• Enhanced versions of previously used malware and attack vectors

            Hackers have started to refurbish and use enhanced versions of previously used malware and attack
            vectors.

            One such example is the BlackEnergy malware in Ukraine. Recently, this malware has been upgraded
            (now known as BlackEnergy 3) and sold on the dark web. It now adds the SSH keys of the attacker to
            the  victim's  machine  in  a  list  of  authorized  key  files,  which  then  trusts  the  attacker's  key  to  secure
            communication.  Similarly,  CYFIRMA's  threat  intelligence  algorithm  caught  a  suspected  Vietnamese
            state-sponsored group, OceanLotus, exploiting old vulnerabilities and using existing malware to attack
            opinion leaders, influencers, banks, media houses, real estate agencies, and foreign companies across
            a number of countries , including China, Laos , Thailand, and Cambodia.



            • Emerging and Elastic Attack Surface

            New  technologies  such  as  5  G  Internet  of  Things  (  IoT),  autonomous  critical  infrastructure,  artificial
            intelligence, industry 4.0, cryptocurrency, cloud, virtual reality ( VR), augmented reality ( AR), drones and
            many more have also increased the attack surface.

            CYFIRMA 's  intelligence  research  has revealed new  attack  vectors  such  as  identity theft, fraudulent
            transactions,  asset  theft,  impersonation,  malicious  code  injection,  on-boarding  and  off-boarding  of
            accounts  and  fictitious  applications  that  cyber  criminals  could  use  to  attack  financial  institutions,
            cryptocurrency exchanges, trading platforms and retail organisations.



            • Cyber-criminals will engineer public opinion

            Cyber-criminals are actively involved in changing the social and economic configuration of society by
            influencing  public  opinion,  including  tampering  with  state  elections.  CYFIRMA's  threat  intelligence
            revealed the escalating interests of hackers towards national apparatuses such as government policy-
            making  agencies,  rating  agencies,  and  other  organizations  that  can  influence  decision-making.  The
            overall objective is to bring about social stratification and division.

            The fact that cyber warfare is not physical compared to traditional combat warfare does not mean that it
            can be less harmful. We have already seen evidence of monetary and physical disruption that could
            cause  businesses,  governments  and  civilians  alike,  such  as  the  Sony  Pictures  hack,  the  Ukrainian
            BlackEnergy  attack  on  SCADA  and  Stuxnet.  Government,  businesses,  and  civilians  all  need  to  be
            protected  from  cyber-war  chaos,  and  CYFIRMA's  DeCYFIR  provides  early  threat  detection  and
            containment.

            DeCYFIR  is  a  cloud-based  AI  (Artificial  Intelligence)  and  ML  (Machine  Learning)  platform  for  cyber
            security and threat intelligence.

            DeCYFIR consists of a number of key modules – Threat Visibility and Intelligence, Cyber Situational
            Analytics, Cyber Incident Analytics and Cyber Education.




            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         47
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.