The threat of data breaches is ever present, but the intensity of individual attacks are maturing as technology does, according to Alert Logic's State of Threat Detection report of more than a billion security anomalies occurring between April 2017 and June 2018. As a result, safety has "evaporated" in industries using applications and cloud-based solutions and systems that are internet accessible.
Since 2011, malicious attackers have more or less committed to a killchain consisting of seven steps: reconnaissance, weaponization, delivery, exploitation, installation, command/control and action on objections. Now, attackers have consolidated the first five steps into a singular action which results in a quicker launch time, according to the report.
Attacks on apps reported the greatest number of attacks while "spray and pray," or opportunistic attacks, increased. Characterized by random attacks, spray and pray attacks cultivated a threat environment that is "aggressive," leaving victims with open proof of concept code vulnerable.
The cyber safety of an organization is dependent on which point in the killchain security professionals can detect a threat, Christine Meyers, director of product marketing at Alert Logic, told CIO Dive. About 88% of the incidents Alert Logic encountered saw attackers using "weaponized packages" that helped condense some of the steps in the killchain.
The evolution of the modified killchain attack method was first seen in ransomware, according to Meyers, where "attack innovations [are] being bundled with the delivery package."
Meyers said the ruthlessness of the "Wild West" comes to mind when observing this type of attack. Cryptominers existing in an environment are eliminated by kill scripts deployed by separate bad actors to "install their own miners," she said.
An increase in cryptomining incidents, while lacking the data "hostage" characteristics of ransomware, are highlighting security vulnerabilities. Cryptomining at first glance looks like more of a "nuisance" but can open the door for hackers to spread malicious code.
Meyers noted Alert Logic is keeping an eye on "cryptojacking droppers packaged with another exploit" like ransomware or a dormant attack saved for a later execution time. The most effective and cost efficient way to prepare for cyber threats is to incorporate security into the planning and deployment cycle. Security should be treated as an essential layer for every process a company takes, especially in software development phases.