{"id":88526,"date":"2023-03-20T18:48:00","date_gmt":"2023-03-20T18:48:00","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4052797"},"modified":"2023-03-20T18:48:00","modified_gmt":"2023-03-20T18:48:00","slug":"becs-double-in-2022-overtaking-ransomware","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88526","title":{"rendered":"BECs double in 2022, overtaking ransomware"},"content":{"rendered":"<div id>\n<p> A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. <\/p>\n<\/div>\n<div id>\n<figure id=\"attachment_4052820\" aria-describedby=\"caption-attachment-4052820\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4052820 size-article\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/03\/becs-double-in-2022-overtaking-ransomware.jpg\" alt=\"This illustration shows an unlocked lock over a person at a keyboard.\" width=\"770\" height=\"539\"><figcaption id=\"caption-attachment-4052820\" class=\"wp-caption-text\">Image: Adobe Stock<\/figcaption><\/figure>\n<p>Cybersecurity defenders peering into the fog hoping to catch a glimpse of the next threat might be staring too hard at artificial and other sophisticated vectors. At least in the short term, low-code attacks are king, specifically <a href=\"https:\/\/www.techrepublic.com\/article\/cybersecurity-bec-attack-mimics-vendors\/\">business email compromise<\/a>.<\/p>\n<p>New research by the <a href=\"https:\/\/www.secureworks.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Secureworks<\/a> Counter Threat Unit suggests the attackers are, by and large, using simple means to exploit a tried-and-true <a href=\"https:\/\/www.techrepublic.com\/article\/persistent-social-engineering-vulnerabilities\/\">social engineering<\/a> opportunity: People aren\u2019t, in the digital sense, washing their hands and singing \u201chappy birthday\u201d for 20 seconds.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/article\/zero-trust-authentication\/\">Explore how zero trust can be applied to email and other credentials<\/a> (TechRepublic)<\/strong><\/p>\n<p>Jump to:<\/p>\n<h2 id=\"BECs\">Phishing the leading BECs exploit, with big drop in ransomware<\/h2>\n<p>The firm took a hard look at its own remediation data from some 500 exploits between January and December last year to get insights. Among other things, the researchers discovered that:<\/p>\n<ul>\n<li>The number of incidents involving BECs doubled, putting ransomware in second place for financially motivated cyberthreats to organizations.<\/li>\n<li>Phishing campaigns drove growth in BEC, accounting for 33% of incidents where the initial access vector could be established, a near three-fold increase compared to 2021 (13%).<\/li>\n<li>Vulnerabilities in internet-facing systems represented one third of attacks where instant account verification could be established.<\/li>\n<li>By contrast, ransomware incidents fell by 57%, but remain a core threat, per the firm, which said the reduction could be due as much to a change in tactics as it is to increased law enforcement after the <a href=\"https:\/\/www.techrepublic.com\/article\/colonial-pipeline-ransomware-group-using-new-tactics-to-become-more-dangerous\/\">Colonial Pipeline<\/a> and <a href=\"https:\/\/www.techrepublic.com\/article\/kaseya-supply-chain-attack-impacts-more-than-1000-companies\/\">Kaseya<\/a> attacks.<\/li>\n<\/ul>\n<p>The report found weaknesses in cloud-facing assets, noting that fundamental security controls in the cloud were either misconfigured or entirely absent, \u201cPotentially because of a rushed move to cloud during COVID-19,\u201d the firm said.<\/p>\n<p>Push bombing is also on the rise. This is an attack to obtain multi factor authentication from victims through target fatigue after multiple access requests. Threat actors don\u2019t have to find zero day vulnerabilities; they\u2019re able to exploit common vulnerabilities and exposures, such as Log4Shell and ProxyShell.<\/p>\n<h2 id=\"Visibility\">Companies need to up their visibility game<\/h2>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>Secureworks recommends that organizations boost their ability to detect threats across their host, network and cloud environments. The firm suggests doing this by, among other things, employing centralized log retention and analysis across hosts and network and cloud resources. It also endorses reputation-based web filtering and network detection for suspicious domains and IPs.