Blog
Home > News and Whitepapers > Part IV: Next Generation Threats
Next Generation threats, by comparison, do not use conventional methods to reach your electronic assets. They can disguise themselves as trusted traffic. They can use legitimate programs – like Outlook or Adobe Acrobat – to run rules to manipulate data on the computer or server. Next Generation threats can use your own employees to do the work for them.
None of these are detectable by conventional antivirus or spam filters.
One such Next Generation Threat is one that’s been around for a long time: The Zero-day Vulnerability.
Sometimes, trusted software has security holes. There are errors in software code, and these security holes can be used right through the software to deliver malicious attacks. When a hole is used by a malicious actor or is discovered to present a risk, it is referred to as a “zero-day vulnerability.” This means it is not in the future, but is a vulnerability that exists today and malicious actors are already working to utilize it to gain access. Zero-day vulnerabilities are closed by the software manufacturer engineers providing patches or hotfixes.
Again, antivirus won’t find these – the software with the security hole is trusted. There is no malware to detect.
Zero-day vulnerabilities introduce what we refer to as the Supply-Chain attack.
The Supply-Chain Attack is one that is delivered through compromised code in trusted software, usually through a software update. A malicious coder inserts program instructions in the software update, allowing them to use the software right under our noses.
January 2021: a set of malware code – referred to as Sunburst and Sunspot – was reported to be found in trusted IT management software, called SolarWinds. This malware was inserted into the development process for the popular software sometime in 2019. This malicious code was used to monitor and encrypt computers that had the SolarWinds Orion software installed, unknown to hundreds of IT departments who used the software.
March 2021: Four zero-day vulnerabilities in Microsoft Exchange Server were being actively exploited by state-sponsored threat actors to open backdoors, harvest information, and deliver malware. Microsoft reported that they became aware of the exploits – referred to as ProxyLogon and Hafnium – in early January 2021, and issued patches to fix the vulnerability in March 2021. It is still unclear as to the extent and depth of the exploit, but the threat was demonstrated to allow remote execution of programs and commands on servers, and could be used to collect information and inflict ransomware on internal networks. Cloud-based versions of Microsoft Exchange (Microsoft 365) were not impacted by this vulnerability.
July 2021: Another infrastructure software application – Kaseya – was compromised in a similar fashion as SolarWinds. In this case, when the monitoring software was updated overnight, the latest version had the malicious code (REvil) embedded. Endpoint devices were encrypted within two hours of update, locking networks worldwide. When IT departments arrived at their desks the next morning, the damage was done and their only options were to pay a ransom or restore servers and computers from backup.
In all three cases, conventional protection could never detect or stop these threats. There was no delivery of malware to a computer. There was no spam or phishing. There was no link to click, and no attachment to open. They were delivered through trusted software, critical to everyday business operations.
If these threats were not detectable – were not knowable – could they be stopped? Are they inevitable?
In the case of SolarWinds and Kaseya, the malware was introduced through the IT department – those specifically responsible for watching for the safety of the network.
With Teqworks Advanced Threat Protection cybersecurity solution, these Next Generation threats can be prevented before they wreak havoc on your business, and recovery is possible without paying a ransom. Reach out to us to avoid the painful process of recovering from an attack that can bring your entire business to its knees.
Stay tuned for the upcoming article Part V: Targets Prediction and Behaviors Detection
Request more information and quote for Advanced Threat Protection, powered by Teqworks
Request for more information about Teqworks Managed IT program