In the year dominated by the pandemic during which the cyber world has been significantly active, security experts are revealing that the cyber crime has gone through the roof with some techniques getting scarely clever and efficient. Microsoft's security department has recently released a Digital Defense annual report with some interesting findings.
- In addition to the attacks getting more clever and sophisticated the hackers are showing a clear preference towards ransomware and credential harvesting attacks.
- Microsoft reports that is has blocked over 13 billion suspicious and malicious mails in previous year, with 1 billion of those containing a phising link targeted for credential harvesting.
- Credential harvesting in most cases was the first step into Business Email Compromise (BEC) related attacks.
- Attackers would typically target accounts of payroll employees, with clear preference towards Accounting and C-Suites.
- The research also highlights that in the past months hackers are advancing their attacks against legacy email protocols such as SMTP and IMAP with significant rise of password reuse and spray attacks.
- The rise on attacks of the legacy email protocols has been mainly contributed to the rise of Multi-Factor Authentication (MFA) adoption, with the SMTP and IMAP protocols not supporting MFA allowing attackers to target users protected by MFA solutions.
- The most troublesome threat throughout the past year has notably been related to ransomware infections with the most common, troublesome and time taking security incident response in Microsoft has been dealing with problems caused by notorious ransomware gangs.
- The attackers typically rely on discovering newly disclosed vulnerabilities and exploiting those through a range of initial access attacks.
- In most cases once the attackers exploit the vulnerability and grant an access into the victim's system time is taken to acquire the intelligence and perfect out their attack.
- In some cases the attacks were crafted with mass disruption in mind, with automated solutions being able to achieve a full network ransomware attacks within 45 minutes.
- Zerologon vulnerability exploitation on the rise
- Firefox bug allows hijacking mobile browsers
- Zerologon Vulnerability
- Tronlink Wallet uses weak encryption
Ongoing crypto free earn campaigns:
- Coinbase Learn & Earn up to $60 of Compound
- Coinbase Learn & Earn up to $50 of EOS
- Coinbase Learn & Earn up to $50 of XLM
Ongoing crypto non-free earn campaigns:
- Crypto.com $50 of CRO once 1000 CRO staked