The ever-evolving nature of the money-motivated threat actors never fails to surprise us. Armed with new evading tools, exploit mechanisms, and cunning tactics, they are all set to execute sophisticated attacks on all sorts of enterprises. Small and medium scale enterprises, particularly facing the brunt of seizures for the challenges appear via the cloud, endpoints, network, and insider threats.
With each of our quarterly Cyber Threat Monitor (CTM) report, our researchers at K7 Labs offers detailed insight on how the end-users and enterprises are unsustainably falling prey to the cybercriminals for silly blunders. The report also outlines the growth and decline of attacks grouped by popular platforms.
Targeted attack rises
The most alluring observation of Cyber Threat Monitor report Q4, 19-20, was how the proportion of attacks has nosedived in contrast to the previous quarter. Unfortunately, that doesn’t indicate that the digital world is getting safe, or the threat actors have become inactive or inefficient. In reality, the growing number of unscrupulous adversaries have started eyeing more towards the enterprises across dimensions to make more money. The frequency of targeted attacks has become more consistent, involving intricate layers to achieve goals by flying under the radar.
Vulnerabilities in Windows
The threat actors have always treasured Microsoft Windows for numerous reasons. Unpatched vulnerabilities exist in the dated operating system, and application software is the most crucial reason behind the consideration—for instance, the existence of EternalBlue. Our researchers found several cases in which threat actors are using the latest Windows vulnerabilities such as Curveball, or SMBGhost.
The Curveball vulnerability affects all versions of Windows 10, Windows Server 2016, and Windows Server 2019, while the SMBGhost, lets an adversary gain access to the system with current user privileges.
The Smart alerts
Besides making our life more congenial and smart, numerous IoT devices often create security challenges due to a plethora of flaws and vulnerabilities. Similarly, the threat actors also effectively manipulate vulnerabilities that exist in the Industrial Internet of Things (IIoT) products to intrude into large enterprise networks.
During the period, a total of six vulnerabilities found in GE HealthCare devices are the critical shreds of evidence to it. Collectively referred to as MDhex, the vulnerabilities could let the hacker execute remote code execution (RCE) to disable the devices, harvest personal health information (PHI), change alarm settings, and alter device functionality to the point that they become inoperable.
Another vulnerability called Kr00k had allowed unauthorized decryption of WPA2-encrypted internet traffic on Broadcom and Cypress Wifi chipsets.
Android Banking Trojans
During the period, our researchers at K7 have found a plethora of banking trojans on the Android platform. And Cerebrus remained the most evident example of it. The banking trojan was designed to victimize over 250 global bank customers. The list also includes renowned Indian banks such as HDFC Bank, ICICI Bank, and Axis Bank in the cloak of a benign Covid-19 app.
There is more
If you think that the snapshot plotted above is good enough to go, let us tell you that there are even more. The latest K7 CTM Q4, 19-20 report, includes threat infection rates grouped by Tier-1, state capitals, and Tier-2 cities, elaborated case studies, actionable, and succinct mitigation tips categorized by all the popular platforms.
Furthermore, the detailed cyber threat intelligence report would also come handy for the organizations to identify the types of attacks and design an actionable cybersecurity policy to stay safe!
Get the K7 Cyber Threat Monitor report here.