Ransomware, BEC, ICS Top Midyear Security Concerns

  /     /     /  
Publicated : 22/11/2024   Category : security


Ransomware, BEC, ICS Top Midyear Security Concerns


Business email compromise, ransomware, and industrial control attacks were among top security concerns in the first half of 2017.



Business email compromise (BEC) attacks and SCADA vulnerabilities are two top concerns among security experts thinking back on the first half of 2017. Threat actors have begun to rely on time-tested strategies to launch simple attacks and trick businesses out of billions, according to a report released today by Trend Micro.

BEC attacks caused $5.3 billion in global losses from 2013 to 2017, cites Trend Micro in its 2017 midyear roundup, The Cost of Compromise. The report reviews data and trends from security events to give a recent picture of the threat landscape.
Experts noticed a resurgence of old BEC techniques as attackers turn to social engineering to trick their victims. The most frequently spoofed executive in these attacks is the CEO, followed by the managing director. Fraudulent emails typically go to heads of finance.
The typical fake email comes from the CEO and the typical forged recipient is the CFO, says William Malik, VP of infrastructure strategies at Trend Micro. These emails are tricky because they bypass automated tools installed to trap BEC attacks, he adds. They dont watch for rogue processes on systems or rely on knowledge of unpatched vulnerabilities.
Its good old social engineering, Malik adds. The statistically most likely scenario involves a fake email from the CEO to the CFO requesting a favor, which usually involves the transfer of funds. Common words and phrases associated with BEC emails include acquisition, contract, instructions, invoice, request, and swift response needed.
BEC attachments have traditionally been executable files but these are usually flagged and recipients are discouraged from clicking them, diminishing the likelihood of a successful attack. Cybercriminals are working around this by using HTML pages for phishing attachments.
Industrial threats and ransomware  
Malik says its somewhat worrying to see attackers more frequently targeting supervisory control and data acquisition (SCADA) systems. Researchers found SCADA vulnerabilities increased from 34 in the second half of 2016 to 54 in 2017.
In a research paper Rogue Robots: Testing the Limits of an Industrial Robot’s Security, experts saw more than 83,000 exposed industrial routers and 28 exposed industrial robots via search engines including Shodan, ZoomEye, and Censys. Researchers found attacks on industrial robots in smart factories can cause the robot to move inaccurately and lead to workplace defects.
Financial motivation is the primary driver for these attacks. Threats to SCADA and industrial control systems put major entities, like power plants, at risk and the cybercriminals behind them are usually seeking ransom from large organizations, says Malik.
Monetary gain will drive attacks outside industrial systems. When asked about his top concern for the end of 2017 and beginning of 2018, he answers ransomware without hesitation.
The successes the bad guys have achieved using ransomware to date are so staggering, I just see that continuing in an upward trajectory, he says. Business email compromise is, in its nature, a single transaction - one company, one executive, one crime. Ransomware is the one thats going to have large numbers of people concerned; large numbers of enterprises potentially harmed.
Given the success of WannaCry and NotPetya, Malik expects more incidents of this volume. The people doing this are in for the money and if they have an effective weapon that hasnt been countered, theyre going to fire it again, he says. Attackers will continue to exploit old vulnerabilities, as recently seen in the catastrophic Equifax breach.
How to prepare your team
Malik advises conducting a security assessment to check how your employees might respond to an incident. He poses the following situation: if a member of your security team noticed someone making a security error, how would they answer the following questions:
Would they know if it was wrong?
Would they report it?
If they picked up the phone, would they know who to call?
If the answers are yes, yes, and yes, youre in good shape, he says. Its the tone at the top that sets the stage for how security incidents are properly logged. If people arent aware of what might be considered risky behavior, or hesitate to report it, the business is in trouble.
Technology has never in human history been able to correct an organizational or management failure, Malik adds.
Related Content:
7 Tips to Fight Gmail Phishing Attacks
Equifax Data Breach Prompts Calls For Tougher Security Requirements On Data Aggregators
Why Relaxing Our Password Policies Might Actually Bolster User Safety
Microsoft: Ransomware Decline Reversed in March 2017

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomware, BEC, ICS Top Midyear Security Concerns