Weekly threat monitor – May 18th

As many countries came out of lockdown last week, hackers stepped up their attacks on target entities including manufacturing plants, medium businesses, and some government agencies. Attacks on healthcare continue to accelerate while the volume of infected traffic hit a record last week. Intercepted traffic clearly shows a spike in themed malware transmission by masquerading as harmless document files.

This week also recorded a huge rise in attacks on the transport sector, especially transport fleets. Hackers are trying to access the financial information of customers of these companies by targeting employees, fleet management, and cargo management systems. Attacks on fleet management systems grew by 30 percent. Hackers may have been able to breach some companies in the last 6 weeks. Some of them may not even be aware of such a breach yet.

In addition to attacking health-care providers, hackers have now started targeting the supply chains associated with these agencies. Such attacks were targeted at medical device suppliers, device manufacturers, and even drug manufacturing plants.

The increase in attacks despite clear warnings by CERT teams and other agencies, hackers seem to be breaching cyberdefenses thanks to a combination of factors involved including confusion, anxiety, unsafe passwords, obsolete and unpatched software and the sudden increase in the number of surfaces available for hackers to exploit.

As the strain of cyberattacks continues to grow, a major breach may be just around the corner, if it hasn’t already happened. Hackers are closely tracking stimulus payments and other infusions of capital in various sectors by governments and big donors. This could mean that a percentage of such stimulus payments is directly at risk from hackers who are planning and acting to exploit them.

Summary of attacks seen so far in 2020

  • Attacks designed to compromise weak channels offering remote access to employees facilitating the deployment of ransomware by encrypting data and holding the data to ransom
  • The second level of attacks triggered while cyber defense teams are responding to a breach detected by them. This attack cripples key systems thereby prolonging the recovery window
  • Compromise of remote devices to exfiltrate data
  • Attacks designed to reconfigure home-based internet access devices such as routers to intercept data traffic and to inject malware capable designed to exfiltrate passwords and confidential information.
  • Attacks connected to the use of video conferencing software and VPNs
  • Attacks linked to the emergence of new threat surfaces as network perimeters increase

Weekly advisory

We expect the attacks on critical infrastructure to grow this week along with attacks on these sectors:

  • Healthcare
  • Utility entities
  • Financial services
  • Healthcare research labs
  • Control systems connected with critical infrastructure
  • Government – especially lawmakers and government agencies connected with internal/homeland security
  • IoT projects in the transport sector especially vehicle tracking systems.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top