wave-pattern

Insights

Top Cyber Threats and Recommended Actions for Corporate Counsel

Author: Sam Rubin November 13, 2019

Cybersecurity threats are constantly evolving and becoming more sophisticated. As corporate counsel, staying up to date on hidden cyber threats, and more importantly, the appropriate response, is critical for your business operations.

Now is the perfect time to reflect on the most prominent cybersecurity threats of the year and ensure that you've addressed the weak points within your organization and are aptly prepared to enter into 2020.

Crypsis experts have responded to threats, closed off pathways to cybercrime, and shored up our clients’ defenses. Here is what we are currently seeing:

  • The ongoing development of information technologies is moving more of business and everyday life into the online world.
  • An ever-increasing volume of what we do online is accessible to hackers, cyber thieves, and other nefarious actors.
  • Cybercriminals have not stopped evolving, upgrading their capabilities, and looking for the next opportunity to strike.

What cybersecurity threats are critical to address now, and what is the appropriate response?

Keep reading below to learn more.

Short on time today? Email yourself a PDF version of this important cybersecurity threat information.

Cybersecurity Threat #1: Emotet & TrickBot

Emotet is malware that steals data, banking credentials, and potentially email. It can also spread other banking trojans, such as Trickbot, or other malware that steals financial information, bank logins and, in some cases, Bitcoin wallets.

Emotet has the ability to propagate throughout a network, which makes it dangerous to businesses and other organizations that tend to have numerous endpoints linked together.

Trickbot is another data stealer that can harvest email information, Point of Sale information and credentials, and then propagate itself. Trickbot also targets financial sites and steals banking information/credentials.

How Does Malicious Malware Work?

Both are typically spread via malicious spam campaigns—for example, spear phishing emails disguised as unpaid invoices or requests to update account information, with Microsoft Word or PDF attachments or embedded links containing malware.

Malware Targets:

  • Network credentials
  • Email credentials
  • Banking credentials
  • Outlook contacts
  • Email

Malware Response:

  • Immediately preserve firewall and VPN logs.
  • Before restoring systems, preserve computer hard drives and virtual machines.
  • Update Antivirus software to help manage infection.
  • Institute global password changes including, but not limited to:
    • User, administrator, and service accounts.
    • Clear cached credentials if applicable.
    • Core system application passwords.
  • Change banking and web-based email passwords.
  • Watch for suspicious banking activity (e.g., wire transfer).

Malware Best Practices

  1. Look at email and spam filtering improvements.
  2. Consider deploying an endpoint monitoring solution.
  3. Train employees on best email practices.

Take the first step toward a more secure cyber future. Email yourself a free PDF version of this important cybersecurity threat information.

Cybersecurity Threat #2: Business Email Compromise

While the deployment of Office 365 business email systems has been steadily increasing, so have the efforts to hack into these systems. Attackers have developed increasingly sophisticated methods to launch what is known as Business Email Compromises, or BEC, whereby they spoof users into giving up sensitive financial information they can then exploit for financial theft and fraud, among other things.

How Does Business Email Compromise Work?

At the heart of these scams is a new and improved version of phishing, with threat actors becoming increasingly skilled in creating what appear to be genuine, individual targeted approaches that are more likely to gain the trust of even the most careful email recipients.

Recent BEC attacks have leveraged Emotet and Trickbot to propagate within and beyond email systems.

Business Email Compromise Targets:

  • Both internal and external accounts via the compromised user’s contacts
  • Wire transfer fraud
  • Invoice diversion
  • Payroll diversion

Business Email Compromise Response:

  • Immediately preserve firewall and VPN logs.
  • Before restoring systems, preserve computer hard drives and virtual machines.
  • Global password changes including, but not limited to:
    • All email account passwords from standard users to global administrators.
    • Clear cached credentials if applicable.
    • Core system application passwords (e.g., payroll systems).
  • Watch for suspicious fraud activity
    • Wire transfer requests.
    • Invoices not getting paid.
    • Payroll direct deposit changes.

Business Email Compromise Best Practices

  1. Enable Multi-Factor Authentication (MFA) in email environment.
  2. Enable MFA for domain level access.
  3. Follow best practices and controls, and audit controls if necessary.

Protect your business email by sending yourself this email: a free PDF version of this important cybersecurity threat information.

Cybersecurity Threat #3: New Trends In Ransomware

The overall trend is toward enterprise ransomware, where instead of attacking one machine or device, the attack spreads virally throughout the organization.

Under this scenario, the sizes of ransom demands are increasing, to between 20 and 50 bitcoins.

Negotiating ransoms is becoming less successful and generally ends up costing the victim more than simply paying the original ransom demand.

How Does Ransomware Work?

SamSam and Bitpaymer—Highly effective and usually trigger payment from victim.

Ryuk—Impacts core systems. Demands tend to be high, but not as effective as SamSam or Bitpaymer in getting victims to pay.

Bitpaymer and Ryuk threat actors often leverage Emotet, Trickbot, or Dridex to infect an environment prior to deploying the ransomware.

Ransomware Targets:

  • Network credentials
  • Email credentials
  • Banking credentials
  • Outlook contacts
  • Email

Ransomware Response:

  • Immediately preserve firewall and VPN logs.
  • Before restoring systems, preserve computer hard drives and virtual machines.
  • Identify non-identifying files to provide attackers if ransom payment is going to be required.
  • Set up an external email account if you choose to contact the attacker.
  • Global password changes including, but not limited to:
    • User, administrator, and service accounts.
    • Clear cached credentials if applicable.
    • Core system application passwords.

Ransomware Best Practices

  1. Implement endpoint monitoring.
  2. Look for email and spam filtering improvements.
  3. Train employees on best email practices.

At Crypsis, our daily mission is to fight cybercrime. With our team of cybersecurity experts, we help and protect our clients by defending against and responding to severe cyber threats. Staying ahead of the rapidly evolving threat landscape is what we do best.

Interested in learning more? Here are some resources to get you started: