Global cyberattacks research and methods of their prevention

19 August 2021

HPC Inc. issued the results of its global research Thread Insights Report for the first half of 2021, in which the company analyzed past attacks and used vulnerabilities in cybersecurity. Among the most noticeable was access selling to the hacked infrastructure for ransomware spreading, received through bank trojan Dridex. It became the main malware “family”, highlighted by HP Wolf Security.

“Info thieves” began to use programs that are more dangerous: with the help of “infostealer” CryptBot (which had been mainly used for login information theft from crypto wallets and web browsers) install DanaBot – a bank trojan, controlled by organized crime groups.

The aim of the attacks using VBS-downloader are companys’ CEOs: we are talking about a multistep campaign using Visual Basic Script (VBS). Users receive e-mails with attached malicious ZIP-archives, the title of which coincides with CEO’s name. Along with the opening the archive, the hidden VBS-downloader is installed on the computer, and then LotL-attack (Live off the Land) is realized, which uses administrator’s installed legitimate instruments for malicious software spreading and installation on devices.

Shipping, marine, logistics and associated companies in every country (Chile, Japan, The UK, Pakistan, the USA, Italy and Philippines) suffer from attacks with malicious spams disguised as a CV. They use Microsoft Office vulnerability for the development of the popular solutions for distant control and monitoring (Remcos RAT) and receiving the access to the infected computers through backdoor.

The results of Threat Insights Report shows the high demand for actual methods and instruments of cybersecurity as in organizations’ infrastructure, as beyond it.

Basic cybersecurity recommendations can be defined as:

-          Regular software update

-          Unique and reliable passwords usage, periodical change

-          Deleting the unnecessary apps and browser’s extensions

-          Caution in operations and accuracy with personal data:

o   Don’t answer on suspicious inquiries

o   Avoid suspicious letters and insecure web-pages

The basic cybersecurity recommendations from Open technologies are:

-          Remote workplace instruments defense

-          EDR/XDR and Sandbox classes solutions implementation, including classic AV, FW and IPS

-          Periodical personnel competence in cybersecurity estimation

-          Anti-Spam and DMARC usage

-          Cloud security and access control instruments implementations

-          Data classification, risk evaluation automation and defense management with risks consideration

-          Password-less authentication means and methods implementation

Due to instant update and expansion of organizations’ infrastructure cybersecurity risks grow. If classical cybersecurity system copes with the main malicious software, complicated attacks and implicit threats (APT) inflict damage on those places, where sometimes passing the preventive measures is possible.

Open Technologies’ cybersecurity specialists group offers solutions for organizations defense, reducing the risk of serious cybersecurity incidents occurrence and raising efficiency of the main informational resources safety and security control.

 

Prev news:
Is it possible to prevent target attacks?
Next news:
Open Technologies on the Belarusian market: During the International forum in Minsk the company has announced its willingness to offer the solutions based on the whole range of its technical competence and gathered in Russia project experience