Tag Archive for: vectors

2023 cybercriminals added variety & speed to attack vectors

/in


2023 has been the cybercriminal’s year. Connected devices in sectors like manufacturing and education, the financial industry, the gaming and gambling industry, and the cryptocurrency space were hit by DDoS, malware attacks, kyberoasting, Access Broker advertisements, and DNS attacks. On top of this variety, cybercriminals got faster.

In August 2023, Bloomberg reported a cyberattack on Norway’s government, which exploited a vulnerability linked to a mobile device, lasted at least four months.

Read more: Experts predict India in for cybersecurity woes in 2024

Adam Meyers, head of Counter Adversary Operations at CrowdStrike, says, “In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software.”

When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster, and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes

Adam Meyers, head of Counter Adversary Operations at CrowdStrike

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster, and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”

IoT

According to the ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report, a 400% increase occurred in IoT and OT malware attacks Year-over-Year, underscoring the need for better Zero Trust security to protect critical infrastructures. The manufacturing industry, which relies heavily on both IoT and OT, was the top targeted sector, bearing the brunt of blocked IoT malware attacks, accounting for 54.5% of all attacks and averaging 6,000 weekly attacks across all monitored devices.

Also, the education sector…

Source…

Local Governments Become Unwitting Malware Vectors

/in


The bigger the government is, the bigger the target they are for cyberattacks, but at the same time, the bigger their budget for cyber security.

At the lower end of the scale in Australia are 537 local government authorities, which maintain some of the nation’s most critical infrastructure assets and are also at the most risk of cyberattack.

Increasingly, these local government authorities are monitoring their assets with remote sensors and moving into the world of IoT, but at the same time, they have very little in the way of a cybersecurity posture.

These organizations maintain roads, bridges, water services, and waste collection, which are used every day by a population of more than 20 million Australians.

Disrupting these services would play havoc with the economy’s smooth functioning and present as an easy target for increasingly sophisticated “bad actors”.

Call for help

In recognition of this, Linda Scott, the Australian Local Government Association president, has called for more cybersecurity support for the sector after a series of recent attacks.

The ALGA has asked for AUD10 million in funding to assess “local government’s preparedness to deal with cyber-attacks and data breaches.”

The organization is also seeking the appointment of a dedicated chief information security officer to tighten procedures across the sector.

“Local councils are being targeted by ransomware and other phishing cyber threats with the intention of service disruption and stealing valuable information for monetary gain”

The call came after Isaac regional council, which covers an area north of Rockhampton and south of Mackay in Queensland, confirmed it had experienced a security breach in early April.

Isaac chief executive Jeff Stewart-Harris said the council’s IT systems had been shut down to protect against data theft in the wake of the malicious attack, which was identified as ransomware.

“At this stage, we do not have any evidence of large data uploads out of our system; however, this is still being fully investigated, so it can’t be guaranteed,” Stewart-Harris said.

Isaac Council is working with Dell Incident Response and Recovery Services and the Australian CyberSecurity Centre to…

Source…

Roblox and Discord Become Virus Vectors for New PyPI Malware – The New Stack

/in


If you can communicate on it, you can abuse it. This was proven again recently when a hacker using the name “scarycoder” uploaded a dozen malicious Python packages to PyPI, the popular Python code repository. These bits of code pretended to provide useful functions for Roblox gaming community developers, but all they really did was steal users’ information. So far, so typical. Where it got interesting is it used the Discord messaging app to download malicious executable files.

Snyk developer security researchers found the nasty Python code with their static analysis tools. These poisonous packages were built with PyInstaller. This bundled the malicious application and its dependencies into one package. purpose. PyInstaller served two purposes here. First, it tried to make it harder to detect by incorporating the malicious code in dependencies instead of downloading them from a remote server to the host. Second, this enabled them to provide naive developers with an executable file that didn’t require the safety belt interpreter.

Perfect Storm

Since, as Taylor Ellis, a Customer Threat Analyst for Horizon3ai, an Autonomous pentest startup, said, “Roblox is an online gaming platform where users go to play games or create their own gaming programs. It is highly popular among children, for according to their user base, 67% of Roblox users are under the age of 16.” And, since Roblox players frequently go on Discord to talk with strangers, you’ll have a perfect storm for users’ machines to get infected. These still wet behind the ears developers don’t realize that running an unknown executable is just asking to be hacked.

Ellis added, “Roblox and Discord need to do more to protect the majority of young users on their platforms.” And “Roblox does little to warn their users about the dangers of clicking on malicious links within their platform, which sometimes lead to a malevolent Discord server or external backwater website.”

Easy to Abuse

In the battle between ease of use and security, Roblox and Discord err on the side of making their systems too easy to abuse.

As for the attacks themselves, Snyk observes that the Windows malware targets data that is stored…

Source…

7 old attack vectors cybercriminals still use

/in


Even in today’s age of digital evolution, malicious hackers continue to use attack vectors dating back decades. Research shows notable periods of resurgence relating to certain methods deemed old-fashioned. What this indicates is that while attack specifics can change with time, points of infection, distribution and proliferation can remain and even lead to the most significant of breaches.

“Cybercriminals tend to return to ‘old favorite’ methods of attack, particularly when newer vectors get shut down or become more difficult to execute due to the efforts of law enforcement and security teams,” says Egress Threat Intelligence Vice President Jack Chapman.

Cato Networks Strategic Security Engineer Peter Lee agrees, citing two main reasons why cybercriminals use ‘old school’ attack vectors – economics and target acquisition. “The booming exploit market puts a price tag on everything that attackers throw at their targets and the prices vary enormously, so there’s a strong incentive for attackers to start cheap and work their way up. No need to burn your $2 million iPhone zero-day if you can compromise the same target by exploiting an unpatched web server CVE from 2017. Secondly, improvements in cyber defense across the board have made it more difficult for cybercriminals to get their message to key targets, which is occasionally forcing them to fall back on old vectors which have fallen off the radar of many defenders.”

Here are seven old attack vectors cybercriminals still use today with practical advice for defending against them.

1. Physical storage devices to infect systems, spread malware

The very first computer viruses spread via floppy disks, and the use of physical storage devices to infect systems and propagate malware persists to this day. This was evidenced in January 2022 when the FBI issued a public warning about BadUSB, a USB attack campaign in which numerous USB drives, laced with malicious software, were sent to employees at organizations in the transportation, defense, and insurance sectors.

The USBs were configured keyboards disguised as gift cards or invoices and, once inserted, injected commands to download malware…

Source…