Hackers continue to push the envelope and find creative ways to identify new attack surfaces. Monitored forum chatter is presenting us with a new attack method using vulnerability chaining.
ATTACKER PLANNING SHOWS A NEW LEVEL OF SOPHISTICATION
Financial services and transaction-based service providers should take heed. In the last 30 days, chatter in dark web forums is signaling that attackers are developing new schemes built off vulnerability chaining techniques to gain access to corporate and enterprise systems. When successful, these attacks allow unauthorized parties to move, often undetected, throughout the network, gaining access to sensitive data and/or critical systems. Attackers can then chose to monetize the attack through data or bitcoin theft, cyber extortion or other exploitive measure.
Vulnerability chaining is a well-established technique of hacker tradecraft which occurs during their reconnaissance process. As hackers work to enumerate a target’s digital footprint they identify direct and peripheral vulnerabilities and weaknesses in hardware and software to exploit.
The main benefit of this methodology is that the attackers can gain initial access through whatever technology and exploit tool that they deem to have the highest chance of success and can then go through their “exploit rolodex” to continue deeper into the target network. And they can plan out a large chunk of the operation prior to ever setting digital foot on the target network.
Specifically, analysis of attacker discussion patterns across darkweb forums in the last 30 days has highlighted a cluster of focus on malicous code injections of web-based software used to process large volumes of transactions. Using the concept of vulnerability chaining while analyzing the patterns of attacker reconnaissance, Liberty threat analysts further anticipate that the initial entry point may focus on susceptible Microsoft IIS 6.0 servers. Microsoft IIS 6.0 servers undergoing the most reconnaissance are located in the United States and SE Asia.
Interestingly, this same analytical methodology showed a clear uptick in interest, discussion and activity around the cryptocurrency Monero. Although further analysis is needed for a definitive conclusion, it is possible Monero is in the crosshairs either as a preferred mechanism for future ransomware payments or potentially as a target itself for theft.
Risk Managers, their CISOs and IT experts should be taking preemptive steps to monitor for any unusual activity and to strengthen internal detection and response efforts. Learn how our Liberty Advisor Group’s Business Threat Intelligence team can help your company stay abreast and protected from this and other emerging cyber threats. Remember, hackers don’t always target companies, they mostly target vulnerabilities in technologies. Even the most advanced corporations cannot completely insulate themselves from all types of hacking schemes.
Liberty Advisor Group is a mission-focused advisory and strategic consulting firm. We partner with our clients to solve their most complex business issues and improve enterprise value. Our experienced team has a proven track record in Business and Technology Transformation, Data Analytics, Business Threat Intelligence, and Mergers and Acquisitions. We offer original thinking combined with factual data to develop comprehensive, situation-specific solutions that work. With straight talk and proven results, we accelerate growth, drive efficiency and reduce risks. We are experienced. We are doers. We are Battle-Tested.