<\/p>\n<p>Mike McLellan, director of intelligence at Secureworks, noted that BECs are relatively easy to launch, and attackers don\u2019t need major skills to phish multiple organizations with a big net.<\/p>\n<p>\u201cAttackers are still going around the parking lot and seeing which doors are unlocked,\u201d said McLellan, in a <a href=\"https:\/\/www.secureworks.com\/about\/press\/business-email-compromise-doubles-in-2022\" target=\"_blank\" rel=\"noopener noreferrer\">statement<\/a>. \u201cBulk scanners will quickly show an attacker which machines are not patched.\u201d<\/p>\n<p>He asserted that internet-facing applications need to be secure or risk giving <a href=\"https:\/\/www.techrepublic.com\/article\/crowdstrike-attackers-cloud-exploits-data-theft\/\">threat actors<\/a> access to an organization. \u201cOnce they are in, the clock starts ticking to stop an attacker turning that intrusion to their advantage,\u201d he said. \u201cAlready in 2023, we\u2019ve seen several high-profile cases of post-intrusion ransomware, which can be extremely disruptive and damaging.\u201d<\/p>\n<p>A recent <a href=\"https:\/\/www.techrepublic.com\/article\/cloud-security-tools-trees-problem\/\">Palo Alto Networks study<\/a> reported that only about 10% of respondents couldn\u2019t detect, contain and resolve threats in less than an hour. In addition, 68% of organizations were unable to even detect a security incident in less than an hour, and among those that did, 69% couldn\u2019t respond in under an hour.<\/p>\n<h2 id=\"Exploit\">Nation-state players actively using pen-testing exploit<\/h2>\n<p>Secureworks found that hostile state-sponsored activity increased to 9% of analyzed incidents, up from 6% in 2021. Furthermore, 90% were attributed to threat actors affiliated with China.<\/p>\n<p>Cybersecurity firm WithSecure recently <a href=\"https:\/\/labs.withsecure.com\/publications\/silkloader\" target=\"_blank\" rel=\"noopener noreferrer\">reported<\/a> intrusions looked like precursors to ransomware deployments. Specifically, WithSecure discovered a beacon loader for the penetration tester <a href=\"https:\/\/www.techrepublic.com\/article\/sliver-offensive-security-framework-increasingly-used-by-threat-actors\/\">Cobalt Strike<\/a>, often used by attackers. The loader leveraged <a href=\"https:\/\/www.techrepublic.com\/article\/dll-sideloading-cve-attacks-threat-landscape\/\">DLL side-loading<\/a>, which it is calling SILKLOADER.<\/p>\n<p>\u201cBy taking a closer look at the loader, we found several activity clusters leveraging this loader within the Russian as well as Chinese cybercriminal ecosystems,\u201d said the firm in its report on the exploit.<\/p>\n<p>Also, nearly 80% of attacks were financially motivated, potentially connected to the Russia\/Ukraine conflict, disturbing cybercrime supply chains by the likes of the <a href=\"https:\/\/www.techrepublic.com\/article\/conti-reforms-into-several-smaller-groups-are-they-now-more-dangerous-than-ever\/\">Conti ransomware<\/a> group.<\/p>\n<p>\u201cGovernment-sponsored threat actors have a different purpose to those who are financially motivated, but the tools and techniques they use are often the same,\u201d said McClellan.<\/p>\n<p>\u201cFor instance, Chinese threat actors were detected deploying ransomware as a smokescreen for espionage. The intent is different, but the ransomware itself isn\u2019t. The same is true for the IAVs; it\u2019s all about getting a foot in the door in the quickest and easiest way possible, no matter which group you belong to.\u201d<\/p>\n<p> <!-- default newsletter at the end --> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. Image: Adobe Stock Cybersecurity defenders peering into the fog hoping to catch a glimpse of the next threat might be staring [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":88527,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,788,783,56,113,202,287],"tags":[],"class_list":["post-88526","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloud-security","category-cloudsync","category-cybersecurity","category-phishing","category-ransomware","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88526"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88526\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88527"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}