Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

105 previous two quarters. There was also increasing overlap between the most-widespread malware detections affecting individual networks and the most prolific malware by volume, with three threats found in both lists. Finally, multiple popular backdoor shell scripts (including both the Backdoor.Small.DT and Trojan.GenericKD tools from the Kali Linux penetration testing/ethical hacking suite) appeared for the first time in the list of top malware attacks, possibly showing that hackers are leveraging Kali Linux more often. Network Attacks Explode Network attacks more than doubled from Q1 to Q2 2019. This was the largest percent increase we’ve seen since 2017. Two attacks debuted on the top 10 list: EXPLOIT Nodejs js-yaml load() and WEB Directory Traversal -4. The former accounted for 2.9% of all network attacks by volume and exploits a vulnerability in the YAML markup language package JS-YAML for Node.js. Specifically, it exploits how the library parses a custom data type, which results in remote code execution. The latter network attack, WEB Directory Traversal -4, allows web users to escape a web server’s root directory and potentially gain access to any file on the computer system. The most common target is the “/etc/passwd” file, which is the file storing user login credentials. Granted the passwords are normally hashed, but attackers can still attempt to crack the hashes and obtain legitimate user login credentials. A final startling discovery was the 1,288.39% increase in WEB SQL injection attempt -33 attacks from Q1. A yearly comparison to Q2 2018 shows that same attack at an enormous 29,149.23% increase! DNS-Level Attacks Leverage Legitimate Content Delivery Networks The Threat Lab’s research found multiple malware campaigns using popular content delivery networks (CDNs) like CloudFront and CloudFlare to prevent detection by anti-malware services that only look at the root domain of a questionable URL. These fell into three categories: malware domains, which are web sites outright hosting malware; compromised domains, which are web sites that threat actors exploited to host their own malicious JavaScript code; and phishing domains, where threat actors direct users to spoofed login screens to harvest their credentials. Our research found malware domains at dc44qjwal3p07[.]cloudfront[.]net and d3i1asoswufp5k[.]cloudfront[.]net. Phishing domains were identified at ec2-18-224-214-207[.]us-east-2[.] compute[.]amazonaws[.]com and usd383orgmy[.]sharepoint[.]com. Security Incidents Making Headlines in Q2 2019 On May 7, 2019 the Baltimore Department of Public Works suffered a major ransomware attack. Adding to the agony, five days into the city’s downtime the alleged threat actor started openly mocking the city on Twitter! Researchers identified the malware as RobbinHood and the perpetrator set the ransom at around $75,000. In the end, the City of Baltimore needed to rebuild many critical systems, which had a major impact on worker productivity. Total estimated damages reached $17 million. This is a prime example of the importance of deploying and testing backup solutions!
106 The Threat Lab team also analyzed an MSP attack that targeted a specific piece of IT management software. In this attack, the perpetrator leveraged weak, stolen or leaked credentials to gain administrative access to the MSP’s copy of this management tool. From there, the attackers targeted exposed remote management services. Once in, they exploited the MSPs’ own tools to infect their customer base. Based on this and other MSP attacks from Q2 and Q1 2019, it is clear attackers are specifically targeting MSPs to reach their customer bases. This attack could have been prevented with better password security (since the attacker leveraged a legitimate admin password), user training or use of multi-factor authentication. What Are Some Key Lessons From Q2’19? In summary, no target is too small. It’s no longer a matter of “if,” but “when” a target will get hacked. Remember, many attacks can be thwarted simply by deploying authentication and MFA solutions (specifically, MSPs should be hardening their management tools with MFA). Furthermore, due to the increased sophistication of ransomware attacks, backup solutions should be mandatory. And don’t simply create backups – test and verify them. As an extra precaution, use URL and domain filtering services to help defang malicious links. Above all, implement effective user training to help employees recognize and respond to phishing and ransomware attacks. The stakes are higher than ever before, and user training should be at the forefront of any organization’s standard operating procedure. About the Author Emil Hozan is a Security Analyst at WatchGuard Technologies, focused on network security. Emil’s responsibilities include quantifying threat data for WatchGuard’s quarterly Internet Security Report, contributing to WatchGuard’s security blog Secplicity, analyzing trends in network and malware attacks, sandboxing and testing new products and exploits, and reverse engineering malware samples Emil can be reached online at https://www.secplicity.org/author/ehozan/ and at our company website https://www.watchguard.com/.
Page 1 and 2:
1 8 Most Common Cybersecurity Mista
Page 3 and 4:
2
Page 5 and 6:
4 The Internet Got Safer In 2019: A
Page 7 and 8:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10:
8
Page 11 and 12:
10
Page 13 and 14:
12
Page 15 and 16:
14
Page 17 and 18:
16
Page 19 and 20:
18
Page 21 and 22:
20 8 Most Common Cybersecurity Mist
Page 23 and 24:
22 You can prevent (or decrease) th
Page 25 and 26:
24 While it’s not feasible to res
Page 27 and 28:
26 The major difference is the addi
Page 29 and 30:
28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32:
30 • Conduct cybersecurity traini
Page 33 and 34:
32 Persistent Cybersecurity Industr
Page 35 and 36:
34 Automation is welcome and seen a
Page 37 and 38:
36 Protecting Against Modern Cybera
Page 39 and 40:
38 Conclusion Unfortunately, no tec
Page 41 and 42:
40 For 2020 The Death of Traditiona
Page 43 and 44:
42 The Next Five Years The End of E
Page 45 and 46:
44 Government Agencies Are Prime Ta
Page 47 and 48:
46 It’s a basic fact of contempor
Page 49 and 50:
48 simpler way to approach these pr
Page 51 and 52:
50 Why Outsmart Cyber Attackers Whe
Page 53 and 54:
52 Depending on how you look at it,
Page 55 and 56: 54 devices. Russian actors can extr
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89 and 90: 88 Automatic for The SOC People How
Page 91 and 92: 90 Allows Transparency and Drive Le
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98: 96 After suffering a cyber attack m
Page 99 and 100: 98 Some of the most damaging Inside
Page 101 and 102: 100 Out-Smarting the Cybersecurity
Page 103 and 104: 102 Empower Other Teams Network and
Page 105: 104 New Security Report Highlights
Page 109 and 110: 108 Drive, AWS, Office 365, etc. It
Page 111 and 112: 110 former governor, this bill also
Page 113 and 114: 112 I mean, if you want to be able
Page 115 and 116: 114 Is It Safe to Connect to Public
Page 117 and 118: 116 5. Safe Browsing Additional dil
Page 119 and 120: 118 flawed method in which Evernote
Page 121 and 122: 120 Really, Imagine a Day Without W
Page 123 and 124: 122
Page 125 and 126: 124
Page 127 and 128: 126
Page 129 and 130: 128
Page 131 and 132: 130
Page 133 and 134: 132
Page 135 and 136: 134
Page 137 and 138: 136
Page 139 and 140: 138 Meet Our Publisher: Gary S. Mil
Page 141 and 142: 140 Free Monthly Cyber Defense eMag
Page 143 and 144: 142
Page 145 and 146: 144
Page 147 and 148: 146 Nearly 8 Years in The Making…
Page 149 and 150: 148
Page 151: 150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?