Connect with us

Market Research

FortiGuard Labs Predicts the Convergence of Advanced Persistent Threat Methods with Cybercrime

Published

on

Fortinet has unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the cyber threat landscape for the next 12 months and beyond. From quickly evolving Cybercrime-as-a-Service (CaaS)-fueled attacks to new exploits on nontraditional targets like edge devices or online worlds, the volume, variety, and scale of cyber threats will keep security teams on high alert in 2023 and beyond.

Derek Manky, Chief Security Strategist and VP for Global Threat Intelligence, FortiGuard Labs said, “As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction. They are not just targeting the traditional attack surface but also beneath it, meaning both outside and inside traditional network environments. At the same time, they are spending more time on reconnaissance to attempt to evade detection, intelligence, and controls. All of this means cyber risk continues to escalate, and CISOs need to be just as nimble and methodical as the adversary. Organizations will be better positioned to protect against these attacks with a cybersecurity platform integrated across networks, endpoints, and clouds to enable automated and actionable threat intelligence, coupled with advanced behavioral-based detection and response capabilities.”

Success of RaaS is a Preview of What Is to Come with CaaS
Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available as a service through the dark web to fuel a significant expansion of Cybercrime-as-a-Service. Beyond the sale of ransomware and other Malware-as-a-Service offerings, new a la carte services will emerge. CaaS presents an attractive business model for threat actors. With varying skill levels they can easily take advantage of turnkey offerings without investing the time and resources upfront to craft their own unique attack plan.

And for seasoned cybercriminals, creating and selling attack portfolios as-a-service offers a simple, quick, and repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams. In addition, threat actors will also begin to leverage emerging attack vectors such as deepfakes, offering these videos and audio recordings, and related algorithms more broadly for purchase.

One of the most important methods to defend against these developments is cybersecurity awareness education and training. While many organizations offer basic security training programs for employees, organizations should consider adding new modules that provide education on spotting evolving methods such as AI-enabled threats.

Reconnaissance-as-a-Service Models Could Make Attacks More Effective
Another aspect of how the organized nature of cybercrime will enable more effective attack strategies involves the future of reconnaissance. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organization’s security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack.

Attacks fueled by CaaS models mean stopping adversaries earlier during reconnaissance will be important. Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organizations know the enemy and gain an advantage.

Money Laundering Gets a Boost from Automation to Create LaaS
To grow cybercriminal organizations, leaders, and affiliate programs employ money mules who are knowingly or unknowingly used to help launder money. The money shuffling is typically done through anonymous wire transfer services or through crypto exchanges to avoid detection. Setting up money mule recruitment campaigns has historically been a time-consuming process, as cybercrime leaders go to great lengths to create websites for fake organizations and subsequent job listings to make their businesses seem legitimate.

Cybercriminals will soon start using machine learning (ML) for recruitment targeting, helping them to better identify potential mules while reducing the time it takes to find these recruits. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace. Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organizations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds.

Looking outside an organization for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and help gain contextual insights on current and imminent threats before an attack takes place.

Virtual Cities and Online Worlds Are New Attack Surfaces to Fuel Cybercrime
The metaverse is giving rise to new, fully immersive experiences in the online world, and virtual cities are some of the first to foray into this new version of the internet-driven through augmented reality technologies. Retailers are even launching digital goods available for purchase in these virtual worlds. While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in unchartered territory.

For example, an individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers. Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, NFTs, and any currencies used to transact offer threat actors yet another emerging attack surface. Biometric hacking could also become a real possibility because of the AR and VR-driven components of virtual cities, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans and then use them for malicious purposes.

In addition, the applications, protocols, and transactions within these environments are also possible targets for adversaries. Regardless of work-from-anywhere, learning-from-anywhere, or immersive experiences-from-anywhere, real-time visibility, protection, and mitigation is essential with advanced endpoint detection and response (EDR) to enable real-time analysis, protection, and remediation.

Commoditization of Wiper Malware Will Enable More Destructive Attacks
Wiper malware has made a dramatic comeback in 2022, with attackers introducing new variants of this decade-old attack method. According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe. Its growth in prevalence is alarming because this could be just the start of something more destructive.

Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today.

This makes time for detection and the speed at which security teams can remediate paramountly. Using AI-powered inline sandboxing is a good starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.

