secure, but at least they are checked by store representatives and there is some kind of screening process: not every app can be made available in these stores.
  • If you wish to buy a game that is not available through the main stores, purchase it from the official website only. Double-check the URL of the website and make sure it is authentic.
  • Beware of phishing campaigns and unfamiliar gamers. Do not open links received by email or in a game chat unless you trust the sender. Do not open files you get from strangers.
  • Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
  • A strong, reliable security solution will be a great help to you, especially if it will not slow down your computer while you are playing, but at the same time, it will protect you from all possible cyber threats.
  • Use a robust security solution to protect yourself from malicious software and its activity on mobile devices.
Continue Reading

Cyber Security

The Average Time to Investigate a Cybersecurity Incident is Around 26.1 Days, says Binalyze

Published

on

With the intricacies of the digital world growing exponentially, the relevance of effective and timely Digital Forensics and Incident Response (DFIR) cannot be overstated. Recognising this need for insight, Binalyze, in collaboration with the global market intelligence firm IDC, is excited to publish a compelling new report: “The State of Digital Forensics and Incident Response 2023”.

Based on an extensive survey conducted in June 2023, the study brings into focus the perspectives of over 100 cybersecurity professionals from five Middle Eastern countries. This diverse respondent pool consists of individuals directly influencing the cybersecurity functions within their organizations, with roles spanning SOC analysts, DFIR professionals, Incident responders, Threat hunters, SOC managers, and Directors.

The key findings of the report are critical for anyone involved in DFIR, from SOC teams to individual analysts and investigators. Report highlights include:

  • According to the research and subsequent analysis, the average time to investigate an incident is approximately 26.1 days, and the time to resolve incidents is an additional 17.1 days.
  • The importance of reducing “detection-to-resolution” times for efficient incident management.
  • The ongoing skills shortage: 81% of respondents identified this as a major challenge.

“Our world thrives on digital connections, but with this connectivity comes vulnerabilities. As the frequency and intensity of cyber threats surge, the importance of DFIR in understanding, mitigating, and learning from these threats is paramount. There is a real and urgent need for forensic visibility at speed and scale. AIR is a game changer here and should be at the centre of all SOCs DFIR effort,” says Ahmet Öztoprak, Senior Sales Director of META at Binalyze.

This report serves as both a wake-up call and a guide. By leveraging the insights from the top cybersecurity professionals in the Middle East, ‘The State of Digital Forensics and Incident Response 2023’ aims to provide companies with the knowledge and solutions they need to combat emerging cyber threats effectively and maintain resiliency.

Continue Reading

Cyber Security

Cybercriminals Used Malware in 7 Out of 10 Attacks on Individuals in the Middle East

Published

on

Positive Technologies analyzed attacks on individuals in Middle Eastern countries between 2022 and 2023. Malware was used in 70% of successful attacks. More than half of these attacks involved spyware. The vast majority of attacks used social engineering techniques. In 20% of phishing campaigns, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously.

“According to our data, cybercriminals employed malware in 7 out of 10 successful attacks on individuals in the Middle East region. More often than not, the attackers infected users’ devices with spyware (three out of five malware attacks). This type of malware collects information from the infected device and then passes it on to the attacker. Depending on the task, spyware can steal personal and financial data, user credentials, as well as files from the device’s memory,” the company said.

Positive Technologies Information Security Research Analyst Roman Reznikov said, “By using spyware, attackers can compromise not only personal and payment information and personal accounts, but also corporate credentials, network connection information, and other sensitive data. The stolen data is then offered for sale on the dark web forums. As a result, a skilled attacker can gain access to an organization and carry out a successful attack, leading to non-tolerable consequences: disruption of technological and business processes, theft of funds, leakage of confidential information, attacks on customers and partners.”

In the vast majority (96%) of successful attacks on individuals in Middle Eastern countries, social engineering techniques were employed. Most often, these were mass attacks in which the criminals aimed to reach the maximum number of victims. To achieve this, they actively leveraged current news about significant global and regional events, including the 2022 FIFA World Cup Qatar.

In every fifth (20%) phishing campaign, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously. Criminals led the victims through a series of steps until the device was infected and data stolen. For instance, users could be lured through social media accounts that contained links to a messenger channel from which the victim would install a malicious application.

One of the reasons for the success of social engineering is the numerous data leaks from various organizations. “According to our research on the cybersecurity threatscape in the Middle East, 63% of successful attacks on individuals in the region resulted in leaks of confidential information. The majority of stolen information consisted of personal data (30%) and account credentials (30%). Cybercriminals were also interested in payment card data (10%) and user correspondence (8%).” the company added.

On the dark web, malicious actors sell information about users and also provide stolen data archives for free. Criminals use the compromised information in subsequent attacks on users. For example, a successful attack on a bank could result in fraudulent actions against its customers. Cybersecurity experts recommend that users follow cyber-hygiene rules.

Companies also need to ensure the security of employee and customer data. Data breaches cause reputational and financial damage and put at risk users whose information has been compromised. To maintain cyber-resilience, it’s essential to regularly assess the effectiveness of security measures and pay special attention to the verification of non-tolerable events.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.