The data underscores that as companies adapted to the realities of the pandemic, attackers sought out weaknesses exposed by the new work arrangements, says Michael Covington, vice president at Wandera. Most organizations really had to focus on keeping people being productive, and that meant you had to peel back the policies, and just make it easier for people to get into their applications, to use their devices, and feel empowered, because IT wasn t available to physically go to workers and help them out, Covington says.
The shift in tactics allowed attackers to shift the way they tried to infect those workers in order to catch them when they were at their least vigilant.
Malware Developers Refresh Their Attack Tools
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
The developers of attack tools continue to make headway in hobbling defenders from detecting and analyzing their malware, creating more complex infection chains to stymy defenses, an analysis by the Cisco Talos research team stated this week.
The researchers analyzed the latest attack techniques associated with an information-stealing campaign, known as LokiBit, and found that its developers have added a third stage to its process of compromising systems along with more encryption as a way to escape detection. The attacks also use a variety of other attack techniques, such as socially engineering users to enable macros on Microsoft Office, using images to hide code, and widespread encryption of resources.
Even Small Nations Have Jumped into the Cyber Espionage Game
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a zero-click iMessage exploit that targeted journalists last year.
Driven by the accessibility of commercial spyware and surveillance tools, sophisticated attacks using a variety of zero-click exploits attacks that don t require user interaction are increasingly within the reach of smaller nations, according to The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs and Public Policy at University of Toronto.
In an analysis published in late December, the group detailed how nations of the Gulf Cooperative Council (GCC) in the Middle East used the commercial Pegasus spyware sold by the NSO Group to hack three dozen phones and spy on journalists and news producers. The attacks used a zero-click iMessage exploit that u
While the data for the entire year has not been fully analyzed, the trend seems likely to continue, says Thomas Reed, director of Mac and mobile for Malwarebytes. On Windows, we have all sorts of exploits that happen it is a much more common thing on the Windows side to, say, visit a website and suddenly your machine is infected, he says. That really does not happen on the Mac OS.
Apple has typically benefited from its minority marketshare among desktop and laptop systems as well as a more tightly controlled ecosystem. Binaries typically must come from either the Apple App Store or a recognized developer, for example, to avoid requiring the user to specifically allow the program to install, a feature more restrictive than the AppLocker policy on Microsoft Windows.