THREAT INTELLIGENCE REPORT 2020 REWTERZ – THREAT INTELLIGENCE REPORT 2020
EXECUTIVE SUMMARY
Rewterz provides Managed Security Services and Threat Intelligence services to organizations across continents. To keep cybersecurity professionals updated with relevant emerging threats, our Threat Intelligence team releases blogs, advisories and alerts regularly. Rewterz Threat Intelligence annually releases a consolidated Threat Intelligence report to summarize the most prominent cyber threats from the past year, detected and highlighted by our various Security Operations Centers and sensors. Aiming to provide security teams with helpful information for improved organizational security, this report consolidates findings of multiple security operations centers and sensors deployed across multiple organizations.
Rewterz Threat Intelligence team analyzes data from hundreds of thousands of protected endpoints and servers, as well as from other sources that track phishing, attack campaigns, spoofing, identity theft, financial fraud and other fraudulent activities. Our team brings forth this valuable real-time data to equip organizations against cyber-attacks beforehand. Rewterz Threat Intelligence Platform utilizes numerous attack sensors collecting data of malicious events from global threat feeds, making it the most comprehensive and advanced threat intelligence gathering network in the country.
With evolution in cybercrimes, safeguarding your sensitive information needs to be prioritized to save the integrity, availability and confidentiality of your organization. To cope with growing techniques of cyber-crimes, our SOC team uses most advanced threat intelligence and manages the real-time data of threat landscape through our Security Orchestration Automation and Response (SOAR) platform, SIRP. Our orchestration and automation platform helps reduce the redundant processes of incident handling and lets analysts focus on more complex tasks. SIRP automates the usage of Threat Intelligence data for our SOC teams, equipping them for smooth incident handling, vulnerability management, access control regulation and risk management, meanwhile saving considerable amount of their time.
Rewterz has now mastered the art of threat intelligence and is ready to help you proactively fortify your defenses and mitigate threats. Through this report, we aim to share and dissipate knowledge about sophisticated threats and advanced attacker practices in use on the Internet today. This report enables readers to gain clear insight on the nature of the threats currently faced by organizations operating in the cyber world. Using the collected statistics, this report draws a clear picture of the threat landscape and informs about global threat practices used by attackers. This extensive report contains analysis on the major attacks detected during last 10 months. It includes the top attacking countries, most common malwares deployed, most active Advanced Persistent Threats, top phishing campaigns, top-targeted ports, most common attack vectors, most targeted industries, most exploited vulnerabilities and much more. We hope that you find this report useful. Feel free to contact us with any feedback.
1 REWTERZ – THREAT INTELLIGENCE REPORT 2020
For every organization operating in the cyber space, THREAT INTELLIGENCE understanding security vulnerability and the utility of threat intelligence is no more a question of choice. With the AND DECISION MAKING ever-growing techniques of cyber-attacks, every organization needs optimum measures to protect its information against economical, informational or privacy breaches. For that purpose, it’s important for organizations to understand the implications of threat intelligence data. The information in this report is structured to ensure maximum understanding and utility for the readers.
Threat Intelligence is an inevitable component of decision-making processes and helps in crafting strategies for handling information security. It also guides organizations about the nature of staff-training that their cybersecurity demands. Apart from the situational awareness and foresight needed to improve the resilience of your critical business operations, Threat PROTECTION Intelligence also provides tangible benefits by highlighting on-going threats in your industry. To change reactive approach to a proactive approach, Threat Intelligence helps predict and target threat factors before they turn into an attack. This translation of cyber threats into business concerns and risks will eventually trigger an active defense mechanism. Moreover, effectiveness of security controls needs to be measured to justify their investment. Enterprises need to make sure that their security controls will protect business assets from a potential breach. VISA Lorem ipsum dolor sit amet 5656 343 787 888 Therefore, Threat Intelligence through latest vulnerabilities helps determine the security coverage and threat exposure that these controls add to an organization’s cybersecurity.
