Recently the well-known provider of service assurance, cybersecurity, and business intelligence solutions, NETSCOUT Systems Inc, released its semi-annual Threat Intelligence Report highlighting cybercrime as a mainstream business model. The report also examines the maturation of Nation-State sponsored Advanced Persistent Threat (ATP) groups and new findings on IoT vulnerabilities. With a substantial increase in attacks and condensed time frame for attack vector weaponization, the NETSCOUT Threat Intelligence Report 1H underpins a growing need for a knowledge base that parallels the development of what the report describes as a “stunningly efficient operation.”
“Our latest Threat Intelligence Report underscores how cybercriminals and crimeware have not only gone to business school, but they can now teach classes,” said Hardik Modi, NETSCOUT’s senior director of threat intelligence. “With the cadence of attacks on the rise, businesses can no longer afford to compromise on security. IoT devices are under attack often within just five minutes of being powered up. The threats are real, and Cyber Threat Horizon gives businesses extensive visibility and clarity into the threat landscape, helping them to make the right security choices.”
A few of the highlighted trends as reported by NETSCOUT’S Threat Intelligence Report include;
- Botmasters Getting Smart – Rapid weaponization of multiple vulnerable services continues. Attackers are exploiting everything from mobile devices to every day use household appliances at alarming rates.
- Mirai Remains the King of IoT malware, with NEW variants to exploit devices – Due to the lack of skill needed to take advantage of new exploits, Mirai and its variants continue to dominate. NETSCOUT reports more than 20,000 unique Mirai samples and variants monthly in the first half of 2019.
- Point Of Sale Malware persists – Despite global efforts to stop such malware, point of sale (POS) infections are ongoing. Two malware families, Backoff and Alna, continue to disrupt with infections allowing single events to result in thousands of stolen credit cards daily.
- Bad Actors are feasting on mid-sized DDoS attacks – In the first half of 2019 DDoS attack frequency grew 39% focusing on medium-range stack sizes between 100 Gbps and 400 Gbps.
APT group activity was another area with notable growth. Nation-State sponsored Advanced Threat groups are using new sophisticated malware, but are also recycling and modifying existing attacks that had previously been used on them, efficiently saving resources needed to create new custom tools.
NETSCOUT’S ATLAS Security Engineering and Response Team (ASERT) tracked over 30 active APT groups while being aware of more than 185 globally. The task force reports that;
- Geopolitical skirmishes are ramping up – Increasingly, geopolitical adversaries are targeting one another using a wide array of cyber tactics ranging from DDoS attacks to social engineering and misinformation
- Deception – While malware continues to be a favored tool, many campaigns have little to do with it, and rely entirely on deception and social engineering using e-mail as a dominant attack vector.
- Browser Add-ons – Malicious browser add-ons and extensions are another common attack vector on the global scale.
- APT groups are targeting military, government officials, financial and corporations in espionage efforts.
NETSCOUT reports that 2019 has produced a wave of “market-ready” crimeware with tools that can quickly be deployed as vulnerabilities are discovered. The Threat Intelligence Report provides a broad scoped survey of the landscape that global trade faces, and can offer leverage in identifying and addressing potential threats. Understanding the playing field can also provide an opportunity for a crackdown on illicit operations and serve to help provide a safer, more secure internet.
You can download a full copy of NETSCOUT’s Threat Intelligence Report: Powered By ATLAS here.
Cody Bowcut is a Contributing Editor at Brilliance Security Magazine