Beyond SolarWinds, Russian Hackers Target Austin, Texas
… exploiting global interest in a COVID-19 vaccine.
The report shows a slowdown in the explosive growth in attacks seen during the first two quarters of the year as the pandemic picked up steam. Additionally, the number of targeted attacks remained stubbornly high, growing from 63% in the second quarter to 70% in the third quarter.
Social engineering has become relatively less common since the start of the year, according to Positive Technologies. It fell from 67% of attacks against organizations in the first quarter to just 45% in the third.
Yana Yurakova is a Positive Technologies analyst.
“We believe that another interesting feature of this quarter is the increased use of hacking as a method of attacking companies,” she said. “This tactic jumped by 12 percentage points.”
Early in the pandemic, companies hurriedly created processes to enable a remote workforce. This meant bringing more services to the perimeter. This created vulnerabilities.
In addition, systems that organize remote work are themselves subject to known vulnerabilities.
Most surprising is the “callousness” of malicious hackers toward medical workers, Yurakova said.
“Doctors saving lives now need stability more than ever — constant access to information and medical equipment to processing test results,” she said. “Hackers who had promised not to launch attacks on this critical sector instead pursued profit and took a human toll.”
Social engineering attacks have dropped due to “consumers gradually becoming accustomed to the new reality, where the subject of COVID-19 no longer has the same effect,” Yurakova said.
“Criminals keep searching for vulnerabilities in services on the perimeter of corporate systems,” she said. “In this environment, with a pandemic raging and the growth of a remote workforce, many companies have made more services available on the perimeter for the first time. That’s understandable, but a lack of accompanying protection gives hackers more opportunities to do what they do.”
Even low-skilled hackers can search for common vulnerabilities at the perimeter of companies, Yurakova said. And they can sell the access they gain to other criminals willing to go further.
“For companies in the field of information security, the identified trends certainly open up new opportunities,” she said. “They can help companies organize a vulnerability management process and check perimeter security, perhaps with service inventory and penetration testing. All this will minimize the likelihood of hacking attacks and prevent bad news by eliminating weaknesses.”
NSA Warns of Hackers Forging Cloud Authentication Information
The U.S. National Security Agency (NSA) has issued an advisory about threat actors looking to access resources in the cloud by forging authentication information.
The agency provided Microsoft Azure administrators guidance to detect and protect against these threat actors. NSA released the guidance “in response to ongoing cybersecurity events.” That refers to the SolarWinds hack that targeted private and government organizations in at least seven countries.
Brendan O’Connor is CEO and co-founder of AppOmni.
“Risk of third-party applications has always been a concern for security teams,” he said. “The SolarWinds breach is an example of a third-party application inserting a vulnerability into an otherwise secure infrastructure. While the SolarWinds breach occurred in an on-premises environment, third-party apps can also create vulnerabilities in SaaS environments.”
AppOmni’s data shows that, on average, there are more than 42 distinct third-party applications connecting into live SaaS environments within an enterprise. About half of these applications were connected directly by end users, not installed by IT administrators. The typical enterprise has an average of 900 user-to-application connections. This represents hundreds of third-party connections to the data stored in the SaaS environment.
Of those 42 third-party apps, an average of 22 have not been used in the last six months, O’Connor said. And yet they retain the ability to …