2 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP INCIDENTS BY INDUSTRY
Most cyber incidents in the past ten months were observed in the IT industry. Finance sector has also seen major cyber incidents whereas Manufacturing, Healthcare and Education industries follow up closely. 60 Information Technology Finance 50 55% Manufacturing Information Technology Education
40 Healthcare Fintech Transportation 30
20 15% Finance 10% Manufacturing 08% 08% 10 Education Healthcare 03% Fintech 01% Transportation 0
3 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP DATA BREACHES BY INDUSTRY
Deliberate data breaches in the past ten months have targeted many industries. Due to COVID19’s transformation of the cyberspace, Healthcare industry becomes the top targeted in last five months, with Finance dropping down to second. However, Manufacturing, Information and Education industries still remain to be popular targets for cyber criminals. 24% Healthcare
Transportation 03%
21% Finance Fintech 07%
Education 10%
18% Manufacturing Information Technology 17%
4 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP ATTACKS
Following are the top attacks detected by our Security Operations Centers and sensors. 50% of the attacks were that of HTTP tunneling whereas around 27% attacks were that of Anonymous SSL Cipher Negotiation. TCP denial of service attacks attribute to around 13% of the attacks detected by our Security Operations Centers and sensors. ATTACKS %
50 HTTP Tunneling 50
Anonymous SSL Cipher Negotiation 27
TCP Denial of Service 13 40 TCP Sync Flooding 3
HTML code Obfuscation 3
30 Excessive Request on TCP Port 0 1
Traceroute Enumeration Attack 1
HTTP Null Session Attack 1 20 UDP Flooding Attack 1
UPNP SSDP DOS attacks 0
10
0 5 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP WEB APPLICATION ATTACKS Our Security Operations Centers and sensors detected that around 50% of the web application attacks are that of Illegal Resource Access, with highest percentage of them originating from Russia. SQL Injection attacks ranked second in web application attacks (24%), with prominent origination from USA. Brute Force Attacks on web applications amounted to around 10%, in which Netherlands was observed to have been very active. 02% Denial of Service 07% Saudi Arabia Cross Site Scripting China 10% 50% Brute Force Illegal Resource Access Netherlands Russia
24% Sql Injection USA 6 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP ATTACKING COUNTRIES
In the past ten months, Russia topped the list of countries from where most cyberattacks originated. United States went down to second from being first in 2019, whereas the cyberspace of Netherlands, China and Australia are also responsible for considerable number of cyberattacks. Below is a list of top attacking countries in the past ten months. 34% Russia 1% 32% UK USA
3% 7% France China 3% 3% 12% Saudi Arabia UAE Netherlands
2% 3% South Africa Australia 7 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP ATTACKING IP ADDRESSES TOP ATTACKED PORTS
A very high percentage of detected cyberattacks (66%) originated from the IP The most targeted port remains to be 443, bearing 50% of the detected address 66.115.169.210. This was followed by around 10% of the attacks attacks, up from 40% in August 2019. Other ports like 80, 25 and 445 continue originating from the IP address 95.85.51.71. Our Security Operations Centers to appear in the list of top-targeted ports. Ports 389 and 123 emerge as new also detected other malicious IP addresses, some of which are given below. highly targeted ports.
66% 66.115.169.210 PORTS % 95.85.51.71 10% 443 (HTTPS) 50
6% 27.78.14.83 389 (LDAP) 12
123 (NTP) 10 14.177.232.130 5% 25 ( SMTP) 9 4% 116.105.216.179 80 (HTTP) 7
176.113.70.60 4% 22 (SSH) 7
2% 89.248.174.216 445 (SMB) 3
993 (IMAPS) 1 5.101.0.209 1% 853 (DNS over TLS) 1 1% 43.252.220.111 4500 (IPSec) 0
222.186.173.238 1%
8 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP C2 HOSTING COUNTRIES TOP CNC SERVERS
Highest number of detected Command and Control servers were hosted in Listed below are the top most malicious Command and Control servers the United States. The cyberspace of France, Netherlands and Russia also detected, based on the number of callbacks. hosted considerable number of C2 servers. Others are listed below.
www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff[.]com COUNTRIES % www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com gvaq70s7he[.]ru USA 39 5isohu[.]com France 12 www[.]aieov[.]com Netherlands 9 104.24.125[.]118 Russia 9 104.24.124[.]118
Brazil 9 Okonewacon[.]com
Germany 6 69.197.156[.]194
China 5 Blackempirebuild[.]com ant.trenz[.]pl UK 5 173.231.184[.]55 Japan 3 5.149.249[.]226 Pakistan 3 51.75.61[.]102
51.75.61[.]103
9 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP ATTACK VECTORS
The attacks detected by our Security Operations Centers and sensors used many vectors, of which Phishing tops the list with 30% of the attacks. 22% of the attacks exploited vulnerabilities in assets exposed to the internet. Attacks of unauthorized credential use and watering hole attacks were also prominent. Other attack vectors are listed below.
15% 30% Other Phishing
18% Watering Hole Attacks
22% Vulnerabilities in Assets Exposed to 15% Internet Unauthorized use of Credentials / Re-use of Credentials
10 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP MALWARE OBSERVED
The leading malware detected by our Security Operations Centers in the past ten months is Agent Tesla (28%), with most attacks originating from Singapore. It was followed by Ursnif (18%) and Adwind RAT (10%). Below are the CnCs, IP addresses and geolocations associated with these malware attacks.
MALWARE CNC SERVERS IP ADDRESS GEOLOCATION %
Agent Tesla mail[.]waman.[i]n 43.255.154.31 Singapore 28
Ursnif link[.]philippeschellekens[.]com 62.109.31.180 Russia 18
Adwind RAT 20bigblessings[.]mydissent[.]net 185.244.30.21 Netherlands 10
Dridex lupingol[.]com 47.254.174.146 United States 8
Emotet lazisnukolomayan[.]com 180.235.148.228 Indonesia 7
Trickbot onetimeroma[.]com 89.46.106.48 Italy 7
Danabot fepolomokmmas[.]xyz 149.202.103.83 France 6
Azorult memotech[.]cf 84.16.248.160 Germany 6
Qbot y-sani[.]com 49.213.3.136 Hong kong 5
IcedID arkanaways[.]red 185.48.56.111 Netherlands 5
11 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP RANSOMWARE OBSERVED
In the cyberspace of Pakistan, GandCrab was detected in highest number of ransomware attacks. WannaCry followed closely along with Petya/Not Petya ransomware.
Petya / Not Petya
Locky WannaCry Ransomware
GandCrab Nemucod
12 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP SPYWARE/GRAYWARE
Our Security Operations Centers and sensors also detected some spyware including PUA.Win32.FusionCore.SMBD (20%) that infects Windows systems via unintentionally downloaded malicious files or files dropped by other malware. HKTL_KEYGEN was also detected in 18% of the spyware infections along with others that are listed below.
TOP SPYWARE %
PUA.Win32.FusionCore.SMBD 20
HKTL_KEYGEN 18
PUA.JS.FLPlayer.AA 18
HKTL_USUR 10
CRCK_KEYGEN 7
CRCK_XFORCE 7
Cookie_DoubleClick 5
HackTool.Win32.Keygen.ALW 5
HackTool.Win32.UltraSurf.AE 5
PUA.Win32.WebCompanion.AZ 5
13 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP EXPLOITED VULNERABILITIES
Most exploited vulnerabilities in the past ten months are found in Microsoft Office, maintaining its place as a common entry point in a target system. Some other critical vulnerabilities that were highly exploited by the attackers include Citrix ADC and Gateway vulnerability, Pulse Connect Secure and Apache Struts vulnerabilities. List of others is given below. CVE PRODUCT SEVERITY
CVE-2017-11882 Microsoft Office High
CVE-2017-0199 Microsoft Office High
CVE-2019-19781 Citrix ADC and Gateway Critical
CVE-2019-11510 Pulse Connect Secure Critical
CVE-2017-5638 Apache Struts Critical
CVE-2012-0158 Microsoft Office Unknown
CVE-2019-0604 Share Point Critical
CVE-2017-0143 SMBv1 server High
CVE-2018-4878 Adobe Flash Player Critical
CVE-2017-8759 Microsoft .NET High
CVE-2015-1641 Microsoft Office Unknown
CVE-2018-7600 Drupal Critical
CVE-2018-0802 Microsoft Office High
CVE-2017-1182 IBM Tivoli Monitoring Portal v6 High 14 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP WEB APPLICATION VULNERABILITIES
The data from our Security Operations Centers reveals that 59% of all web application vulnerabilities were that of Cookie Hijacking. 26% of these include Busi- ness Logic Flaws. Cross-site scripting vulnerabilities amounted to 6%. Others are listed below.
Cookie Cookie Hijacking Hijacking Business Logic Flaws 59% Cross Site Scripting (XSS) Command Execution 60 SQL-Injection Forceful Browsing
50 Business Cross Site Request Forgery Logic Flaws Parameter Tampering Broken Authentication 40 26% Cross Site Scripting (XSS) 30 06% Command SQL Forceful Execution Injection Browsing Cross Site Request Parameter Broken 20 02% 02% 02% Forgery Tampering Authentication 01% 01% 01% 10
0
15 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP PHISHING EMAILS AND SUBJECTS
Given below are the top phishing campaigns detected by our Security Operations Centers. Emails from the following email addresses using the following email subjects were seen targeting highest number of end users. These phishing campaigns follow the trending invoice and payment theme, mostly aimed at stealing banking credentials.
TOP SOURCE EMAIL ADDRESS TOP EMAIL SUBJECTS
ITM CO., LTD contract [email protected] FWD:Outstanding Payment [email protected] WORLD REMIT CREDIT ADVICE [email protected] INV#02215888 [email protected] INV#21235359 [email protected] CONFIRM THIS ORDER [email protected] 404 Local Payment 2020/5/May [email protected] Re: Request For Wire Transfer // TT Receipt Copy [email protected] RFQ: Level Gauges for TK-5900_Long Son Project [email protected] FW: URGENT REQUEST FOR QUOTATION [email protected] RIT-CDO1029-022019 PURCHASE ORDER [email protected] New ReadabIe VM Received [email protected] New Order - CKA Holdings [email protected] TOP URGENT: REVISE INVOICE AND INCLUDE YOUR BANK DETAILS. [email protected]
Clients Termination letter & The letter- Resignation [email protected] April Invoice of $73,00 [email protected] 16 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP DEPARTMENTS TARGETED BY PHISHING
Our data reveals that highest number of phishing attacks targeted end users in organizations (around 28%). C-suites were targeted in 16% of the detected phishing attacks. However, phishing attacks also targeted HR, Marketing, IT-support, Procurement and Finance.
11% 28% 12% 10% 08% IT - Support End Users HR Procurement Finance
04% 16% 11% 02% Administrator C-Suites Marketing Treasury
17 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP MALWARE DELIVERED VIA MALSPAM
Malspam campaigns remain to be the most popular malware delivery technique. Of these, 39% malspam campaigns were found to be distributing banking Trojans. 32% brought ransomware infections with them whereas 17% of the malspam delivered cryptominers.
Banking Trojan 39% Ransomware 40 32% 35
30 Cryptominer 25 17% 20 Botnet 15 07% Other 10 05%
5
0
BANKING TROJAN RANSOMWARE CRYPTOMINER BOTNET OTHER
18 REWTERZ – THREAT INTELLIGENCE REPORT 2020
COVID19 MALSPAM DISTRIBUTION
With COVID19 becoming the new global hype, around 77% of all malspam campaigns in 2020 have used this theme. 37% of these COVID19 malspam campaigns are that of phishing, 29% of these introduce emerging threats (new malware or threat group), 28% distribute information stealers to facilitate data breaches, whereas Advanced Persistent Threats initiated only 4% of these malspam campaigns. 04% APT 02% Cyber Espionage 28% Data Breach
29% Emerging Threat
37% Phishing
19 REWTERZ – THREAT INTELLIGENCE REPORT 2020
THREAT CATEGORIES COVERED TOP ADVANCED IN REWTERZ ADVISORIES PERSISTENT THREATS
Rewterz Threat Intelligence has reported around 1500 threats and As shown below, 33% of all reported APT campaigns are attributed to vulnerabilities in the past year. Of these, 34% were vulnerability advisories Lazarus (Hidden Cobra), whereas TA505 is responsible for 18% of all and around 18% were phishing alerts. 17% of the alerts reported new cyberattacks labelled as APT. APT41, MuddyWater and APT33 share the emerging threats, whereas 9% of them reported campaigns launched by same ratio of 9% cyberattacks covered by Rewterz Threat Intelligence. Advanced, Persistent Threat groups. Below is the categorization of these reports.
35 35 35 34% 33% 30 30 30
25 25 25
20 20 20
18% 18% 17% 15 15 15
10 10 10% 10 09% 09% 09% 09% 09% 08%
5 5 5 05% 05% 04% 01% 01% 01% 0%
0 0 0 APT Fin7 TA505 APT41 APT33 APT27 Others Lazarus Kimsuky Phishing Smishing Espionage Cyber Crime MuddyWater Data Breach DDoS Attacks Vulnerabilities (Hidden Cobra) Control Specific Emerging Threats 20 REWTERZ – THREAT INTELLIGENCE REPORT 2020
MALWARE TRENDS IN REWTERZ THREAT UPDATES 2019-2020
Given below is the trend of malware occurrence according to Rewterz Threat Updates. Remote Access Trojans continue to be most popular tools in cybercrimes, with highest reported threats in both 2019 and 2020 so far. Cryptominers and Information stealers have more than doubled up in 2020, as compared to their occurrence in 2019. Ransomware detection in 2020 so far is almost equal to all of the ransomware attacks reported throughout 2019.
500 2019 413 2020 400
298 300
239
200 196
111 100 84 70 77 55 37 23 14 5 10 0 RAT RANSOMWARE CRYPTOMINER TROJAN OTHER BANKING INFOSTEALER MALWARE MALWARE 21 REWTERZ – THREAT INTELLIGENCE REPORT 2020
WEB INCIDENTS IN PAKISTAN
Our data reveals that highest number of web incidents in Pakistan were recorded in August, 2019 (25 Government and 185 private websites). This was followed by 13 web incidents for Government in October 2019 and 115 web incidents for private websites in June 2020. The threat actors associated with these web incidents are also listed below.
MONTHS GOV COUNT PRIVATE WEBSITES COUNT ACTOR
January ‘19 1 3 Royall battker bd February ‘19 2 Indian activist MikeWaals March ‘19 April ‘19 May ‘19 87 Unknown June ‘19 3 82 Multiple July ‘19 2 98 M3sicth August ‘19 25 185 D4RKNE55 404PRESSI 2others September ‘19 7 91 Multiple October ‘19 13 44 Multiple November ‘19 3 56 Multiple December ‘19 3 108 Multiple January ‘20 42 Unknown February ‘20 1 62 Mamad Warning March ‘20 9 64 Multiple April ‘20 4 96 Multiple May ‘20 1 82 Unknown June ‘20 3 115 Multiple
22 REWTERZ – THREAT INTELLIGENCE REPORT 2020
APT ATTACKS IN PAKISTAN
Below is a breakdown of five major APT groups that targeted Pakistan in the past 18 months. Of these, most attacks were launched by APT Sidewinder, aka HN2, a hardcore nationalist Indian state-sponsored group that targets windows machines and mobile phone devices of Pakistani and Chinese military & government entities. Considerable number of attacks from APT-C-35 have also been detected. This APT is also known as “Donot Team” and targets confidential information and intellectual property of South Asian organizations, specially the business sector of Pakistan. Some of these APT attacks were also launched by the Iranian Greenbug espionage group (aka APT34, Helix Kitten, OilRig) that targets telecommunications companies in South Asia in order to gain access to database servers. Some attacks were launched by APT40, a China-nexus state sponsored actor supporting China’s naval modernization effort since 2013. Earlier in April, DarkHotel espionage campaign targeted some Chinese officials in Pakistan. DarkHotel is a South Korean targeted spear-phishing spyware campaign selectively attacking business hotel visitors through the hotel's in-house WiFi network. Attack timelines are given below.
APT-C-35 APT SideWinder
APT-C-35 Attacks Frequency Description SideWinder Attacks Frequency Description
Jan. 11th ‘19 Feb. 2nd & 15th, ‘19 Exploited Inpage Exploited Inpage April 1st ‘19 April 1st ‘19 vulnerabilities vulnerabilities May 21st ‘19 June 25th ‘19
July 3rd & 30th ‘19 Jan. 2nd ‘20 Attacks through Aug. 27th ‘19 April 1st & 20th ‘20 Android Apps Sept. 9th ‘19 May 11th ‘20 Attacks through Oct. 22nd ‘19 Android Apps Dec. 10th ‘19 Jan. 15th ‘20 APT40 April 15th ‘20 APT40 Attack Frequency Description
Feb. 22nd ‘19 Watering Hole Attacks GreenBug Nov. 11th ‘19 GreenBug Attack Frequency Description DarkHotel Media reports disclosed May ‘19 presence in Telco DarkHotel Attack Frequency Description
Symantec disclosed Targeted Chinese April ‘20 April 6th ‘20 presence in Telco officials in Pakistan
23 REWTERZ – THREAT INTELLIGENCE REPORT 2020
TOP SPOOFED BRANDS In spoofing attacks, threat actors mostly impersonated Google services (39%). 17% threat actors masqueraded as YouTube in spoofing attacks. Apple’s identity was duplicated in 15% of these attacks whereas others are listed below.
40
35 39%
30
25
20
15 17% 15% 10 12% 5 03% 05% 05% 02% 01% 01% 0 Google Youtube Apple Amazon Spotify Netflix Microsoft Facebook Instagram Whatsapp 24 REWTERZ – THREAT INTELLIGENCE REPORT 2020
CAUSES OF DATA BREACHES A data breach analysis studied 3,950 data breaches and found that organized cybercrime groups launched 55% of data breach attacks. 70% of these data breaches were due to external attacks, whereas 45% of the total data breaches involved hacking. Surprisingly, only 17% of all data breaches under study involved malware. 48% 17% 08% 70% 55%
80
70
60
50
40
30
20
10
0 Involved Malware Policy External Attacks by organized Hacking violation attacks Cyber Criminals 25 REWTERZ – THREAT INTELLIGENCE REPORT 2020
CYBER SECURITY TRENDS 2020
Ransomware operators are likely to see a rapid growth in revenue, due to added pressure of victim shaming along with the threat of data encryption and data loss. As the pandemic lingers, intensification of their attacks on vital service providers is expected, extorting even higher ransom payments than ever before.
More zero-days exploitation in 2019 than any of the previous three years shows that a wider range of tracked actors appear to have gained access to these capabilities. Offensive cyber capabilities are no longer a matter of skillset but are purchased as a cyber weapon.
As healthcare sector becomes the top targeted, more attacks on IoMT (Internet of Medical Things) devices are to be seen such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers. This is due to identification of a growing number of software vulnerabilities and the feasibility of attacks on these products.
Attackers are deviating from conventional means towards things like JAVA, GO, Python and VM to evade detection.
As expected, Managed Service providers are to witness more heinous cyberattacks, for accessing a valuable pool of their customers utilizing these remote services.
More cyberattacks surrounding remote collaboration tools and services are to be expected, as remote work is becoming the new norm.
Smart consumer devices are proliferating way faster than they can be secured. This puts personal data at stake in a digital society and dramatically increases chances of data theft, privacy violation and identity theft for attackers.
Until now, the challenge for cybersecurity has been to protect one billion servers and PCs. With the proliferation of IoT and smart devices, the attack surface could multiply by hundreds and thousands. It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things.
Growing dependency on Smart Supply Chains may result in destructive cyberattacks as smart supply chains are prone to disruptions in processes.
With a rapid increase in crypto-mining attacks, more advanced crypto-miners are to be seen to facilitate attackers in the easy money approach.
Next generation authentication technology and more robust controls are expected in 2020, to fight the ever-growing cyberattack techniques.
26 REWTERZ – THREAT INTELLIGENCE REPORT 2020
RECOMMENDATIONS
Keep all systems and software updated and patched against all known vulnerabilities.
Prioritize enabling multi-factor authentication wherever the option is available.
Use secure, trusted, reputable and updated VPNs only.
Use least privilege policy to limit access of each employee to job requirements alone.
Maintain and test backups regularly.
Set up systematic logging of all access and activities of your infrastructure equipment (servers, firewall, proxy…), and workstations.
Monitor remote connections and all access to files and folders in order to detect unusual access which could be the sign of an attack.
Where possible, keep unused ports closed.
If possible, implement segmentation of IT and OT networks.
Implement a strict strong password policy along with a password change policy every few months.
For protected remote AD logins, strengthen passwords, use a secure virtual private network (VPN) for all remote desktop access, and enable two-factor authentication on these remote desktop connections.
Whenever possible, limit VPN access to only authorized devices. Any attempt to connect from another device should be denied.
You should also activate two-factor authentication on remote sessions, especially for connections to the corporate network.
27 www.rewterz.com
UAE Oman Pakistan USA Australia