What These Attack Trends Mean for Cybersecurity Professionals
The world of cybercrime and the attack methods of cyber adversaries, in general, continue to scale at great speed. The good news is that many of the tactics they are using to execute these attacks are familiar, which better positions security teams to protect against them.

Security solutions should be enhanced with machine learning (ML) and artificial intelligence (AI) so they can detect attack patterns and stop threats in real-time. However, a collection of point security solutions is not effective in today’s landscape. A broad, integrated, and automated cybersecurity mesh platform is essential for reducing complexity and increasing security resiliency. It can enable tighter integration, improved visibility, and more rapid, coordinated, and effective response to threats across the network.

Cyber Security

Cisco Talos Report: Business Email Compromise Soars in Q1 2024

Published

on

Cisco has unveiled key insights into the cybersecurity landscape in the first quarter of this year. The Talos Incident Response (IR) Quarterly Trends (Q1 2024) report, developed by Cisco Talos Intelligence Group, aims to help organizations arm themselves against the most common cyber threats.

Business Email Compromise on the Rise
The report indicates that for the first time in several quarters, business email compromise (BEC) emerged as the most common threat in Q1 2024. BEC made up 46 per cent of all Cisco Talos IR engagements in the first quarter, a significant spike from Q4 2023. Adversaries use this tactic to disguise themselves as legitimate members of a business and send phishing emails to other employees or third parties, often pointing to a malicious payload or engineering a scheme to steal money.

Weaknesses in Multi-Factor Authentication Persist
In Q1 2024, Cisco’s security researchers discovered a new phishing kit called Tycoon 2FA that bypasses multi-factor authentication (MFA). This has since become one of the most widespread phishing kits, although it has yet to appear in any Talos IR engagements. Overall, attackers were frequently trying to bypass MFA on endpoint detection and response (EDR) solutions to disable their alerting mechanisms.

Weaknesses involving MFA were observed within nearly half of the engagements, with the top weakness being users accepting unauthorized push notifications, occurring within 25 per cent of engagements. The lack of proper MFA implementation followed closely, accounting for 21 percent of engagements.

New Variants of Ransomware Enter the Fold
Incidences of ransomware, which was the top threat in the last quarter of 2023, decreased by 11 per cent, representing 17 per cent of engagements. In Q1 2024, Talos IR responded to new variants of Phobos and Akira ransomware for the first time, in addition to the previously seen LockBit and Black Basta ransomware operations.

A recent engagement suggests that Akira has returned to using encryption as an additional extortion method, now deploying a multipronged attack strategy to target Windows and Linux machines. Cisco’s security researchers also observed a variety of other threats, including data theft extortion, brute-force activity targeting virtual private network (VPN) infrastructure, and the previously seen commodity loader malware Gootloader.

Manufacturing Remains a Popular Target
Continuing the trend from Q4 2023, manufacturing was the most targeted vertical by attackers in the first quarter, accounting for 21 per cent of the total incident response engagements, closely followed by education. Healthcare, public administration, and technology are tied for the third spot. The report noted a 20 per cent increase in manufacturing engagements from the previous quarter.

The manufacturing sector faces unique challenges due to its inherently low tolerance for operational downtime. Q1 2024 witnessed a wide range of threat activity targeting manufacturing organizations, including financially motivated attacks, such as BEC and ransomware, and brute-force attacks on VPNs.

Evolving Cyberattack Techniques
The most frequent means of gaining initial access was the use of compromised credentials on valid accounts, which made up 29 percent of engagements, a 75 percent increase from Q4 2023. The use of email hiding inbox rules was the top observed defense evasion technique, representing 21 percent of engagements, which was likely due to the increase in BEC and phishing.

Fady Younes, Managing Director for Cybersecurity at Cisco Middle East & Africa, says, “We have seen significant changes in the way attackers approach their malicious activities since last year. In this complex landscape full of rapidly evolving threats, a holistic digital security strategy that focuses on proactive cybersecurity measures is of critical importance. At Cisco, we are leveraging cutting-edge technologies, including AI, to help organizations embed advanced security controls across their infrastructure to prevent, detect, and effectively respond to all forms of cyberattacks.”

