itman 1,542 Posted January 30, 2019 Share Posted January 30, 2019 (edited) According to Fortinet which does annual threat landscape reporting, the "hands down winner" is exploits: Quote Understanding exploit trends or how ransomware works and spreads, the better we can avoid the impact caused by the next WannaCry. The malicious ransomware and its variants achieved great scale with hundreds of organizations affected across the world at once. Ransomware: Just under 10% of organizations detected activity associated with ransomware. On any given day, an average of 1.2% dealt with ransomware botnets running somewhere in their environment. The peak days of activity fell on weekends, with the hope of slipping traffic past weekend security operations staff. As the average traffic volume of various ransomware botnets increased, the average number of firms impacted by them rose as well. Exploit Trends: 80% of organizations reported high or critical-severity exploits against their systems. The majority of these targeted vulnerabilities were released in the last five years, but no shortage of attempts was made against premillennial CVEs. Exploit distribution was pretty consistent across geographical regions, likely because a huge proportion of exploit activity is fully automated via tools that methodically scan wide swaths of the Internet probing for opportunistic openings. https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2017/fortinet-threat-landscape-report.html Therefore one's number one security priority should be ensuring all their devices have applied all available OS and app software patches as soon as they are available. Edited January 30, 2019 by itman Peter Randziak 1 Link to comment Share on other sites More sharing options...
itman 1,542 Posted February 4, 2019 Author Share Posted February 4, 2019 (edited) In regards to recent ransomware attacks: Quote Ransomware victims who opt to pay their attackes for the promise of a decryption key forked over, on average, $6,733 during the fourth quarter of 2018, "The Q4 data set is derived from 226 unique ransomware attacks that were reported to, and triaged by, Coveware," CEO Bill Siegel tells Information Security Media Group. He says his firm handled negotiations for all ransoms that its customers - both individuals and organizations - chose to pay. But he cautions that not all payments resulted in victims receiving a decryption key or successfully decrypting all crypto-locked data. For victims who were able to identify the source of their ransomware infection, Coveware says 85 percent traced to RDP, 14 percent to phishing and 2 percent to another form of social engineering. https://www.databreachtoday.com/ransomware-victims-who-pay-cough-up-6733-on-average-a-11994 So again, more proof that the overwhelming source of ransomware attacks is via RDP usage. Edited February 5, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,542 Posted February 6, 2019 Author Share Posted February 6, 2019 (edited) Need further justification on why you shouldn't be using RDP? Quote Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws Several flaws in both open-source RDP clients and in Microsoft’s own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole. UPDATE LAS VEGAS — Multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) would allow a malicious actor to achieve remote code-execution over a client’s computer. According to Check Point research released Tuesday at the CPX360 event in Las Vegas, both open-source and Microsoft proprietary RDP clients are at risk from an attacker who has either set up a malicious RDP server within a network, or who has compromised a legitimate one using other vulnerabilities. It turns out that the vulnerabilities make it possible to do just that, essentially reversing the usual direction of communication and infecting the client computer – that in turn could then allow for an intrusion into the IT network as a whole. According to Check Point, 16 major vulnerabilities and a total of 25 security vulnerabilities were found overall across the clients it examined; these include mstsc.exe (Microsoft’s built-in RDP client); FreeRDP (the most popular and mature open-source RDP client on Github, Check Point said); and rdesktop (an older open-source RDP client that comes by default in Kali-linux distros, often used by security research red teams for penetration testing). https://threatpost.com/remote-desktop-protocol-clients-rife-with-remote-code-execution-flaws/141505/ Edited February 6, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,542 Posted February 8, 2019 Author Share Posted February 8, 2019 (edited) Business Email Compromise Attacks See Almost 500% Increase Quote Proofpoint Quarterly Threat Report's key findings: EMAIL: • Banking Trojans remain the top email-borne threat in Q4, making up 56% of all malicious payloads in Q4; Emotet comprised 76% of all banking Trojan payloads. • Remote access Trojans accounted for 8.4% of all malicious payloads in Q4 and 5.2% for the year, marking a significant change from previous years in which they were rarely used by crimeware actors. • Ransomware dropped even further in Q4 to just one tenth of 1% of overall malicious message volume. • Malicious messages bearing credential stealers or downloaders collectively jumped more than 230% year over year • Email fraud, also known as BEC, continued its dramatic growth. The number of email fraud attacks against targeted companies increased 226% QoQ and 476% vs. Q4 2017. WEB-BASED ATTACKS: • Coinhive activity spiked to 23 times the average for the year for two weeks in December; overall, Coinhive activity continued to grow slowly aside from this spike. • In Q4, we still observed a 150% increase in social engineering detections on our worldwide network of IDS sensors; while this is a slower growth rate than observed in previous quarters, it continues to demonstrate a trend towards social engineering even as EK activity has remained low. SOCIAL MEDIA: • Fraudulent social media support account phishing, or ”angler phishing,” has increased 442% year-over-year • Phishing links on social channels continue to drop as platforms address this issue algorithmically https://www.bleepingcomputer.com/news/security/business-email-compromise-attacks-see-almost-500-percent-increase/ Edited February 8, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,542 Posted February 28, 2019 Author Share Posted February 28, 2019 (edited) Quote Despite the prevalence of ransomware incidents in the news, we observed a drastic 91-percent decrease in ransomware-related threat components. But recently there were either no widespread zero-day attacks or none that were identified as such. Rather, the ones that were discovered were in the context of attacks with limited scope. At the same time, we observed several cases of cybercriminals using exploits for vulnerabilities that had already been patched. These exploits for known bugs are also known as n-day or 1-day exploits. https://documents.trendmicro.com/assets/rpt/rpt-unraveling-the-tangle-of-old-and-new-threats.pdf Noted in the 2018 malware incident report is 80% of detected malware arrives via e-mail. As such, that is where one's security protection concerns need to be directed. Also patch, patch, and patch some more. Edited February 28, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts