Cyber security is a very topical issue. Companies and organizations worldwide are facing one of the greatest challenges ever; that is, they are facing increasingly sophisticated threats to the security and integrity of their data. This is not a battle fought with conventional weapons; it is not a question of adapting production paradigms to changed economic scenarios: today’s need is to review our approach to information technology as a whole. To better understand what we are talking about, let’s try to clarify some concepts.
Advanced Persistent Threat (APT)
Also called Advanced Targeted Threats (ATT), they are advanced and persistent targeted threats represented by one or more sets of IT Tools, Techniques, and Procedures (TTP), employed directly or indirectly by a nation-state or by sophisticated criminal organizations to carry out long-term cyber espionage or to subvert specific adversary networks. Among the qualifying characteristics of this phenomenon, we can include regular human interaction (i.e., it is not just about automated attacks) and the ability to extract a lot of sensitive information over time.
Exposure to Cybercrime
According to the latest report for the second half of 2022 published by FireEye, Turkey is currently the most exposed to targeted attacks in the EMEA area. Persistent regional tensions and conflicts in neighboring countries will likely underlie these threats. The high Internet connectivity makes the country riper for cyber security attacks. While recording a lower exposure to attacks than the average for the area, Italy is still more at risk than countries such as Qatar and Saudi Arabia.
Security of information systems in the various sectors of activity
Governments, financial services, and the aerospace sector saw a 70% increase in unique detections between the first and second half of 2022. This highlights the rapid growth of the actors of these threats, including, as mentioned above, groups of criminals and nation-states. In the second half, an increase in the number of unique detections was observed in the financial services sector, a sign that cybercriminals are starting to see this sector as ripe for their activities.
Advanced cyber attacks: how they spread
Exploit kits, i.e., malicious toolkits that can be used to exploit vulnerabilities and security holes, play a vital role in carrying out attacks. There are many variants of exploit kits, but in the second half of 2022 one kit dominated the scene, the Angler Exploit Kit, which spread ransomware and Trojans like Dridex. Additional attack tools are macros in Microsoft Office applications, ten times more used to carry out attacks and generate backdoors.
The role of Ransomware
In the second half of 2022, there was a sharp increase in cybersecurity attacks using ransomware in EMEA. The use of ransomware is rapidly evolving. The continuous development of new families with new anti-detection and encryption methods shows that many victims are evidently willing to pay the ransom for their data. To keep up with new threats, let’s try to summarize the most common forms of ransomware:
Cryptolocker – The most prolific of all file-encrypting ransomware variants, Cryptolocker, was first spotted in 2013. It spreads via the “Gameover Zeus” botnet and demands a ransom to decrypt data.
Cryptowall: Occurred a few months after cryptolocker, in 2013, and mimicked its predecessor’s behavior. The developers made over $1 million in six months in 2014.
CTB-Locker – First seen in 2014, CTB-Locker was the first ransomware that used the Tor network.
TorLocker: Initially geared back in 2014 to attack Japanese users, TorLocker was sold on the defunct Evolution marketplace.
Kryptovor – This malware steals files from compromised computers, but it also has a ransomware component. Kryptovor mostly prefers businesses in Russia.
Teslacrypt: This Malware was born in February 2015. Cybercriminals ask victims to pay between 0.7 and 2.5 bitcoins, ranging from 150 to 1000 dollars.
Malware per Point of Sale (POS)
A threat that should be taken seriously and that is also gaining ground is malware that targets POS terminals and allows bad actors to obtain all available data on credit or debit cards. When a credit or debit card is swiped into a POS terminal, the data is stolen and can be resold or duplicated into new cards used for purchases or ATM withdrawals. In the graph below, it is possible to observe the trend of the diffusion of this malware for the year.
Attacchi Distributed Denial of Service (DDoS)
This type of attack is now prevalent. Attackers preemptively infect many computers with viruses and worms, leaving open backdoors reserved for them. The monitored computers are called zombies, and they make up a botnet. Once the right number of infected machines is reached, they simultaneously flood the target server with connection requests, knocking it out.
According to a survey published by Arbor Networks, which interviewed 354 network operators, service providers, hosting, and companies around the world, what emerges is the growing perception of uncertainty regarding cyber security and new threats from survey participants.
The scale of distributed denial of service (DDoS) attacks continues to grow. Over the past 11 years of reporting, Arbor Networks has seen a 60x increase in the average attack size.
The Cloud is also under attack. In 2022, only 19% of respondents reported attacks on their cloud services. That percentage grew to 29%and next year to 33%. In fact, 51% of data center operators report experiencing DDoS attacks that saturate their connectivity. There was also a sharp increase in data centers disclosing outbound attacks from servers within their networks, up to 34%.
Nearly 40% of enterprises surveyed still need to adopt the tools necessary to monitor BYOD (Bring Your Own Device) devices on the network. Among other interesting data, 17% of companies affected by these phenomena found that threats can come from within.
Geopolitics and economics are mirrored in the world of information security. New threats show that they can adapt with incredible speed. The use of shared infrastructures, such as wireless networks and user profiling, is changing the TTP known to us until now. In this context, eliminating any element of risk is impossible; however, this is what should be done in order not to be caught unprepared:
- Always assume that the company is a target for bad actors and that current defenses are inadequate
- Outline, in agreement with management, a picture of IT risk
- Always acquire new information on the latest threats to update the detection and protection systems properly
- Equip the company with the right technology to identify and repel these new threats
- Establish a rapid response plan in the event of a breach