Breaking News

Remote code execution most common cyber threat faced by Canadian firms: Report




Remote code execution most common cyber threat faced by Canadian firms: Report

According to a report by Check Point Software Technologies, Canadian cybersecurity teams face a variety of threats, but the most common vulnerability exploit type is remote code execution (RCE).

In its annual Mid-Year Attack Trend Report that uses customer data, the company said that in 61 percent of attacks against Canadian organizations in the first six months of the year, a threat actor codified with any system. Tried to run or successfully run -level privileges on the server.

The report did not say how many of these attacks were caught before corporate data was compromised.

The next most common vulnerability types were system information disclosure (57 percent) and authentication bypass (44 percent).

The ratio of these three was almost the same all over the world.

Globally, the report said, organizations experienced a 29 percent increase in cyber attacks in 2020 compared to the same period. The EMEA (Europe, Middle East, Africa) region showed the highest growth with 36 per cent, followed by the US. of 34 percent.

The report says that perhaps the newest tactic seen this year is the rise of so-called triple extortion ransomware attacks, where threat groups not only pressure the victim organization to release data if they don't pay, but also involve customers and customers. There are also partners. Hopefully they will put pressure on the management to surrender. Sometimes ransom is also demanded from these third parties.

up to 93 percent attacks
Globally, the number of ransomware attacks on organizations increased by 93 percent in the first half of the year compared to the same period a year ago. This means organizations must have a "collateral damage" strategy in place to combat ransomware and other attacks, Check Point says.

"Ransomware will increase" in the second half of the year, the report predicts, "despite law enforcement taking steps."

The report mentions the major Canadian and publicly reported cyber attacks so far this year. In this country they included Canada Post (ransomware; affected 44 corporate customers and compromised the data of more than 950,000 customers. Data was stolen between July 2016 and March 2019); Sierra Wireless (ransomware interrupted production); Bombardier (data breach of employee, customer and supplier information); Discount Car and Truck Rentals (Darkside Ransomware, Interrupted Service); TransLink, manager of Metro Vancouver's transportation network (ransomware, disrupted phone lines, online services and payment systems); And the unnamed Canadian bank AutoHotkey was found to be targeted by credential theft.

One of the biggest incidents internationally involved Volkswagen's Audi division (data on 3.3 million customers or potential customers left on an unsecured database).

Canada's numbers
Other Canadian data revealed:

- The top malware detected was Trickbot, which affected five percent of organizations (seven percent globally). Trickbot is a modular botnet and banking Trojan targeting Windows, mostly spam or distributed by other malware families such as Emotet. Trickbot initially grabs system data, sends it back to the attacker, who orders it to download and execute an attack module to steal credentials (and often, ransomware).

-The top malware list in Canada includes two banking Trojans, two information stealers (FormBook, Agent Tesla), one Trojan (Arkey), one RAT (Remote Access Trojan Agent Tesla) and one exploit (SpelevoiK).

-73 percent of malicious files sent to Canadians were delivered by email.

While many threat groups are located outside the country, their distribution systems are spread around the world to remove impregnation. This may explain why 61 percent of threats to Canadians and Canadian firms come from the U.S. Why you come Fifteen percent come from "other" countries, and 14 percent come from within our borders.

Another prediction is that man-in-the-middle attacks call Check Point a "hacker in the network". Over the past two years, its researchers have observed an increase in the use of commercial penetration testing tools such as Cobalt Strike and Bloodhound by attackers. Not only do these tools present a real challenge from an identification standpoint, but they also give hackers live access to compromised networks, which they can scan and scroll through at will, the report said. Can customize attacks. "Security professionals will need a new set of skills to detect such an attack and prevent it from happening in the future," the report said.

No comments