Menu
To find
To follow
Share this article
Share this article
Share this article
After several years in which cybercrime for commercial purposes ranked first in cybercrime rankings, last year saw a resurgence of state-directed and state-sponsored intrusion activities aimed at disrupting political enemies and/or generating money for various regimes.
Understanding those occasions provides visibility into the conversion dynamics of adversary tactics and provides insight into what security groups want to know about an increasingly troubling risk landscape. CrowdStrike’s most recent global risk report delves into the foreign cyber risk network. Here are some of the highlights.
Opponents of cyber warfare continue to pay with Russia
Russian state-sponsored attacks have long proliferated in the cyber world. Several opponents of the Russia link have consistently used cyber warfare as a tactic to galvanize instability and steal borrowed data from political enemies. For example, in 2015, Russia-based adversary VOODOO BEAR carried out an attack on Ukrainian force networks, resulting in the loss of warmth and kindness for more than 200,000 citizens.
In the past, Russian risk actors widely used selective phishing emails containing malicious documents or links redirecting to malicious infrastructure. Victim-friendly phishing websites. The basic purpose of those attackers remains the collection of credentials to obtain intelligence and the number one to attack organizations or individuals. Another strategy that Russian cybercriminals have recently implemented is the theft of authentication cookies to prevent multi-factor authentication (MFA) implemented on target networks. This strategy uses the existing LAN and has been used for user accounts with enterprise cloud service privileges.
China’s challenges
Chinese players have long evolved and implemented exploits to facilitate targeted intrusion operations. However, in 2021, there was significant substitution in their favorite growing methods. For years, actors in the China liaison relied on popular exploits that required user interaction, such as opening malicious documents. But in 2021, they have largely focused on the vulnerabilities of internet-connected devices or services.
Recent data shows that in 2021, Chinese cybercriminals paid close attention to a number of vulnerabilities in Microsoft Exchange and used them to unleash intrusions that were opposed by various corporations around the world. China-based venture actors also continue to exploit web routing products such as VPNs and routers and even software products hosted on web-connected servers for infrastructure acquisition and initial purposes. It is transparent that the skill pool continues to thrive within the Chinese hacker community.
Iran multiplies cyber tactics
Ransomware is one of the biggest security threats to businesses.
Since late 2020, several Iranian state-sponsored adversaries have embraced the use of ransomware and “block and leak” operations that have targeted various organizations in the United States, Israel, and the Middle East and North Africa (MENA) region. Leak operations are characterized through the ransomware of criminals to encrypt target networks and then disclose the victim’s information. Knowledge is distributed through leak sites, social media, and chat platforms, allowing those actors to magnify knowledge leaks and conduct multiple operations against target countries.
The use of high-level blocking and leakage operations, as well as more moderate but ubiquitous ransomware activity, provides Iran with an effective ability to disruptively attack rivals in the region and abroad. Given the good fortune of those operations, Iran will most likely continue to use disruptive ransomware until 2022.
North Korean Crypto
North Korea remains one of the top active threats in the cybercriminal ecosystem. Recent studies have revealed that the Democratic People’s Republic of Korea (DPRK) has turned to cryptocurrency-like entities to maintain profit generation due to economic disruptions caused by the COVID pandemic and other sanctions. . One such cryptography-like technique is known as cryptojacking. This is the unauthorized use of a person’s or organization’s computer resources to mine cryptocurrencies. Cryptojacking systems can be malware installed on a victim’s computer through phishing, inflated websites, or other non-unusual strategies. to malware attacks.
Cryptojacking is effective because cryptocurrency mining requires an abundant amount of computing power and electricity. As a result, those risk actors can perform secret malicious cryptomining on other people’s systems, allowing them to reap the rewards without incurring expenses.
new players
This year, intelligence has met two new adversaries sponsored by the governments of Turkey and Colombia. The presence of these new adversaries shows the increase in the attack functions of governments outside of those historically related to cyber operations and underlines that corporations will have to remain attentive to their cybersecurity.
For example, in April 2021, cybersecurity intelligence experts detected Turkey-based adversaries that targeted victim knowledge stored in the Amazon Internet (AWS) cloud environment. Threat actors have effectively compromised the AWS environment through stolen credentials.
It is clear that old and new adversaries are constantly looking for new tactics to circumvent security measures and provoke initial infections. That’s why it’s important for organizations to stay on the smartest and newest risk intelligence and implement the highest quality cybersecurity responses that can protect the business well from existing or long-term attacks.
Zeki Turedi is EMEA CTO at CrowdStrike
Previous Post
Next article
Five threats to the security of your knowledge
Next article
Share this article
Receive in your inbox
Receive in your inbox
Website by Digital Si