The implementation of MFA and a single sign-on system ensures only trusted parties can access corporate email accounts to prevent the spread of BEC. Lack of MFA remains among the biggest impediments for enterprise security. All organizations should implement some form of MFA, such as Cisco Duo. Meanwhile, EDR solutions like Cisco Secure Endpoint can detect malicious activity on organizations’ networks and machines. In addition, Cisco’s Snort and ClamAV signatures can block many well-known ransomware families distributed in Q1 2024, such as Black Basta and Akira.

Continue Reading

Cyber Security

Can Quantum Computers Be Hacked? New Research Identifies Top Threats

Published

on

The study was presented during the cyber festival Positive Hack Days 2 taking place on May 23–26 at the Luzhniki sports complex in Moscow

Reporting from Moscow, Russia: Gartner predicts nearly half of large enterprises will be exploring it by 2025, and investment is surging (reaching a record $2.35 billion in 2023 according to McKinsey). But this exciting field isn’t just attracting legitimate players. A new study by Positive Technologies, QBoard, QApp, and the Russian Quantum Center highlights the top cybersecurity threats to quantum technologies. Information theft, software vulnerabilities, and attacks targeting the quantum internet are the most concerning areas.

The study identifies five key vulnerabilities, with the first four targeting quantum computers specifically and the final one impacting quantum communication channels:

  1. Physical threats related to the instability and sensitivity of qubits (quantum bits). Experts believe that attackers can carry out denial-of-service (DoS) attacks: for example, by heating up quantum computers and causing interference to corrupt data. At present, such attacks are possible because the equipment is highly sensitive to the external environment, which may allow attackers to cause equipment malfunction.
  2. Theft of confidential information. Experts predict that the stolen results of quantum computing will be highly valued by attackers, as the quantum systems and the calculations based on them are very expensive.
  3. Vulnerabilities in software designed for quantum computing will also pose a serious threat. They have already been found in some underlying solutions. For example, two high-severity vulnerabilities have been discovered in the NVIDIA cuQuantum Appliance: CVE-2023-36632 and CVE-2018-20225. Another high-severity vulnerability was found in the Quantum Development Kit library for Visual Studio Code: CVE-2021-27082. In the future, the exploitation of quantum software vulnerabilities could lead to leakage of sensitive information, hijacking of hardware resources, and disabling equipment.
  4. Threat to cloud computing. The development of cloud-based quantum solutions is likely to encourage attackers to actively search for vulnerabilities in solutions of various vendors and attack IT companies that provide quantum-based services. Typical cyber threats here include improper configuration of cloud services, vulnerabilities in cloud services, insecure data storage, insecure data processing by service providers, and denial-of-service attacks. These issues also pose a threat to Quantum Computing-as-a-Service (QCaaS) infrastructures.
  5. Attacks against the quantum internet. Attacks against the quantum internet pursue goals similar to those of attacks on conventional networks: stealing information, disrupting the integrity or availability of quantum nodes or quantum networks, and hijacking quantum connections or computational resources.

“The emergence of a truly powerful quantum computer, capable of solving mathematical problems that are unsolvable today, will take the race between the tech giants to a new level. Computation results will become more valuable to competitors and hackers alike. And safeguarding the results of quantum computing will be a major function of cybersecurity,” comments Ekaterina Snegireva, Senior Analyst at Positive Technologies. “The usual race between cyberattackers and defenders will also move to a new level with the advent of quantum computers.”

According to the experts, the threats to post-quantum cryptography are no less significant. As noted in the study, the “store now, decrypt later” tactic will allow attackers to decrypt the stolen data in the future, using a more powerful quantum computer. As a result, a lot of sensitive data is already at risk. To protect themselves, some companies are starting to implement the so-called post-quantum cryptography methods.

“Quantum technologies will enter a phase of complex development efforts in 2025–2030 and beyond. New high-tech products and services will be created by combining quantum technology with adjacent and complementary technologies such as biomedical engineering, new materials, artificial intelligence, and more. These products and services are expected to be implemented in the high-priority sectors of the economy,” says Yaroslav Borisov, Head of New Projects at Kvant Joint Venture, LLC. “As a result, a new high-tech industry will emerge, offering market-driven solutions, products, and services for various needs, including cybersecurity.”

