Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Defense. Show all posts

Rise in Cyber-Attacks Targeting U.S. Defense Security

 

In the context of a cyberattack campaign, which may be related to the act of cyber espionage itself, it is clear that cyber threats are becoming increasingly sophisticated with each passing. Threat actors are engineering the attacks to target defence contractors in the US and throughout the world. 

There have been several covert campaigns against weapons contractors in Europe over the last few months, which have been detected by researchers at Securonix. The campaign has adversely affected a supplier to the US program to build the F-35 Lightning II fighter plane, which has been identified as STEEP#MAVERICK by Securonix. 

According to the security vendor, the campaign is noteworthy for the overall attention the attacker has paid to operations security (OpSec) and in ensuring their malware is difficult to detect, remove, and analyse.  

The report from Securonix stated, the malware stager used in these attacks used an array of tactics, persistence methodology, counter-forensics, and layers upon layers of obfuscation to hide its code. 

As of late summer, it appears that the STEEP#MAVERICK campaign had started to attack two high-profile defence contractors in Europe as part of its attacks on their facilities. There is a similar trend in spear-phishing attacks that begin with an email that contains a compressed (.zip) file and a shortcut link (.lnk) to a PDF document that purports to describe company benefits, like many spear-phishing campaigns.  

According to SecurityTel, the sample email was sent this month via North Koreas APT37 threat group. 

APT37 (also known as Konni) is a North Korean threat group that was found sending emails earlier this month similar to a scam email they encountered earlier this month during another campaign that involved the North Korean threat group.  

The rising number of cyberattacks is indeed a matter of concern, especially for a department like defence which has access to secrets that require to be guarded with extra caution.  

The security research performed by Black Kite on the top 100 defence contractors, showed that 32% of them are having security flaws that can cause ransomware attacks. The major reasons for these defence contractors to be vulnerable to ransomware attacks include leaked credentials, lack of secure personal data management, etc, as per the research.

Threat Actors are Employing Blended Attack Technique to Target Organizations

 

Threat actors are constantly evolving and are industrializing their toolboxes to remain one step ahead of defenses and stay off the radar. To counter those threats, companies need to have a better understanding of the new attacker toolbox and employ solutions that take a more holistic view of defense. 

In recent assaults, it is evident that threat actors are employing a blended attack approach where tools and methodologies aren’t easily detected by traditional and point perimeter defenses. Some examples of these blended attacks could look like:

Uniformed attack patterns

In this method, threat actors will choose one credit union and use that knowledge to target other credit unions with a similar tech stack. This is possible because so many organizations use the same software and are thus vulnerable to the same flaws. 

Waiting game 

Attackers play a waiting game because they only need to win once in order to have a successful attack. Cybercriminals can progressively develop an attack over days and weeks by poking around the edges of an organization to see what the thresholds are. In a second phase, they will meter their attack to come in under that threshold and go after high-profile assets. 

Bluffing technique 

Attackers employ a bluffing method by gaining the attention of the firm’s security team with a DDoS assault and then perform the actual assault against other assets. Most firms find it difficult to cope with these mixed-mode attacks because they are left vulnerable on every front of their defense system. The situation becomes more difficult when organizations rely on outdated defense strategies and point products that focus on blocking a single variant of an automated attack. These tools were developed to do one thing and aren’t cutting it anymore. It is time for organizations to take a new approach or suffer the consequences of outdated defense strategies. 

Modern threats need modern solutions 

To protect themselves, organizations need to adopt a multi-defense approach because if any firm is relying on one defense mechanism, then it will be exposed. Organizations can employ a defense in depth (DiD) strategy which helps in shielding systems and data from cyber assault. In this approach, there are multilayers, and if one defense fails, another is there to block an assault. This intentional redundancy creates greater security and can protect against a variety of attacks.

Additionally, it is important to think like an attacker because it is imperative to remain proactive than reactive and ensure attackers are both identified and tracked, even if their IP or identifying traits morph. This approach enables adaptive coercion and action by which attackers systematically confront both human and non-human attackers and understand their intent. These actions include blocking entities, querying, or tarpitting suspicious traffic. 

The nature of cyber threats has evolved over the years but so has cyber security defenses. It is essential that organizations rely on defenses that offer solutions to the modern problems they face. The best way to become an easy target is to remain static by using outdated defense techniques.