Threat Landscape
image pattern pattern

During the last few years, we are continuously stepping towards the digital platform, and the usage of digital devices has increased rapidly. More and more organizations are drifting towards using digital products and services and storing the data on the server; as a result, the attack surface of the organization is increasing rapidly. The threat landscape has increased drastically in the last few years in a manner that has been challenging for enterprises to manage, understand and predict.

Attacker Motivations
 
Financial-
The primary motivation of the majority of cybercriminals is getting the monetary benefit. For example- theft of personally identifiable information, bank account details, credit card details. According to a survey in 2017, out of all the cyber-attacks, credit card fraud grew up to 4.8% to $565 million. For example- In late 2013, approximately 40 million credit card numbers and the personal information of 70 million customers were exposed by unidentified hackers by installing malware into Target’s computer network. The hackers accessed Target’s systems using the credentials of third-party heating and air conditioning contractor.
 
Hacktivism- 
Hacktivism is a form of political activism in which the hackers are employed against powerful commercial institutions, government, etc. Although hacktivism is practiced in jurisdictions, it is still not always open or democratic.
 
Espionage-
 It is an act of gaining unauthorized access to a system or network to obtain the sensitive or confidential data of a government or military infrastructure using proxy servers. In the recent cyber-espionage case, which Fire Eye unveiled, the attackers’ central target was the telecommunication firms in the middle east.
 
Cyber War-
 In this century, hackers are primarily motivated in either offending or defending against adversaries. Disrupting supply chains, destroying centrifuges, and other attacks can be classified as cyber-attacks.
As technology advances, the cyber-attack surface will increasingly expand, so it is more important to implement at least primary defenses and avoid human-based vulnerabilities. Some of the common threats are-

Phishing- It is basically trapping a victim in the net. In this, the attackers send malicious links to victims by using email, and whenever the victim opens the mail, he may be redirected to a legitimate-looking website that actually is malicious, and the victim may end up exposing his sensitive information. So, it is one of the ways of getting financial gain. The only weakness here are humans because they are not able to identify phishing links. According to a study, 30% of phishing messages were opened by users, and 13% of them went on to click on the malicious links. Another form of Phishing is Vishing. An attacker calls the victims and asks for their sensitive or confidential information such as credit card details, OTPs, bank account details, etc. The most prominent example of Vishing is the infamous Jam Tara attack, where most of the teenage boys would fake their voices and call random numbers to gain sensitive information. Another example of Phishing is Spear phishing which is targeted phishing in which the target is specific from whom the sensitive information is to be obtained.

Ransomware- Ransomware is a PC, Mac, or mobile device-based malicious software that encrypts a user’s files and threatens them to pay a ransom to the attacker to get back their data in the form of cryptocurrency such as bitcoin, Litecoin, Ripple. Monero etc. Ransomware does not only encrypt the files on a workstation but also travels across the network and encrypts the files located in network drives.

 

 

Infection Vectors

  1. Email Vector- The easiest way to target a victim is by sending the malicious email with multiple extensions to hide the true nature of the received file, which is a ransomware file, and the users install it unknowingly.
  2. Drive-by-Download- Another way of ransomware installation is drive-by-download when a user visiting a compromised website or by using an old browser or software plugin or an unpatched software application that can infect a machine
  3. Free Software Vector- People generally like to install the accessible version of a piece of software. The attackers take advantage of this vulnerability and send ransomware in this software which will eventually evade the firewall and get installed in the victim’s system.
  4. Remote Desktop Protocol- Another common way of infecting networks is a remote desktop protocol which is used for remotely logging into windows machines, which typically uses 3389 port numbers, so attackers take advantage of this vulnerability spreads malware within a network.
 
Mitigation steps in case of a ransomware attack
 
Disconnect- Once the ransomware is detected, the first step one needs to do is to remove the system from the network it is on, such as remove it from the Wi-Fi or Bluetooth.
 
Determine the scope- After the attack, the victim should determine the amount of infrastructure infected by the ransomware, whether the infected machine has access to the shared or unshared drive or folder, network storage of any kind, external hard drives, USB sticks, cloud-based storage, etc.
 
Determine the strain- There should be knowledge of the piece of the ransomware with which you are infected because although most of the ransomware follows the same pattern for encryption, there should be a brief idea about the type of encryption the ransomware is using.
 
Evaluate your responses- To make more informed decisions, one must follow these 4 points-
  1. Restore from a backup point
  2. Decrypt the file
  3. Do nothing
  4. Negotiate

 

Extortion

Stuxnet, a computer worm discovered in 2010, was one of the most mysterious cyber-attacks in which it primarily focused on Siemens Industrial software based on Microsoft Windows. The computer worm infected computers at the nuclear reactor and led to a delay in the launch of Iran’s first nuclear power plant.

 

Threat Mitigation Strategies

Today’s threat landscape is emerging out to be at higher stakes than ever before. Security threats are emerging at an unimaginable rate, and security professionals are often wandering as the threat landscape is changing around them quite frequently. There are many strategies and tools that these enterprises can use to gain a better understanding of the modus operandi of these attackers.

Below are some of the mitigation strategies that these organizations can use to deal with the threats

• Research and familiarization with the standard attack patterns and indicators of compromise for a similar organization.

• Usage of end-point solutions in the organization

• Usage of different security devices in the infrastructure such as IDS/IPS, AV, DLP, etc.

• Threat Intelligence is also an essential method for real-time monitoring of the threats and gathers intelligence about the threats to prevent upcoming attacks.