“Due to the rapid development of quantum technologies and the emergence of the quantum industry, we must start thinking about their possible implications as soon as possible,” mentions Aleksey Fedorov, Head of the Science Team at the Russian Quantum Center. “Along with obvious advantages, quantum computers create a threat to information infrastructures which are based on conventional cryptographic algorithms. Now is the time to embrace quantum-resistant solutions. In addition, quantum computing services themselves may be targeted, given their importance for various tasks. To fully integrate quantum computing into business processes, we need to anticipate possible attack scenarios and eliminate weaknesses that would enable such attacks.”

“Middleware and end-user software based on post-quantum algorithms can improve the cybersecurity of a wide range of solutions, including those leveraging quantum technologies. Technology synergies with quantum communications solutions have been identified and are being tested, and work is underway in other areas,” comments Anton Guglya, CEO of QApp.

However, due to the high variability of emerging quantum tech-based products, there are currently no comprehensive cybersecurity tools for quantum technology in the market. Some vendors, including Positive Technologies, see the launch of new bug bounty programs to find vulnerabilities in quantum systems as a promising option. Another important step for the future of cybersecurity is quantum key distribution. Many research centres are now working on this concept, with the expectation of creating more secure communication channels.

Continue Reading

Market Research

BeyondTrust Releases 2024 Microsoft Vulnerabilities Report

Published

on

BeyondTrust, the worldwide leader in intelligent identity and access security, has announced the release of the 2024 Microsoft Vulnerabilities Report. Produced annually by BeyondTrust, this report analyzes data from security bulletins publicly issued by Microsoft throughout the previous year and provides valuable information to help organizations understand, identify, and address the risks within their Microsoft ecosystems.

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities, which apply to one or more Microsoft products. Microsoft typically groups vulnerabilities into these main categories: Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Denial of Service (DDoS), Spoofing, Tampering, and Security Feature Bypass. This year’s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks, spotlighting some of the most significant CVEs of 2023 (9.0+ CVSS severity scores).

Total and critical vulnerabilities demonstrated some of the most consistent data, year over year, since this report’s debut, a strong indicator that overall long-term security efforts are paying off. This may also reflect that attackers are increasingly re-focusing their efforts on exploiting identities, rather than Microsoft software vulnerabilities.

  1. After hitting an all-time high in 2022, total vulnerabilities continue their 4-year holding pattern near their highest-ever numbers in 2023, remaining between 1,200 and 1,300 (since 2020).
  2. Elevation of Privilege vulnerability category continues to dominate, accounting for 40% (490) of the total vulnerabilities in 2023.
  3. Denial of Service vulnerabilities climbed 51% to hit a record high of 109 in 2023, with Spoofing demonstrating a dramatic 190% increase, from 31 to 90.
  4. The total number of critical vulnerabilities continues its downward trend, but slows its descent, dropping by 6% to 84 in 2023 (5 less than in 2022).
  5. After Microsoft Azure & Dynamics 365 vulnerabilities skyrocketed in 2022, they almost halved in 2023 – down from 114 to 63.
  6. Microsoft Edge experienced 249 vulnerabilities in 2023, only one of which was critical.
  7. There were 522 Windows vulnerabilities in 2023, 55 of which were critical.
  8. Microsoft Office experienced 62 vulnerabilities in 2023.
  9. Windows Server category had 558 vulnerabilities in 2023, 57 of which were critical.

“This report continues to highlight the need to keep improving security, not only at Microsoft but also for all organizations who are looking to better manage cyber risks in the context of an evolving threat landscape,” said James Maude, Director of Research at BeyondTrust. “This year’s report was a prime illustration of the modern identity threat landscape. The continued domination of Elevation of Privilege as the most common category of vulnerability, and the identity crisis highlighted at the end of the report, underscore the importance of privilege and the timeless security concept of least privilege. It also emboldens BeyondTrust’s mission to provide the broadest level of visibility and protection of paths to privilege.”

Despite overall stability in the Microsoft vulnerabilities data, the report’s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent:

  1. Vulnerabilities and unpatched systems will continue to provide threat actors with a means of attack.
  2. Expanding Microsoft technologies will continue to introduce new attack surfaces.
  3. Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft’s systems.
  4. Investments in research and security practices will continue to shift the way threat actors gain their foothold, as it becomes easier to steal an identity to gain access than to exploit a vulnerability.

Despite predicting an increase in the volume and sophistication of identity-based attacks, this year’s report shows once again that long-standing, foundational security principles like least privilege will continue to offer the best line of defence—even against modern threats—and that the organisations that successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow’s threats.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.