Ransomware; phishing; supply chain: Hackers expand their repertoire

I like reading vendors’ reports to see what they will be marketing in future. I also like to check that the solutions that my company sells and supports fit with the structure of whatever vendor x is pushing. What I get from Trend Micro’s report is that good threat modelling to identify security controls, asset management to validate that the controls are in place and effective (e.g. patching), targeted user training and awareness campaigns, and monitoring for breaches adds up to a comprehensive security program. I usually phrase this as ‘The five questions‘…:

Trend Micro’s report provides an alarming snapshot into a threat landscape characterised by volatility and chaos. Financially motivated cyber-criminals collaborate and compete with each other on a daily basis to elicit profits from their victims. And there are plenty of those, thanks to increased investments in cloud and digital platforms that have broadened the corporate attack surface.

Three trends in the report stand out:

Ransomware is on the rise: Although the number of new families fell, the number of detected ransomware components jumped by 10 percent to top 61 million during the year. Attacks have been causing chaos across the US, particularly among under-funded public sector authorities and schools. The recent outage at Redcar council could be ominous for UK local authorities. As if service downtime wasn’t enough, several groups have also begun stealing sensitive data before they encrypt, and releasing it if victims don’t pay up — which will require organisations to evolve their threat defence strategies.

Phishing is evolving: As always, email-borne attacks accounted for the vast majority (91 percent) of threats blocked last year, and increased 15 percent in volume from 2018. What does this mean? That phishing remains the number one vector for attacks on organisations. Although we noted an overall decline in total attempts to visit phishing sites, there were some spikes. Fraudsters appear to be targeting Office 365 in an attempt to bypass security filters: the number of unique phishing URLs that spoofed the Microsoft cloud platform soared by 100 percent from the previous year. BEC attacks, which the FBI has claimed cost more than any other cyber-crime type last year, grew five percent.

The supply chain is exposed: At the same time, the digital supply chain has rapidly expanded in recent years, exposing more organisations to risk. This was particularly notable in the e-commerce space last year, as Magecart gangs managed to compromise an estimated two million sites. Many of these attacks focused on attacking supply chain partners, which provide JavaScript libraries to the victim sites. Trend Micro also observed an increase in attacks focused on compromising DevOps tools and deployments, such as misconfigured versions of Docker Engine – Community and unsecured Docker hosts.

What happens now?

This is just the tip of the iceberg. Trend Micro also detected increases in mobile malware (six percent), brute force IoT logins (189 percent) and much more. To regain the initiative in the face of such a wide-ranging set of threats, CISOs may find more value in taking a connected threat defence approach. This would consolidate protection onto a single provider across gateways, networks, servers and endpoints, with underlying threat intelligence optimising defence at each layer.

Here’s a quick checklist of elements to consider:

  • Network segmentation, regular back-ups and continuous network monitoring to help tackle ransomware

  • Improved security awareness programs so users can better spot BEC and phishing attempts

  • Monitor vulnerabilities and misconfigurations in supply chain partners’ systems to defend against Magecart attacks

  • Scan container images at build and runtime for malware and vulnerabilities

  • Keep all systems and software on latest versions

  • Two-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like RDP and developer tools

Original article here