If you are a cybercriminal looking to make serious money in 2018, where are you looking?
This question is on the top of a lot of many security experts’ minds as we roll into Q2 of 2018. And many experts are noticing chatter on the Dark Web (that part of the web where hackers and criminals go to sell stolen identities and find out about better ways to hack into businesses) discussing where the best security vulnerabilities lie.
These criminals seem to stick their heads out a little to create and identify strategies for attacking businesses and individuals, alike, and have given us some clues into where they’re looking break into network in the coming months.
Some of these security experts go under cover on the dark web (similar to those “Law And Order” episodes where the cops are under cover to bust a big drug ring or trafficking scheme and are finding that Dark Web chatter correlates to real vulnerabilities and attacks on networks. The vulnerabilities that criminals are talking about are in fact the ones many of them are soon after targeting.
[Note: there are two very different groups of cyber attackers in the 2018 landscape—criminal attackers looking for personal gains and nation state activity looking to exploit information from enemy’s for national gains. The chat rooms where security experts glean security information are likely directed only at criminal attackers looking to make big bucks hacking their way into businesses.]
What have these criminals been talking about lately?
Cybersecurity experts seem to agree that attackers are focusing their attacks more exclusively on Windows products in 2018 than before. In the past, criminals had a diverse focus on getting into businesses through a variety of software platforms, including many Adobe products, include Flash players. But more recently, IT Security analysts are concluding that even more focus is being put on Windows attacks in recent months.
As Adobe has begun to see its usage significantly drop, it’s no surprise that Microsoft is a growing cyber target.
Adobe products, but specifically Flash-based platforms have significantly dropped in popularity over increased understanding of risks involved with the software. As Flash Player usage significantly dropped in 2017, many analysts have seen increased focus on Microsoft software products—for both consumer and enterprise systems.
What are the biggest security targets coming into Q2 for businesses?
Currently the most used vulnerabilities being discussed on the Dark Web span from exploits targeting Visual Basic scripting (affecting Microsoft Office products) to those targeting older versions of Internet Explorer.
Here are 3 exploits you might want to have someone check into:
The CVE-2017-0199 Exploit—while a patch for this exploit was available by Microsoft almost a year ago, security experts are seeing growing exploit of unpatched systems with this security patch. The CVE-2017-0199 exploit is a security hole in Microsoft Office that cybercriminals have used to deliver malware—some of which you may have seen recently on the news.
In most attacks involving CVE-2017-0199, attackers send out specially crafted documents set up to exploit the vulnerability (this means users are getting tricked into opening attachments in their email). Once the document is opened, malware gets installed on the computer, which may spread throughout your network.
How to prevent CVE-2017-0199 exploits?
Make sure your patches have been updated!—It shouldn’t take a complete year for your IT Support team to ensure ALL of the computers on your network are properly patched and up to date. But the hard reality is that businesses around Philadelphia are continuing to fall to this CVE-2017-0199 exploit! If you’re unsure whether your machines are properly patched, most security experts would recommend getting a 3rd party security assessment to put your mind at ease.
Train your users to think twice—I know it’s hard to always be a sceptic, but when it comes to business email, I always err on the cautious side. Make sure your team thinks before they click. If they weren’t expecting to see an email from the boss with a certain attachment, or if an email doesn’t feel or look right, it probably isn’t legitimate.
The CVE-2016-0189 Exploit— this exploit is an even OLDER exploit that businesses cannot seem to get a handle on. This vulnerability was discovered in the spring of 2016 and continues to affect users that need to run Internet Explorer.
To take advantage of CVE-2016-0189, criminals deliver malware via compromised websites and phishing attacks. If a user were to land on one of these sites or click on a malicious link, they likely will infect their computer and encrypt your entire network.
How to avoid CVE-2016-0189?
Your IT Support should be checking your version of Internet Explorer to make sure you’re version is safe to use. If for some reason you need to use an older version, your IT Support team should be monitoring traffic and regulating malicious traffic from landing on your site. That means if a user clicks on a link to a suspicious website or lands on a page that isn’t secure, your firewall would prevent the user from actually landing on those sites and blocking that traffic from infecting your network.
If you’re concerned that you might not have necessary security infrastructure in place, we’d recommend considering getting a free network security assessment to find out.
The CVE-2017-0022 Exploit—found in March of last year, cybercriminal are using this exploit to look for antivirus aps on your system and evade detection. This exploit has made easy delivery of ‘malvertising’ campaigns—malicious campaigns trying to get users to click on seemingly relevant links that actually contain malware— to infect networks large and small across the Philadelphia metro. Essentially, exploits of CVE-2017-0022 have been widely utilized for data theft.
CVE-2017-0022, like the other patches mentioned above, could be prevented by having an IT Support team that regularly tracks, patches and tests for security vulnerabilities on your business network.
Another major trend in 2018?
While attacks have not shown any sign of stopping in 2018 (in fact, many have been getting worse this year!), security experts have noticed a decline in development of new viruses. Experts believe that since businesses aren’t taking action to shore up their security from old vulnerabilities—some of which have been around for years (!), why invest more time and energy in finding and exploiting new network vulnerabilities?
The take home for you and your business?
Patch your machines! This should be a no brainer, but from what I’ve seen—doing hundreds of security network assessments—is that the majority of Philadelphia businesses don’t have basic security patches applied to their networks. And in many cases where someone has tried to apply them, they were either (1) not applied correctly (i.e., weren’t tested after the patch was applied), or (2) were not applied consistently.
The bottom line is that most businesses are still vulnerable to attacks—taking on additional risk—for problems that should have been fixed years ago (before even becoming problems!).
My final question to you: Can you afford to risk your business security?
Contact us today for a free network security assessment.