Fake News, New Malware Drive Recent Attacks

One thing threat actors and cybersecurity analysts have in common is that they’re both in a constant race to analyze the latest emerging malware and threats. Threat actors want to exploit them, of course; cybersecurity researchers want to learn how to defend against them. The latter has the more critical, difficult and time-sensitive tasks. They must remain constantly vigilant and informed about all the latest attack vectors. To that end, let’s look at some new threats, investigate how easy access creates more threat actors, the latest favorite target group and how fake news empowers social engineering.

New Malware Strains Emerging

One new malware loader advertised in malware hacking forums is IceXLoader. In this instance, attackers wrote the tool in a programming language called Nim, a relatively new language that combines concepts from Python, Ada and Modular. Using a comparatively rare language may be an attempt to avoid detection; evading security tools and make it more difficult for security researchers to analyze the attack. IceXLoader is used to download and deploy additional malware on infected machines.

Researchers have also found several travel-based phishing attacks. The emails promise exciting vacation itineraries, only to deliver a PDF that contains malware. One of them, AsyncRAT, gives remote access to attackers and enables them to remotely monitor and control a compromised machine through a secure encrypted connection.

Threats come from all quarters, including from those who use cyberattacks as a form of political activism. A Malaysian hacktivist group called DragonForce recently attacked financial organizations, government entities and educational institutions’ websites in India. One of their main targets is hosting providers, as access to these providers allows attackers to compromise their customers’ websites. The group has also encouraged other hackers to join their “OpsPatuk” campaign.

Threat Samples Beget More Threat Actors

The availability of emerging threat samples is creating more threat actors. Emerging tools and malware that can be used to breach security systems and gather information have samples or proofs-of-concept available online via sources like GitHub. A common threat-hunting technique my team uses is to monitor GitHub and other repositories for new attacks and proofs-of-concept. Most things posted on these online repositories are for research or educational purposes, but this gives us insight into creative ways new and old attacks are being incorporated into new tools.

Claroty

Once a new threat sample has been made available online, the race begins. Threat actors work quickly to develop new attack methods or modify existing tactics. In contrast, cybersecurity researchers work to see how the new threat works and learn how to make networks defensible against it. The increase in variants of ransomware, as evidenced by the latest FortiGuard Labs threat report, is a good example. In the past six months, the report found a total of 10,666 ransomware variants–almost double the amount from the previous six-month period.

More often than not, new samples and proofs-of-concept are used to modify an existing attack method–because traditional tactics already work efficiently. Old tactics still work well, but a slight change or a new tactic will help those evolve to target new vectors. For example, phishing emails are a longstanding tactic, that have evolved to fake mobile apps or text messaging scams, for instance.

Wait–Who’s Attacking Us?

As tools and malware samples become more available online, individuals are trying their hands at conducting their own attacks for a quick score–even if they aren’t hardened cybercriminals. Many of the attacks we see are opportunistic in nature and are one-time trial attacks. The truth is, it’s relatively easy to carry out an attack using online tools and some basic training;  the perpetrator could potentially make a million dollars with a low risk of getting caught. As bad actors start to realize this, they’re deciding to give it a try.

And speaking of trying–it’s not the unsuspecting masses who are the targets of these attempts. We’re seeing security researchers themselves becoming an increasingly favored target for bad actors. They’re sort of the quintessential guinea pigs for threat actors’ latest malware–testing which tactics would be fit for more widescale attacks and identifying malware to use in a targeted manner. If threat actors can have minor success against the security researchers, they know they will have greater success using these techniques at scale against less sophisticated targets.

The Scourge of Fake News Continues to Fuel Bad Actors

While not a new trend, one that’s continuing is fake news–often ripped from the latest headlines but playing fast and loose with the “truth”–which is being used to pique unsuspecting users’ curiosity to launch phishing attacks, with the byproduct of spreading misinformation. Attackers use just enough detail to make their email subject headlines plausible and to play on people’s emotions. This kind of “information” gets passed along so quickly that it’s often hard to know what’s real and what’s not.

Users need to be aware of the articles and links they choose to open to avoid falling victim to these attacks and as the medium for an attack is constantly evolving. This is why ongoing cybersecurity hygiene training and awareness must be part of every organization’s security strategy.

Defeating Malware and Threats

In this information age, whoever gets threat information first has a distinct advantage in carrying out their plans—whether they are for good or evil. Network defenders can arm themselves not only with the latest threat intelligence but also with a comprehensive and integrated security approach that covers all the bases. This must include cybersecurity awareness training for employees on an ongoing basis; they are the frontline soldiers in the social engineering war.

Avatar photo

Aamir Lakhani

Aamir Lakhani is a cybersecurity researcher and practitioner for Fortinet’s FortiGuard Labs. He formulates security strategy with more than fifteen years of cybersecurity experience, his goal is to make a positive impact on the global war on cybercrime and information security. Lakhani provides thought leadership to the industry and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders who help define the future of cybersecurity.

aamir-lakhani has 3 posts and counting.See all posts by aamir-lakhani