The pace of cybersecurity threats was unrelenting last year, as cyber criminals continuously introduced new attacks and tried new tactics for outsmarting potential victims. A look back at the most prevalent threats that the Barracuda Research team studied over the course of the year reveals three important lessons that organizations and their IT service providers can learn from to help guide them to a more secure 2019.Lesson 1:
Cybercriminals are trying to take over your accountsIn May, we looked at
how cybercriminals are
taking over user accounts and
using them to send fake OneDrive share links to colleagues to steal credentials
and take over more accounts. We’ve also seen attackers impersonate Google
Drive, Outlook, and DocuSign to try to steal credentials.
Then in August, we
went deeper by conducting a study of 3,000 business email
compromise attacks, which
found that nearly half of the
attacks used the
compromised account to try to trick email recipients into doing a wire transfer
to bank account owned by the attacker.We continued to focus
on account takeover attacks in September, looking at how widespread these
attacks had become. We studied 50
randomly selected organizations over a three-month period and found that each
month four to eight experienced at least one account, with a total of 60
incidents reported.Account takeover is
one of the biggest threat vectors in the cybersecurity industry today. More and
more organizations are getting hit, and the attacks are getting more and more
targeted. Attackers are moving away from the relatively standard phishing
email, as they are finding that strategically targeting business executive accounts
is much more lucrative.As account takeover
attacks get more personalized and sophisticated in 2019, a big problem in cybersecurity that will
grow even bigger is that of identity. How do we know if someone is really who
they say they are? This challenge will be exacerbated as more organizations
continue to move to the cloud and remote logins becomes more common.Lesson 2: Cybercriminals
are finding more creative ways to make a profitAttackers have also
recently started favoring tactics that allow them to get paid directly.
The 2018 Barracuda Email
Security Trends report explains
it this way:“Information theft is
the classic breach example; however, ransomware and business email compromise
attacks are still fairly new and have quickly become expensive in their own right,
making them appealing to cybercriminals. Criminals apparently prefer direct
monetization attacks over traditional theft sales. Unlike information theft,
which requires a buyer, these newer attacks don’t; they cut out the middleman,
meaning less work and a faster, better ROI for the criminals.”Several of the threats
we studied this year demonstrated how attackers are getting imaginative about
finding new ways to make cybercrime pay. In October, we examined an ongoing “sextortion”
scam, which used a
combination of passwords compromised in old breaches and threats about
revealing embarrassing video footage to scare people into making big payments.
In November, we looked at a spear phishing attack that used CEO impersonation
and timing around the holidays to get people to buy gift cards for the
attackers.These attacks are a
good reminder of why security awareness training is so important for businesses
of all sizes. Educating employees regularly on the types of attacks to watch
out for, how to recognize a suspicious message, and how to respond appropriately
can go a long way toward helping businesses stay more secure and avoid a costly
mistake.Lesson 3:
Cybercriminals aren’t giving up on their greatest hitsJust because criminals
are getting creative with new attacks doesn’t mean they’re slowing down in other
areas where they’ve seen success.In June, we looked at
the incredible volume of phishing
attacks that are
happening on a regular basis. For example, in May 2018 alone, Barracuda blocked
more than 1.5 million phishing emails and saw more than 10,000 unique phishing
attempts (the same email content, potentially sent to hundreds or even thousands
of people).In April, we examined
a new URL file outbreak. Attackers were using a variety of techniques
to launch a Quant Loader trojan capable of distributing ransomware and password
stealers. The Barracuda Research team tracked the attack closely and shared
what they’d learned about the attack and how it was being executed — and how
easy it was for would-be attackers to obtain the malware.“Based on past
attacks, Quant Loader is a trojan that typically distributes malware such as
ransomware and password stealers,” researcher Jonathan Tanner wrote. “It is
sold on underground forums and allows the user to configure the payload(s) upon
infection using a management panel. Configurable malware offered for sale such
as this is becoming more widespread, which allows malware development to be
separated from distribution.”These examples showed
us that although cybercriminals are starting to get more sophisticated with
threats like account takeover, they aren’t giving up on go-to attacks like
phishing, ransomware, and malware, such as trojans and password stealers. In part, this is because they’re still
finding people they can trick and businesses that aren’t following security
best practices.That’s why it’s so
important for organizations and their IT service providers to develop a
multi-layered approach to security. You need to defend multiple threat vectors
and keep up with new attacks, without getting lax about security fundamentals.
Putting the right security solutions in place and working with the right
partners can help make that easy.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
