Which tactics and techniques are cyber attackers favoring? vFeed has compiled a list of the Top 10 Most Used MITRE ATT&CK Tactics and Techniques to help security teams focus their defenses more effectively
"The MITRE ATT&CK framework is a well known and widely used knowledge base of cyber adversary tactics, techniques and procedures, and is based on observations on real-world attacks.
The framework applies to the following technologies:
- Enterprise IT systems: Windows, macOS, and Linux
- Cloud systems: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Software-as-a-Service (SaaS), Office 365, and Azure Active Directory (Azure AD)
- Mobile devices: Android and iOS
MITRE ATT&CK can be used to develop threat models, emulate adversaries, help security operations, improve organizational security, verify defenses, develop security architecture, and so on..."
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
"Few things elicit greater fear than the moment an organization realizes it has been breached. Picture executives descending into sheer panic and security teams scrambling madly as they assess the situation and attempt to limit the damage. And it's little wonder why: A breach can prove costly - often to the tune of tens of millions of dollars - destroy a brand's reputation (if not the brand itself), and lead to huge regulatory penalties.
When a breach occurs, how teams act and react has everything to do with how quickly and smoothly an organization gets back on track..."
The use of QR codes is growing as a convenient input mechanism to make mobile transactions more efficient. But Qshing, or QR code abuse, is also a growing cyberthreat
"Back in 2013, David Geer laid out the dangers of QR codes for security, explaining how a malicious QR - Quick Response - code can contain a link to a website embedded with malware. The Web link then infects the user device with a Trojan..."
"Once a Trojan infiltrates a mobile device," Geer wrote, "it typically reports to the hacker's servers, which automatically transmit any number of other threats through that opening to leach data and wreak havoc. Freely available tools automate QR code creation so criminal hackers do not have to roll their own."
Even eight years ago, there were plenty of toolkits available to create malicious QR codes that allowed ethical hackers test systems for security vulnerabilities with the enterprise's blessing. Of course, hackers with bad intentions also used the same tools...
Common Vulnerabilities and Exposures (CVE) is a list of computer security flaws ranked on critical measures to aid individuals and companies with assessing the risk posed by the vulnerability or exposure to yourself
"When someone refers to a CVE, you can easily find the vulnerability by searching, and you can easily ascertain the criticality of the risk to your organization due to the structured, consistent review and documenting of the vulnerability or exposure in a consistent fashion. Security warnings issued by vendors or researchers almost always mention at least one CVE ID.
CVE entries are brief, they don't include technical data, or information about potential impacts or the fixes themselves. Those details appear in other databases, including the U.S. National Vulnerability Database (NVD), the CERT/CC Vulnerability Notes Database, and additional lists controlled by the vendor in question or other cybersecurity organizations. Across these different systems, CVE IDs give users a reliable way to understand unique security flaws in a repeatable fashion..."
While employees enjoyed remote working from the comfort of their homes, cybercriminals cracked new techniques to launch malware attacks
"With remote work becoming the new normal, organizations globally are getting used to secure the work devices virtually. While the entire working community fit into the new working conditions, cybercriminals also ditched their old tactics and attempted innovative hacking techniques to target the remote workforce.
Adversaries are leveraging specially crafted malware or spyware to infect end-user devices like laptops, smartphones, and Internet of Things (IoT) devices, to pilfer sensitive corporate data. Research from Malwarebytes found a major change in the devices targeted and strategies deployed by threat actors. The 2021 State of Malware Report revealed that the use of tracking applications rose by 565% in 2020, while spyware app detections increased across the same period by 1,055%..."
Organizations take 84 days on average to patch high-risk vulnerabilities
"Most vulnerabilities exploited in the wild are years old and some could be remedied easily with a readily available patch.
This is one of the findings of a new report from security firm Edgescan, which states that two thirds (65 percent) of CVEs found in 2020 were more than three years old, while a third of those (32 percent) were originally identified in 2015 or earlier.
The oldest vulnerability in circulation last year was CVE-1999-0517, which was first identified at the turn of the millennium..."
As investigators uncover more about the massive SolarWinds hack, enterprise CISOs' concerns about digital supply chain security grow
"The SolarWinds supply chain hack -- unprecedented in both scope and sophistication -- marks an historic inflection point in how CISOs view the digital supply chain, experts say. By hiding malicious code in a trusted software update for SolarWinds' popular network monitoring platform, Orion, attackers may have gained backdoor access to the networks of thousands of customers, including federal agencies, such as the Departments of Treasury and Justice, and private organizations, such as Microsoft and Cisco. The continuing SolarWinds fallout has prompted companies of all kinds and sizes to regard their third-party technology partners with heightened uneasiness, if not outright suspicion..."
Cybersecurity spending in critical infrastructure has been little impacted by the COVID-19 pandemic, save for some reshuffling on where that spend is most needed. The effect has been mostly in increased demand for secure remote connectivity
"Most of the cybersecurity spending announced by governments has not changed significantly however, with most maintaining similar funding planned in previous years, with an average Year-on-Year growth rate between 5% and 10%.
According to a report by ABI Research, cybersecurity spending for critical infrastructure (CI) will increase by $9 billion over the next year to reach $105.99 billion in 2021..."
These seven tips will help ensure a penetration test improves your organization's overall security posture
"Penetration tests are an important part of any security program. Indeed, most companies in the Fortune 200 - maybe even the Fortune 2000 - are well along in their security maturity model to include at least an annual pen tests, experts say.
Jim O'Gorman, chief content and strategy officer at Offensive Security, says the best pen tests are tailored to the company's goals, delivering actionable results that help it establish clearly identified next steps to continue improving their security..."
Bottomline and Strategic Treasurer released the results of a survey that gathered details about corporate and banking experiences, actions and plans regarding fraud. Results show that the pandemic accelerated both the threat of fraud and the response to it, with corporate and banking alignment on defensive automation
"Banks worry about business email compromise
- Spending more/significantly more on security is a 3-year trend (2019: 17%; 2020: 19%; 2021: 22%).
- 86% of respondents from banks perceive business email compromise / authorized fraud to be the greatest risk to their business over the next 1-2 years.
- 21% of fraud experiences had a COVID-19 connection.
Against a multi-year trend of increasing sophistication and automation of fraud, opportunistic criminals leveraged the pandemic-driven push to remote operations to strike in a blitz offensive. The rapid transition to a work from home (WFH) environment created exposures that outpaced structural and procedural defenses, resulting in accelerated threats and fraud loss..."
See all Archived IT - Security articles
See all articles from this issue