During the last few years, we are continuously stepping towards the digital platform, and the usage of digital devices has increased rapidly. More and more organizations are drifting towards using digital products and services and storing the data on the server; as a result, the attack surface of the organization is increasing rapidly. The threat landscape has increased drastically in the last few years in a manner that has been challenging for enterprises to manage, understand and predict.
Phishing- It is basically trapping a victim in the net. In this, the attackers send malicious links to victims by using email, and whenever the victim opens the mail, he may be redirected to a legitimate-looking website that actually is malicious, and the victim may end up exposing his sensitive information. So, it is one of the ways of getting financial gain. The only weakness here are humans because they are not able to identify phishing links. According to a study, 30% of phishing messages were opened by users, and 13% of them went on to click on the malicious links. Another form of Phishing is Vishing. An attacker calls the victims and asks for their sensitive or confidential information such as credit card details, OTPs, bank account details, etc. The most prominent example of Vishing is the infamous Jam Tara attack, where most of the teenage boys would fake their voices and call random numbers to gain sensitive information. Another example of Phishing is Spear phishing which is targeted phishing in which the target is specific from whom the sensitive information is to be obtained.
Ransomware- Ransomware is a PC, Mac, or mobile device-based malicious software that encrypts a user’s files and threatens them to pay a ransom to the attacker to get back their data in the form of cryptocurrency such as bitcoin, Litecoin, Ripple. Monero etc. Ransomware does not only encrypt the files on a workstation but also travels across the network and encrypts the files located in network drives.
- Email Vector- The easiest way to target a victim is by sending the malicious email with multiple extensions to hide the true nature of the received file, which is a ransomware file, and the users install it unknowingly.
- Drive-by-Download- Another way of ransomware installation is drive-by-download when a user visiting a compromised website or by using an old browser or software plugin or an unpatched software application that can infect a machine
- Free Software Vector- People generally like to install the accessible version of a piece of software. The attackers take advantage of this vulnerability and send ransomware in this software which will eventually evade the firewall and get installed in the victim’s system.
- Remote Desktop Protocol- Another common way of infecting networks is a remote desktop protocol which is used for remotely logging into windows machines, which typically uses 3389 port numbers, so attackers take advantage of this vulnerability spreads malware within a network.
- Restore from a backup point
- Decrypt the file
- Do nothing
Stuxnet, a computer worm discovered in 2010, was one of the most mysterious cyber-attacks in which it primarily focused on Siemens Industrial software based on Microsoft Windows. The computer worm infected computers at the nuclear reactor and led to a delay in the launch of Iran’s first nuclear power plant.
Threat Mitigation Strategies
Today’s threat landscape is emerging out to be at higher stakes than ever before. Security threats are emerging at an unimaginable rate, and security professionals are often wandering as the threat landscape is changing around them quite frequently. There are many strategies and tools that these enterprises can use to gain a better understanding of the modus operandi of these attackers.
Below are some of the mitigation strategies that these organizations can use to deal with the threats
• Research and familiarization with the standard attack patterns and indicators of compromise for a similar organization.
• Usage of end-point solutions in the organization
• Usage of different security devices in the infrastructure such as IDS/IPS, AV, DLP, etc.
• Threat Intelligence is also an essential method for real-time monitoring of the threats and gathers intelligence about the threats to prevent upcoming attacks.