Cybercriminals are using more zero-day vulnerabilities, says survey
HP released its latest global HP Wolf Security Threat Insights Report, where the company's researchers conduct analysis of the world's top cybersecurity attacks. In this issue, the key finding is that criminals are exploiting vulnerabilities before the responsible companies can fix them.
- What is web scraping and how does it happen?
- Criminals use YouTube videos to spread account stealing malware
- Hacker discovers loophole in Polygon crypto network and receives $2M reward
According to the HP report, criminals are using more zero-day vulnerabilities, critical gaps that were not detected in the software and systems development process, as the main form of attack, taking advantage of fixes for these flaws, in many cases, may take time to be made available by the responsible companies.
The team responsible for the report cites as an example the flaw CVE-2021-40444, Microsoft Office, which uses a malicious file that deploys malware through an Office document. Users do not have to open the file or allow any action, just previewing in File Explorer to compromise the device, and allowing attackers to install backdoors for free access to systems, which are then sold to virtual hijacking groups ( ransomware ).
–
Follow Canaltech on Twitter and be the first to know everything that happens in the world of technology.
–
According to the HP report, researchers found evidence of use of this vulnerability up to a week before the release of the fix by Microsoft, including with automation scripts for the flaw being made available on GitHub repositories.
For Alex Holland, senior malware analyst on the HP Wolf Security team, the use of these vulnerabilities is due to the "vulnerability window" they present:
The average time for a company to fully apply, test and deploy duly checked patches is 97 days, giving cybercriminals an opportunity to exploit this 'window of vulnerability'. Previously only highly skilled hackers could exploit this vulnerability, but automated scripts lowered the skill level needed, making this type of attack accessible to less educated and less prepared criminals. This substantially increases the risk to companies as zero-day exploits are sold and made available to the mass market in underground forums and elsewhere.
In addition to using these zero-day flaws, the HP report also detected the following new criminal behaviors:
- Increased use of legitimate cloud and internet providers by cybercriminals to host malware : A recent GuLoader campaign was hosting the Remcos Remote Access Trojan (RAT) on large platforms such as OneDrive in order to avoid intrusion detection systems and bypass by testing whitelists. HP Wolf Security also discovered multiple malware families hosted on social media gaming platforms such as Discord;
- JavaScript Malware Evading Detection Tools : This is a campaign that spreads various JavaScript RATs via malicious email attachments. JavaScript downloaders have a lower detection rate than Office or binary downloaders. RATs are increasingly common, with attackers looking to steal corporate account credentials or cryptocurrency wallets;
- Attack Campaign posing as Uganda's National Social Security Fund : Criminals used typosquatting – a fake address similar to the official domain – in order to lure targets to a website that downloads a malicious Word document. This document uses macros to run a PowerShell script that blocks security logs and bypasses the Windows Antimalware Scan Interface feature;
- With HTA files, malware spreads in a single click : the Trickbot Trojan is now delivered via an HTA file, an HTML application, which deploys the malware as soon as the attachment or file containing it is opened. Since HTA is an unusual file type, it is less likely to be identified by detection tools.
too much data
The HP report, in addition to detecting the above threats, also collected data on the top 2021 cyber attacks. In the process, the study made the following findings:
- 12% of isolated malware in email has gone through at least one gateway scanner, a security solution that analyzes every file entering a server;
- 89% of detected malware was delivered via email, while internet downloads accounted for 11% and other vectors such as removable storage devices for less than 1%;
- Attachments used to deliver malware were mainly miscellaneous files (38%), Word documents (23%), spreadsheets (17%) and executable files (16%);
- The five most common phishing lures were those related to business transactions, such as order , payment , new , quotation , and request ;
- The report reveals that 12% of the malware captured were previously unknown.
Read the article on Canaltech .
Trending at Canaltech:
- Signature recognition for authenticity can now be done over the internet
- What is the temperature of space?
- 10 Friends actors who died and you didn't know
- Virtual creatures use AI to evolve their bodies and overcome obstacles
- NASA Highlights: Astronomical Photos of the Week (10/16 to 10/22/2021)
Read more: https://coinrevolution.com/cybercriminals-are-using-more-zero-day-vulnerabilities-says-survey/
Text source: CoinRevolution
