It has been reported that target attacks on businesses showed an increase in the third quarter of the year, according to Tech Republic. Cyber attackers have continued to depend on both social engineering and malware to acquire information from both individuals and enterprises alike. Attacks are deployed using bogus using built-for-purpose email addresses, compromised sites in SharePoint and word docs riddled with malware.
Cybersecurity Threatscape and BEC
Positive Technologies’ last report for the year entitled “Cybersecurity Threatscape Q3 2019” indicates that targeted malicious attacks increased from 47 percent in Q1 to 56 percent in the third quarter.
The report also commented that 81 percent of attacks involving corporate infrastructures being infected by malware were instigated by a simple phishing message.
APT gangs were cited as the reason for the notable increase of attacks in Q3. APT hackers target attacks on industrial companies, governments, education and science organisations as well as the financial sector.
The recent report also showed that in 69 percent of attacks on businesses in Q3, attackers utilised social engineering, which is up from 37 percent in Q2. In these cyberattacks, Business Email Compromise (BEC) was used for delivery. In BEC, cybercriminals misrepresent themselves as a trusted firm, such a seller or supplier, sending an invoice with their own account number to steal funds.
International authorities such as the FBI have gleaned that global losses from fraud using BEC to be over £26 billion in the past three years.
Microsoft products used for authenticity
Cybercriminals are making use of several Microsoft products in their malicious attacks, making their attacks appear valid and more difficult for targets to spot.
In September, the PT Expert Security Centre noted attackers were sending phishing emails to African and European banks. These messages contained Microsoft Office documents that included macros able to extract a DLL and then save it. The macro would then run its own FlawedAmmy loader.
SharePoint, the collaborative platform from Microsoft, has also been taken advantage of. Attackers are using SharePoint to circumvent company defences by using a compromised site in SharePoint to fool employees into parting with passwords and usernames. As SharePoint links are whitelisted by many banks and businesses, threats manage to penetrate anti-phishing defences and make it to intended inboxes.
APT hackers use a vast variety of cutting-edge malware and other technologies to make their assaults on businesses. These include the banking trojan Dridex, a remote downloader and desktop agent ServHelper, the Upxxec plug-in that can disable a wide spectrum of antivirus software along with FlawedAmmy, as mentioned before, which provides remote admin trojans.
According to PT, the ATP group alters its approach after each wave of cyberattacks, making: “qualitative changes to its toolkit and advanced to more sophisticated techniques for maintaining stealth."
Remaining vigilant and keeping all employees educated against threats is essential for every business, but so is ensuring your system is always updated in order to avoid vulnerabilities. At WM Reply, you can depend on us for advice and support to ensure your business intranet keeps running at optimum performance and remains secure against threats.