By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
A BeyondTrust report and an CISA, FBI, and NSA alert on ransomware threats; and a Juniper Research study about robocalls highlight a roundup of cybersecurity analyses.
BeyondTrust Labs Analysis of Ransomware and Phishing Trends
Atlanta-based BeyondTrust, which provides privileged access management, in its BeyondTrust Labs Malware Threat Report 2021 found malware-as-a-service (MaaS) and human-operated ransomware campaigns continue as a major cybersecurity threat. This research provides insights and analysis into threats and privileged account misuse on Windows devices across the globe based on real-world monitoring and analysis of attacks discovered in the wild by the BeyondTrust Labs team between the first quarters of 2020 and 2021.
The research also dives into reoccurring threat themes and maps out tools, techniques, and procedures using 58 techniques in the MITRE Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) Framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, reflecting the various phases of an adversary's attack lifecycle and the platforms.
“For decades, enterprises have made significant investments in security solutions in an attempt to strengthen their cyber defenses,” said James Maude, lead cybersecurity researcher at BeyondTrust. “Many of these investments have proven to be ineffective, particularly with changes brought on by the pandemic. Security perimeters have dissolved, creating an exponential growth in attack surfaces, and rendering network monitoring and firewall technologies less effective. Endpoint privilege management solutions enable enterprises to reduce their attack surfaces, while gaining greater control over their digital infrastructure.”
Key report findings:
· Absent the right protection, malware will disable endpoint security controls and undermine security investments.
· The use of native tools to perform fileless attacks in the initial stages of attack is a growing trend, enabling attackers to gain a strong foothold by establishing a persistence mechanism with security controls disabled.
· The MITRE ATT&CK Framework effectively distills a wide range of malware strains and cyberattacks into mitigatable component techniques.
· BeyondTrust Privilege Management for Window’s out-of-the-box policies proactively disrupted all 150 different, common attack chains tested.
· Removal of admin rights and implementation of pragmatic application control are two of the most effective security controls for preventing and mitigating the most common malware threats.
The report noted while ransomware has clearly evolved, the fundamental needs to execute code and leverage privileges have largely remained consistent. Whether it is ransomware hitting a single endpoint, or a sophisticated, tailored attack, the benefits of proactively reducing attack surfaces by removing admin accounts and controlling application execution are highly effective.
BeyondTrust pointed out threat actors work ceaselessly to evolve its operations and have matured significantly over the past year. Also observed is that a ransomware attack can be comprised of multiple threat actors, tools and platforms. And as threat actors seek to maximize the disruption to organizations and extract the highest ransom payments, the ransomware model is shifting towards human-driven, enterprise-wide attacks.