Remote access to company networks is increasing and with it cyber threats are increasing. Cybercriminals are constantly developing their attack tactics.
As companies' internal cybersecurity becomes more protected and monitored, cybercriminals have evolved their tactics and are focusing on new methods of compromise that provide a larger attack surface than ever before. This means organizations must look beyond their traditional IT boundaries to understand the full scope of threats that could lead to a cyber incident.
Threats from outside
To better understand this expanded attack landscape, continuous analysis of the latest external threats, vulnerabilities and risks is essential. This includes any threats that come from outside companies' internal networks, such as: B. from suppliers, vendors and other third parties, as well as cyber threats located on the clear, deep and dark web.
To shed light on the state of external cyber defense, BlueVoyant recently compiled a report on emerging trends that pose critical issues for organizations of all types. The report is based on the observations and data collection derived from continuous threat monitoring and response to enterprises' extended ecosystems. Below, Markus Auer, Security Advisor and Sales Director DACH at BlueVoyant, highlights some of the most important findings.
Increasingly advanced and dynamic phishing
The developments of the past few years and the rapid increase in remote working have forced companies to digitize faster than planned. With many companies now having a large proportion of their workforce working from home and many physical branches being closed, the reliance on digital transactions has skyrocketed. This also created more opportunities for hackers to strike.
Analysts are seeing increasingly sophisticated phishing tactics that target the weakest link: the end user. Hackers are always looking for new and innovative ways to carry out attacks on companies and their users. They have accelerated their efforts in response to the distributed workforce and the increasing digitalization of the global economy.
The following examples are three of the many tactics threat actors have increasingly used over the past year.
- Phishing link redirects
- Use of dynamic DNS infrastructure
- Smishing (SMS phishing)
RDP as the primary vector for ransomware
With the ever-growing need for external remote access to networks and increasing third-party connectivity, assistive technologies widely used in modern enterprises continue to pose a major risk and are increasingly being targeted by threat actors. Protocols such as RDP (Remote Desktop Protocol), SMB (Server Message Block) and WinRM (Windows Remote Management) can facilitate important business processes, but also pose an increased risk that must be taken into account in any security analysis. RDP in particular seems to be very popular with hackers - the protocol has been exploited very frequently and successfully in the recent past.
RDP, the proprietary Microsoft protocol that allows a user on one computer to connect to and control a remote computer, is often used by administrators to troubleshoot a problem on a remote system. It has become popular in cloud computing in recent years to access and/or manage virtual machines in the cloud environment. Unfortunately, in many cases RDP becomes a gateway when the RDP port is left open to the Internet, e.g. B. on a forgotten system, a cloud instance or a network segment. Easily discovered and exploited, this protocol can lead to data loss, downtime, costly remediation, and reputational damage to organizations.
In recent years, threat actors have increasingly sought open RDP ports because they can find vulnerable open RDP services through a simple external scan of an organization's network. If an RDP port is left open on a company's network, it's only a matter of time before it becomes a target for cybercriminals.
Zero-day vulnerabilities and patch timing
Zero-day vulnerabilities, also known as emerging vulnerabilities (EVs), represent a critical cyber threat to organizations because they are unpredictable and time-sensitive. New vulnerabilities emerge almost every week, and companies around the world and across all industries must constantly be vigilant about which vulnerabilities may affect them. One of the biggest challenges in mitigating risk in an expanded ecosystem is ensuring that both companies and suppliers do not have open, unpatched instances of vulnerable software. The average time to compromise with a newly discovered zero-day attack is only about two weeks or less, so it is extremely important to respond quickly.
Through their continuous monitoring services, companies like BlueVoyant quickly identify EVs within their global data sets comprised of the external-facing IT infrastructures of organizations across all industries and sectors. They are able to report the discovery of specific data and assets within companies. By leveraging this capability, in most cases, the vulnerabilities in question can be signed and the remediation rate recorded for all organizations within the data. A number of conclusions can be drawn about how companies should best respond to the disclosure of new EVs.
Recommendations for mitigation
In order to counteract cyber threats from emerging vulnerabilities, the following findings and recommendations should be taken into account in view of the trends mentioned above:
- Threats should be tracked proactively
- To identify rapidly evolving threats, up-to-date information must be collected
- Building agile security processes is of utmost importance
- It is important to always have an overview of the entire external ecosystem
- Risks must be prioritized and contingency plans should be put in place
About BlueVoyant
BlueVoyant combines internal and external cyber defense capabilities in an outcomes-based, cloud-native platform by continuously monitoring your network, endpoints, attack surface, supply chain, and the clear, deep, and dark web for threats. The full-spectrum cyber defense platform quickly illuminates, validates, and remediates threats to protect your organization. BlueVoyant leverages both machine learning-driven automation and human-led expertise.