What do new vulnerabilities, your supply chain, and spear-phishing all have in common?
Well, for one thing, these are all topics which security researchers covered in the most recent GTIC Monthly Threat Report but, truth be told, that’s only part of the story.
Let’s start with spear-phishing, the single most popular method threat actors use to gain a foothold in a target’s supply chain. This method continues to be overwhelmingly popular because it exploits the greatest potential threat in any organization – the human component.
If your organization is a supplier for another company further down the line, threat actors may target you to achieve their ultimate goal – compromising the actual target through their supply chain.
On the flipside, this makes it all the more crucial for your organization to understand the actions and mitigations companies in your supply chain take to protect your interests.
Threat actors – be it a 15-year-old in his parents’ basement, or a hacking team embedded as part of a nation-state’s intelligence apparatus – will use a variety of methods to entice your employees, contractors and vendors to open phishing emails, click on malicious URLs, run malicious scripts, and wire funds to unknown accounts.
But as researchers found in May of this year, very often these phishing emails will take the form of malspam (i.e. malicious spam). Spam email is just ‘junk’ email – it’s not nefarious, but it’s also unimportant, often delivered to your email inbox without your consent.
Malicious spam, or malspam, is different in that the sender’s goal is to convince a user to click on a malicious URL or open an infected attachment. And how is this accomplished?
The first step is to get the email past your email filtering solution, and threat actors are becoming increasingly clever at delivering a malspam email past an organization’s email filters and into users’ inboxes. After having achieved success on the technical side, the email itself must also be highly convincing and must appear legitimate and often, time sensitive.
NTT Security researchers recently found that threat actors were leveraging a variety of malware in their malspam campaigns, with Trickbot campaigns detected and identified nearly every day.
Frankly though, if all we had to worry about were malspam emails and spear phishing, protecting our organizations from attacks would be – dare I say it – easy and predictable.
But as we all know, nothing could be further from the realities of our operating environments.
Across the board, patch management policies are fragmented and disjunct, legacy systems find it difficult, if not impossible, to integrate with newer, more advanced technologies, and BYOD policies expand the threat landscape even further.
And what’s worse – new vulnerabilities are discovered every day. Some of those vulnerabilities, such as the Spectre vulnerabilities in Intel chips, are highly problematic, with new variants of the Spectre family (3a and 4) discovered just last month. While easily implemented patches accompany the release of many new vulnerabilities, this is not always the case, and the new Spectre variants fall into the latter category.
And then there are also the BWAINs (Bugs With An Impressive Name), such as EFAIL.
The EFAIL vulnerabilities are a big deal, to be sure, but if an attacker can successfully decrypt your encrypted emails by employing this nefarious decryption method, you have a bigger problem on your hands than just a decrypted email. Somewhere along the line, that attacker has gained access to your email servers, or a user’s credentials, or has figured out a way to eavesdrop on your network traffic.
So, how do you make sense of it all? How do you determine what’s a big deal and what isn’t?
It’s not easy – and anyone who erroneously claims it is easy is not who you want in your corner when you’re dealing with a fight of this magnitude.
With so many attacks, methods, and exploits to defend against, it’s hard to even know where to begin.
Share your security challenges, ask us questions, and learn more about the variety of options we at NTT Security have at our disposal to help you solve your most daunting security problems.
So, what is your most daunting security challenge?
Your most daunting security challenge is selecting the right security partner to help you achieve the cyber resilience you can’t afford to be without.