Page 56 - Cyber Defense eMagazine for September 2020
P. 56
This data clearly shows that HTTPS inspection and advanced behavior-based threat detection
and response solutions are now requirements for every security-conscious organization. Many IT
and security teams are unenthusiastic about setting up HTTPS inspection because it requires
extra work with certificates on individual endpoints – it’s not just a feature within security tools that
can be switched on and off. HTTPS inspection can also slow down the throughput of some
network security tools, so some organizations aren’t able to maintain high network speeds while
inspecting encrypted traffic. While I’m sympathetic to these concerns (especially for midmarket
businesses with limited IT and security expertise), letting this traffic though a firewall without
inspecting it is no longer a safe option and there are network security platforms that offer HTTPS
inspection while maintaining good network speeds. Given the magnitude of the threat, the only
reliable approach to defense is implementing a set of layered security services that include
advanced threat detection methods and HTTPS inspection.
2. COVID-19 Impacts Security in a BIG way. Q1 2020 was only the start of the massive changes
to the cyber threat landscape brought on by the COVID-19 pandemic. Even in just these first three
months of 2020, we saw a dramatic rise in remote workers and attacks targeting those individuals.
Phishing attempts increased, and the greater number of employees operating outside the
traditional network perimeter led to more attacks aimed at remote desktop technologies. We
strongly recommend that all organizations follow phishing best practices and make sure to secure
remote access technologies by requiring employees to use a mobile VPN and not exposing
services to the internet that shouldn’t be. Additionally, companies should deploy secure MFA as
an additional protection layer against password-based attacks.
3. Cryptominers are on the rise. Five of the top ten domains (identified by our DNS filtering service)
distributing malware either hosted or controlled Monero cryptominers. This sudden jump in
cryptominer popularity could simply be due to its utility; adding a cryptomining module to malware
is an easy way for online criminals to generate passive income.
4. Flawed-Ammyy and Cryxos malware grow in popularity. The Cryxos trojan was third on
WatchGuard’s top-five encrypted malware list and also third on its top-five most widespread
malware detections list, primarily targeting Hong Kong. It is delivered as an email attachment
disguised as an invoice and will ask the user to enter their email and password, which it then
stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support
software to gain remote access to the victim’s computer.
5. Ancient Adobe vulnerability surfaces as top network attack. An Adobe Acrobat Reader
exploit that was patched in Aug. 2017 has appeared in WatchGuard’s top network attacks list for
the first time. This vulnerability reappearing several years after being discovered and resolved
illustrates the critical importance of regularly patching and updating systems.
6. Attackers use reputable domains to launch spear phishing attacks. Three new domains
hosting phishing campaigns appeared as top attacks. These domains convincingly impersonated
digital marketing and analytics product Mapp Engage, online betting platform Bet365 and an
AT&T login page (this campaign is no longer active at the time of the report’s publication).
Cyber Defense eMagazine – September 2020 Edition 56
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
