The techniques always remain the same: phishing and so-called malware “zero day”With the intensification of the attacks on supply chain. The report Yoroi (Tinexta Group) just published photographs the state of cyber threats faced by our country during 2021 and identifies the trends that are reflected in Italy on a global level.
They are techniques and tools that are constantly being improved and perfected by attackers to exploit the weakness of the human factor with social engineering techniques and induce victims to make mistakes based on haste, urgency, distraction or superficiality. The weak link, in short, is the “wetware”, that is the user in flesh and blood.
I study
Investing costs money but it is necessary to defend against cybercrime: the warning from Clusit
by Arturo Di Corinto
The volume of malicious code intercepted by Yoroi-Tinexta technology according to the report is constantly growing compared to previous years and the operating methods of the attackers suggest a clear division between opportunistic attacks e specific and targeted attacks. However, last year the biggest IT security problems were the phenomenon of “double extortion“(Ie double extortion with the request for a ransom not only to decrypt the encrypted files but with the threat of proceeding with their public dissemination) and that of attacks on supply chains. The projections for 2022 are similar, net of further news from the Russian cyberwar front.
Zero day attacks and phishing
According to Yoroi, “zero-day malware” attacks, ie malware not known to the signatures of antivirus systems, represent the 76% of current malware threats. Phishing and spear phishing, i.e. a digital scam specifically targeted at a person, organization or company, are instead the most adopted vectors in 2021 as the beginning of a chain of attack. Unlike the previous year, a sudden increase in the “drop and execute” was observed with the consequent adoption of unknowing download and execution of malicious components.
Digital warfare
From Anonymus to the military, which are the hacker groups active in the Russia-Ukraine conflict
by Andrea Daniele Signorelli
Just as highlighted in the previous report, the majority of malware present in the organizations observed were trojan bancari. The main input vector is represented by Ursnif with a presence of 33.5% of the total and that of Emotet for 18.9% of the samples. These trojans are vectors of entry, vehicles or “Trojan horses”, widely used to install malevolent systems of various kinds.
The most widespread threats
In general, in Italy during the past year the phishing, with 41.88% of attacks blocked, it was the number one threat to face. The second group for blocked request volumes is the malware with a prevalence of 38.08%; in this category we consider all families of malicious code, starting with trojans, arriving at ransomware and info-stealers. The third macro-family of blocked threats was the malicious websites with 19.95%. In this case, there are above all two possible situations to consider: “watering hole” attacks (a technique used to target a specific group of end users by infecting the websites and their functions that they visit and use most frequently) and those purely opportunistic, such as adware, malvertising, click fraud and others.
I study
Italian industry under attack must invest in cyber-resilience
by Arturo Di Corinto
The origins of the threats
The home territory of botnets and opportunistic attacks repeats a typical distribution: in the first place there are United States with 38% of the share and with an increase of 34% compared to the year 2020. In second place there are the attempts coming from China, constant compared to last year with 24% of the total. The third place is held by the Russian infrastructurewhich from Yoroi telemetry contain 8% of malicious communications.
The risk of Office documents
Therefore, e-mails and messaging remain a great love of cybercriminals: for the fifth year in a row, malicious e-mails represent a significant part of cyberattacks with malicious spam campaigns called “malspam”. They are set up to target individuals and small organizations, for example via fake invoice emails with malicious Office documents that victims download and open with confidence.
In fact, the monitoring of the Cyber Security Defense Center explains that Microsoft Office documents are the most relevant malware delivery vector, representing the most common way to spread the first stage of the malware infection chain. Indeed, the documents Microsoft Word (35%) and spreadsheets Excel (33.2%) jointly account for 68.2% of all malicious attachments intercepted by Yoroi email security services.
One of the latest tactics adopted by cybercriminals is that of compress attachments within an archive file (zip, gzip or rar, 7zip) and encrypt them with a password mentioned in the body of the email. It is a fairly simple method and that often self-declares itself, in a certain sense, but despite the now widespread awareness on the subject it remains a very effective tactic and on which the opponents are increasingly referring.
Risks to supply chains
Despite not being one of the most used vectors, the exploitation of technological flaws by malevolent actors it has gradually increased in popularity. In the course of 2021, numerous developers and producers have been victims of attacks through their products, both directly as in the striking case of Kaseya of the REvil group last summer, and indirectly, with the exploitation of serious leaks found in the inside their hardware and software systems.
“Every business is based on value chains that often transcend the same company boundaries. Production chains are increasingly complex, intricate and extensive – reads a Yoroi note – at the base of any product or service you can find dozens or hundreds of completely heterogeneous organizations, from micro-enterprises to large groups, interconnected with each other with a role and associated risks “. The perfect mix to wedge in and exploit this puzzle of suppliers: in the last year, one of these risks in particular has manifested itself with great surprise, that for the supply chains.
In fact, towards the end of 2021 “what appeared to be a serious catastrophe for the experts in the cybersecurity environment, an open source software used in practically all projects written in Java, both in open source and Enterprise scope: log4j. Throughout the month of December 2021, where the attacks were en masse, the Yoroi CSDC team was active 24 hours a day to monitor attack attempts for this vulnerability.