New and Common Cyber Attack Types of 2018

If you’re in charge of, or relevant on the security team for your organization, it’s important to stay on top of what the bad guys are doing. At Ivory Intel we know that understanding your enemy is crucial to strategizing a defense, and thus, want to provide you the intel necessary for you to successfully counter your unknown cyber attackers.



RANSOMWARE


2018 was no stranger to ransomware and is not expected to be any different in 2019. The largest difference between these attacks in 2018 and previous years is the targeted nature of these modern attacks. It’s fair to assume that as cyber security professionals strengthen their security postures, less talented cyber criminals are having less success, however, enterprise cyber criminal groups are gaining reputation and developing more advanced attack types.


RECOMMENDATION


A strong EDR deployment is your best bet against advanced attacks like these. There are several promising tools and providers for this solution. We suggest starting your research here https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions.

At Ivory Intel we of course love our cyber awareness training, and against ransomware, it may be your best defense. Ransomware in almost all forms preys on human ignorance, making a well-trained staff your cheapest, yet most critical defense against ransomware. We have several solutions to make cyber security a part of your culture and train your staff to spot these malicious attacks!


SCAREWARE


Scareware was certainly not invented in 2018, however it became a favorite attack type, preying on fear of privacy and humiliation. Scareware in its most common form is simply a nasty communication to a victim claiming to have access to either a device, or information that would be embarrassing to the victim if the attacker were to release it. The attacker then gives the victim a means of paying the attacker to destroy the data or access. These attacks are very common and very successful even though, in most cases, the suspected access or data stolen is a false threat.


RECOMMENDATION


Due to these attacks typically being fired out at an accuracy by volume rate, the attack is not often targeted, making it easier for spam filters to pick up these nasty attacks. Start your research here https://www.gartner.com/reviews/market/secure-email-gateways and as always, make sure your staff is trained to spot these annoying small attacks.


CRYPTO MINING


You know that cryptocurrency has been all over the news as common examples such as Bitcoin rise and fall in value, but certainly rose tremendously in popularity in 2018. So much in fact, that some have taken to simply using unsuspecting victim’s devices to do their work for them, so that their network performance isn’t affected. This malware payload is typically delivered via a poisoned website the user visits, or through typical social engineering attachment delivery.



RECOMMENDATION


A Strong EDR solution will more often than not prevent this annoyance from being a problem of yours, however monitoring of network devices that monitor performance and bandwidth will help identify spikes in usage which may point to exploits like this.


REPUTATION JACKING


This clever business email compromise attack work around to email security gateways made an appearance in early 2018 and is likely to continue and expand in 2019. Reputation Jacking uses the trusted reputation of cloud providers like Google to mask a malware payload behind a file type typical of trusted cloud storage providers, to pass an attachment through email security, and appear legitimate to the end user. These attacks are most focused on financial services organizations and are difficult to combat.


RECOMMENDATION


Remind your staff that no matter how innocent an attachment or link to another website may look, if it isn’t an expected communication, or from a trusted and recognized address, it’s probably bad news. Training, Training, Training.


FINAL THOUGHTS


Several startup and small cyber security firms ironically are drastically lacking in defensive posture and solutions. Why? Cyber security is always top of mind and each employee has at least a basic understanding of phishing and other similar email based cyber attacks. Bringing this simple cultural strength to all organizations is the vision and mission of Ivory Intel.

The FBI reported that over 90% of attacks enter the network via an email attack, meaning that your users are your largest vulnerability if not properly trained. Ivory Intel has several solutions and programs to keep cyber security top of mind company-wide, and to train your critical users to spot and combat advanced threats.


WHERE DO I START?


https://www.ivoryintel.com/cyber-awareness-training

117 views

Get in touch

Social links

248 Brougham

Ofallon, mo 63368

  • Facebook Social Icon
  • LinkedIn Icon
  • YouTube Social  Icon