A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
Depending on the criminal intent, a cyber attack can be random or targeted. Cyber attack methods seem to rotate in order to throw organizations off their defenses. Mega ransomware attacks dominated the news in 2017 with WannaCry and NotPetya. Cryptominers’ attacks made headlines in 2018. In 2019, cyber attacks have been a mixed bag. Phishing email cyber attacks remain a constant thorn for most organizations.
The resurgence of ransomware has been growing. Small local and state government agencies, mainly in the southeastern part of the U.S., have been victimized. Digital transformation is eroding traditional network perimeters with the adoption of cloud computing, cloud-based subscription services, and the ubiquity of mobile devices. This increased expansion of vectors means more ways to attack an organization.
In software supply chain attacks, the threat actor typically installs malicious code into legitimate software by modifying and infecting one of the building blocks the software relies upon. As with physical chains, software supply chains are only as strong as their weakest link.
Software supply chain attacks can be divided into two main categories. The first includes targeted attacks aiming to compromise well-defined targets, scanning their suppliers list in search of the weakest link through which they could enter. In the ShadowHammer attack, attackers implanted malicious code into the ASUS Live Update utility, allowing them to later install backdoors on millions of remote computers.
Phishing is a popular cyber attack technique and continues to be one of the biggest threats to cyber security. Advanced socially engineered evasion techniques are bypassing email security solutions with greater frequency. Check Point researchers noted a surge in sextortion scams and business email compromise (BEC), threatening victims into making a payment through blackmail or by impersonating others, respectively. Both scams do not necessarily contain malicious attachments or links, making them harder to detect. In April, one sextortion campaign went as far as pretending to be from the CIA and warned victims they were suspected of distributing and storing child pornography. Hackers demanded $10,000 in Bitcoin.
Evasive email scams include encoded emails, images of the message embedded in the email body, as well as complex underlying code that mixes plain text letters with HTML character entities. Social engineering techniques, as well as varying and personalizing the content of the emails, are additional methods allowing the scammers to fly safely under the radar of anti-spam filters and reach their target’s inbox.
The growing popularity of public cloud environments has led to an increase of cyber attacks targeting resources and sensitive data residing within these platforms. Following the 2018 trend, practices such as misconfiguration and poor management of cloud resources remained the most prominent threat to the cloud ecosystem in 2019. As a result, subjected cloud assets have experienced a wide array of attacks. This year, misconfiguring cloud environments was one of the main causes for a vast number of data theft incidents and attacks experienced by organizations worldwide.
Cloud cryptomining campaigns have increased with upgraded techniques capable of evading basic cloud security products. Docker hosts have been exposed and competitors’ cryptomining campaigns operating in the cloud shut down. Check Point researchers also witnessed an increase in the number of exploitations against public cloud infrastructures.
Malicious actors are adapting techniques and methods from the general threat landscape to the mobile world. Banking malware has successfully infiltrated the mobile cyber arena with a sharp rise of more than 50% compared to 2018. In correlation to the growing use of banks’ mobile applications, malware capable of stealing payment data, credentials and funds from victims’ bank accounts have been pushed from the general threat landscape and became a very common mobile threat too.
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, a cyber attack is preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, endpoint and mobile devices, and cloud. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks: