Skip to content

The Cybersecurity War Rages On

By Keith Arnold, Vice President of Advanticom, karnold@advanticom.com

The war against cybercriminals continues. Hackers across the globe are continuing to study and reverse engineer the security solutions businesses are using to prevent attacks.

They have come to understand how these solutions hinder their attack success rates and overall reduce the vulnerabilities within organizations. Threat Actors have advanced their own techniques and tactics with increasing hostility towards their targets. Attacks now have higher success rates and quicker initial exploitation to exfiltration or destruction. The increase in attacks has also focused on lateral movement utilizing built-in tools and frameworks.

Highlights of current threat landscape:

  • Threat Actors have become more agile and more determined. 
  • Leveraging automated and enhanced capabilities. 
  • Decreased dwell time due to efficiently performed reconnaissance. 
  • Increased the use of built-in tools and utilities within operating systems. 

Threat Actors have expanded their use of sophisticated tactics and techniques

  1. Fileless malware - a type of software that uses real programs to infect a computer without leaving a trace.
  2. Sophisticated malspam - delivering bulk email that may contain any number of malicious malware types including ransomware. 
  3. Powershell, WMI and DotNET - Threat actors are using built in operating system tools to obfuscate their malicious activities. 

Threat Actors have extended ways to gain access during their initial compromise

  1. Password spraying where the threat actor attempts to access a large number of accounts with commonly used passwords.
  2. C2 gives the attacker control to send commands to systems that are compromised to obtain targeted data. Examples include Cobalt, Posh and Empire.
  3. Remote code execution (web shells), where a threat actor can remotely execute a malicious code over the internet.
  4. Attacks are not stopping or slowing in occurrence. It is not if there will be a compromise, it is when.

We encourage all businesses to invest in their internal security practices by implementing SIEM and next generation cyber security tools. 

Partnering with a trusted and qualified firm is also a way to complement efforts to building out internal capacity. We all must improve as threat actors are always two steps ahead. Cyber Security is a chess game, learn to master the board!