Moving up the Cyber Ladder: How Hackers are Chaining Vulnerabilities
Managing vulnerabilities is a critical part of cybersecurity, but it can be a challenge to properly secure every potential access point against a possible attack, leading some security teams to focus on patching their highest priority vulnerabilities. But what happens when lower-priority vulnerabilities are exploited in tandem? An informative article appearing in Cyber details the danger of hackers “chaining vulnerabilities,” and how they can use less secure entry points for a potent cyber attack. Chaining vulnerabilities work by malicious actors entering a network via a simple access point (say a bottom-rung employee’s email account) to gain access to a company’s critical assets, where these actors then target medium-level vulnerabilities (such as a company’s LLMNR, which can be used to identify employees who have not authorized their network to parse whether information sent to them is genuine), thereby ‘chaining’ these vulnerabilities together to move up the ladder of importance. By using each lower vulnerability to gain access to a higher vulnerability, actors can compromise entire environments with ransomware or other nefarious plans through a process that may have begun with an intern opening the wrong email. Attacks like these are proof that in cybersecurity, nothing should be left unsecure.
Cyber CONtrol: How Hackers Are Using Social Engineering and “DeepSea” Phishing to Orchestrate the Newest Cyber Scams
With basic tech literacy becoming more accessible and the cybersecurity industry growing, malicious actors are becoming more sophisticated in their attempts to separate targets from their valuable information. Two articles posted this week highlight two areas in which hackers have stepped up their game: social engineering and “DeepSea” phishing.
A guest article written by Michael Animov for The Last Watchdog details what he terms next-gen or “DeepSea” phishing, and how best to counter these attacks. Animov explains that DeepSea phishing distinguishes itself from previous phishing schemes by using “novel and rarely seen phishing techniques, often employing several layers of deception in parallel,” with the end result being phishing messages that are nearly indistinguishable from the real thing. He details an instance with the recent attack countered by Perception Point, where email threat detection systems were bypassed by malicious links featuring an irregular URL structure that automatically led users through an eminently presentable (but fraudulent) Multifactor Authentication (MFA). Another example of how advanced DeepSea phishing is comes in the form of “Spear Phishing,” where hackers comb through a target’s social media to make a phishing attempt more legitimate.
This focus on the personalization of hacking ties into one of the sharpest weapons in a hacker’s toolkit: social engineering. Featured in Dark Reading, John Hammond’s article on social engineering dives into how expertly fabricating personalities has allowed hackers to complete scams with their targets doing most of the work. While previously, social engineering relied on a hacker’s ability to manipulate a victim with convincing language and their own cunning, recent programs have allowed hackers to supplant their skills with technology. Utilizing free software like “This Person Does Not Exist” and “Fake Name Generator” to attain computer-generated images and backstories for these personas, malicious actors are able to craft believable personas for deception more easily than ever before.
This combination of personalization and advanced tech has made this new generation of phishing attacks a real challenge to counteract. Fortunately, both articles provide helpful tips for dealing with these problems.
Extolling the virtues of new, adaptive cybersecurity tools that can counter new and emerging threats, Animov advocates adopting next-generation cyber solutions to deal with next-generation phishing attacks. These include image and language recognition tools that identify impersonation techniques, cloud-native design which is easily scaled and automated, and no-code services, which are “easily adaptable packages of pre-written code which save R&D specialists time creating threat responses, allowing them to focus more on creative, pre-emptive solutions.” Hammond’s solutions rely less on tech and more on thorough vetting and common sense to prevent a possible attack. Programs like This Person Does Not Exist produce images that may look genuine, but a closer look at these ‘people’ will often reveal inconsistent symmetry, unusual eye contact, and bizarre background figures. Moreover, technology used to create fake backstories does not mean this information will be corroborated by genuine institutions, as a simple call to a stated place of business should often be enough to deduce whether a person actually works for who it says on their LinkedIn.
While cybersecurity tech may be evolving to combat advanced scamming techniques, human intuition will always play an integral part in the fight against malicious actors.
New Threats and Botnets: ICS Targeting
While the previous two stories focused on new attack methods and technology that hackers have used to scam people and organizations, events this week have highlighted the reality that the new generation of hackers are not only using new methods to commit cybercrime, they are also focusing on new areas of attack.
Industrial Control Systems (ICSs) are the industrial technologies used to automate and control industrial processes. They include everything from Programmable Logic Controllers (PLCs) to Human Machine Interfaces (HMIs). Their ability to automate complex tasks for large-scale industry make them an integral part of Critical Infrastructure, yet for many years they were largely ignored by malicious actors in favour of more noteworthy and ubiquitous targets. This is changing in recent times, as new threat actors are beginning to target ICSs.
Writing in Bleeping Computer, Bill Toulas reports that a password-cracking software advertised on social media has been secretly creating a P2P botnet to compromise PLCs and HMIs. When users download this software, malware known as Sality is also surreptitiously installed. As described by Toulas, Sality’s evolutionary capabilities allow it to “terminate processes, open connections to remote sites, download additional payloads, or steal data from the host,” which makes it uniquely well-suited to target systems like ICSs that oversee important automated tasks. This targeting may mean that ICSs are no longer too obscure for cybercriminals, and the need to protect ICSs from attackers will become incredibly important as the likelihood of increased attacks and interruptions to industrial operations is on the horizon.
COMMENTS