Amidst concerns over cybersecurity and emergent threats, it can be easy to hope the threats of yesterday are dealt with, known threats will continue to operate as they always have, and new threats will not suddenly emerge or evolve. Unfortunately, this is not the way security or bad actors work. Bad actors consistently alter their tactics and evolve, while also being more than happy to make use of both emergent vulnerabilities and known vulnerabilities which targets have not patched.
In the spirit of this, GTIC researchers took a close look at the continued evolution of threats – old, new, and emergent – for September’s GTIC Monthly Threat Report. Over the past month, researchers looked at bad actors continuing to largely target vulnerabilities which have been patched or mitigated years ago, the emergence of thousands of variants of WannaCry, the evolution of a Mirai variant, and the release of a vulnerability in a popular internet forum software package.
GTIC researchers took a deep dive into NTT’s datasets to look at threats facing the manufacturing sector in August and September 2019. Manufacturing has consistently been one of the most targeted industries, and we expect attacks against manufacturing to continue to evolve over time. However, as of right now, 89% of detected exploit attempts have focused on five known vulnerabilities which all have patches in place.
The good news of that targeting is that, by simply patching those five highly targeted vulnerabilities, organizations in the manufacturing industry can largely resolve most exploit attempts targeting them at this time.
Likewise, over one million computers remain at risk of infection by WannaCry, even though the ransomware first burst onto the scene in 2017. Since then, close to 13,000 additional variants of the ransomware have emerged and continue to spread. These WannaCry variants continue to exploit the same vulnerability as the original ransomware variant and rely on users not patching their systems.
In the monthly, GTIC researchers introduce insightful new research into the Mirai variant dubbed ECHOBOT. Since the first ECHOBOT sample was discovered in February 2019, the malware has continued to evolve almost monthly as its operator(s) have continued to add additional exploits to its arsenal.
We also take a look in the September Monthly Report at a new vulnerability affecting the vBulletin internet forum software package. The exploit is straight-forward for bad actors to use to start mass-scanning and exploitation attempts.
Fortunately, it is not just bad actors who can evolve. NTT can both track threats in real time and recommend preventative measures, such as in the September 2019 Monthly Threat Report, available now.
You can read more about GTIC’s research into the current evolution of threats at the September 2019 GTIC Monthly Threat Report. Read it here.