'Low-hanging fruits', you're high on the list of hackers

Dubai - It's becoming more expensive for bad guys to penetrate software

With the cost of circumventing security measures increasing, hackers targeted "low-hanging fruit" or low-cost attack methods with potentially high returns in 2017.
For instance, as software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to successfully penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing e-mail.
Every year, Microsoft collects security and threat intelligence from its global network and compiles the trends into a 'Security Intelligence Report' which gives an insight into the threat landscape and guidance on remedial measures.
 
Botnets
Botnets were a big area of concern in 2017. Bots are programmes that allow attackers to infect and take control of computers. Botnets continue to impact millions of computers globally, infecting them with old and new forms of malware. Cyber-criminals are continuing to infect computers and engage in botnet activity with the intention to have a large infrastructure that they can mine for sensitive data and extort its victims, as is the case with ransomware.
"On November 29, 2017, Microsoft's Digital Crimes Unit tackled a leading botnet that had infected more than 23 million IP addresses: Gamarue. It is known in the underground cybercrime market as the Andromeda bot. Like many other bots, Gamarue was advertised as a crime kit that hackers can purchase," observes Ann Johnson, vice-president of enterprise security at Microsoft.
Microsoft still continues to collaborate with public and private industry partners to identify affected devices through the Microsoft Digital Crimes Unit to accelerate the remediation process.
 
Phishing
Another trend in 2017 was how hackers focused more on "low-hanging fruit" methods such as social engineering as opposed to costlier (in terms of time and effort) methods like trying to circumvent security measures. They targeted infrastructure and apps used by organisations and consumers, with the intention of infecting computers and gaining access to sensitive data such as credentials.
For instance, Microsoft Office 365 detected a significant volume of phishing-based e-mail messages at the end of the year 2017. Phishing was the No.1 threat vector (more than 50 per cent) for Office 365-based e-mail threats in the second half of calendar year 2017.
"Phishing usually involves e-mails that send us down the wrong path with the ultimate goal of stealing our personal information. Phishing has evolved, no longer is it readily recognisable. Phishing mails impersonate popular brands such as Microsoft, Apple, Amazon, popular courier services such as FedEx, DHL and UPS or banks and government services," says Johnnie Konstantas, senior director of marketing communication for enterprise security at Microsoft.
Phishing can take many shapes: e-mail links and attachments, domain spoofs, user or domain impersonation. Humans are often called the weakest link in cybersecurity, but with the right training and education, they can also be the first line of defence.
"An employee that spots and reports a suspicious e-mail could head off an extensive phishing campaign. Organisations can perform mock phishing exercises and can consider hiring third-party experts for security awareness training, including education on phishing," Johnson adds.
Multi-factor authentication, use of anti-virus and modern operating systems can strip phishes out of the inbox. The application of machine learning allows to spot malware and detect them quicker. The malicious site is blocked at the Web browser.
 
Cloud security
Cloud app adoption is rising to support business productivity, but a lack of security infrastructure could be inadvertently compromising data. Poorly-secured cloud apps can be low-hanging fruit for attackers. Organisations should have a solution in place to have visibility into and control over all cloud apps usage.
"Customers must follow the basic guidance to protect their computers by enabling a firewall, installing antivirus software and getting software updates [on-premise and cloud-based security updates]," says Konstantas.
 
Ransomware
The third most common form of cybercrime in 2017 was ransomware. It is a popular method used by cybercriminals to solicit money from victims. Ransomware infects and encrypts files (and sometimes entire disks) to prevent access until a ransom is paid.
Ransomware made a big impact in 2017, bringing down critical services such as hospitals, transportation and traffic systems. WannaCry, BadRabit, Petya/NotPetya were a few of the devastating ransomware families responsible for the 2017 attacks. Asia witnessed the most ransomware attacks in 2017, with the highest ransomware encounter rates felt in Myanmar (0.48 per cent), Bangladesh (0.36 per cent) and Venezuela (0.33 per cent).
"The importance of backing up files to be able to recover in case of a ransomware attack cannot be overstated. Also, be sure to regularly test that the backups are working. Advanced threat protection that applies machine learning and artificial intelligence technologies to evaluate files to be able to detect suspected malware can help. If some computers cannot be patched or updated with the latest software, to minimise the footprint of exposure to a ransomware attack and infection, isolate or retire those computers," warns Konstantas.
- deepthi@khaleejtimes.com