“Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities.
The month of August saw several campaigns targeting the financial sector with multiple variations. After a recent decline in observed infections, McAfee reports a 29% increase in cryptojacking and ransomware attacks in the first quarter of 2019, compared to 2018 (McAfee Labs Threat Reports: August 2019). This could get worse as we go further in 2019. Data breaches are consuming headlines and Security/IT teams are scrambling to keep up.
A report from Corporate Compliance Insights states that in 2018 the average cost of a data breach was $7.91 million. As a result, several high profile CEOs and CIOs were forced to resign after their systems were compromised. With the rising costs and impact on corporate brand, data breaches have moved from an IT problem to an executive and boardroom problem. With the government becoming more involved in the repercussions of a breach, the cost could rise considerably in 2019.
In July, BlueVoyant reported that Microsoft alerted a large number of organizations that they had been targeted by nation-state actors. In August, Microsoft zeroed in on APT28, also known as Fancy Bear, which they believe is responsible for multiple attacks using IoT devices. Specifically, VoIP phones are regularly being used to gain access to corporate networks.
Researchers at Armis Labs discovered multiple zero-day flaws in VxWorks, the Operating System (OS) used in more than 2 billion IoT devices globally. The VxWorks disclosure impacted ostensibly low-risk devices, printers, firewalls, and medical equipment. But the underlying risk was that those devices provide access points into corporate networks, rendering network security layers virtually useless. Many IoT devices are connected to corporate networks with little management and oversight. Making matters worse, Microsoft pointed out that many IT operation centers are not aware that these IoT devices exist on the network.