AhnLab announced that it has selected five major security threat trends in the first half of this year. The ‘Top 5 major security threat trends in the first half of 2021’ announced by AhnLab are ▲increasing targeted ransomware attacks ▲continuing attacks exploiting organizational infrastructure solutions ▲distribution of information leak-type malware disguised as work emails ▲social issues in cyber attacks Active use ▲Active hacking group presumed to be supported by the state.
Chang-gyu Han, Director of AhnLab Security Response Center (ASEC), said, “Attackers are targeting the ‘weakest link’ throughout the entire process of a cyber attack, from system vulnerabilities to users. In order to minimize damage from increasingly sophisticated security threats, institutions and companies must “It is essential for all entities, including users, to prepare response plans and comply with security rules,” he said.
Details of the Top 5 major security threat trends in the first half of 2021 are as follows.
▲ Increase in targeted ransomware attacks
AhnLab predicted an increase in targeted ransomware attacks in its ‘2021 Top 5 Cyber Security Threats Forecast’ earlier this year. As expected, numerous companies around the world suffered targeted ransomware attacks in the first half of this year. The attackers broke into companies and institutions, leaked information and infected ransomware at the same time, and then made a double threat to disclose the leaked information if they did not pay money. Among these attacks, many cases were confirmed to have been distributed through ‘Ransomware as a Service’ (RaaS), which assists in everything from creating ransomware to distributing it.
Once such an attack occurs or internal information is stolen, an organization may become the target of threats again, so organizations must always respond to ransomware attacks by not only utilizing security solutions but also strengthening security training for internal employees.
▲ Attacks abusing organizational infrastructure solutions continue
Attacks that exploit an organization’s infrastructure solutions or supply chain include attempts to hijack AD servers (*) using a hacked version of a specific penetration testing tool from last year to the first half of this year, and the recent distribution of ransomware using vulnerabilities in ‘Kaseya VSA’, an IT security management solution. continues continuously. If an attacker takes control of the solution used to manage internal resources or provide services within an organization, it can cause significant damage to the organization and the customer companies that use the service, such as spreading ransomware or stealing information. In addition, attackers also actively carried out attacks taking advantage of vulnerabilities in VPN (virtual private network) solutions, which are frequently used in the remote (home) work environment that has become the ‘new normal’ after the coronavirus.
* ‘Active Directory (AD) Server’: A server that provides AD (Active Directory) service that is connected to multiple systems such as users, user groups, and networks, and can efficiently manage the resources in an integrated manner. If the account is hijacked, the attacker may have the power to take control of the internal system.
In general, organizations respond sensitively to attacks coming from outside, but they tend to easily trust programs and related files that are already in use. Therefore, in addition to general security policies, an organization’s security manager must continue efforts to increase threat response capabilities by collecting information using TI (Threat Intelligence) services.
▲ Distribution of information leak-type malicious code disguised as work email
According to malware analysis statistics collected by AhnLab Security Response Center (ASEC), the most frequently discovered malware in the first half of this year is information leak-type malware represented by Formbook and AgentTesla. Many of these were distributed as emails impersonating invoices, purchase orders, or purchase orders by inducing the execution of malicious URLs in the email body or as attached files. In particular, employees who impersonate highly trustworthy real companies or are in charge of related work by speaking natural Korean without awkward expressions are prone to being infected with malware even if they are just a little careless.
Because leaked information may be used for secondary attacks such as targeted attacks, users should carefully check the email sender and attachments and avoid executing attachments or URLs in emails from unknown sources.
▲ Active use of social issues in cyber attacks
Attacks that utilize issues of high social interest are a method frequently used by attackers. In particular, in the first half of this year, many attacks were discovered using keywords related to the COVID-19 situation, such as ‘(Corona) confirmed patient movements’, ‘disaster relief funds’, and ‘comprehensive information on support for small business owners’. Recently, attacks were discovered that exploited social issues that may be of interest to specific groups, such as the ‘Korea-US summit’. There were also various attack methods, such as attaching malicious attachments and URLs to emails using the issue, or encouraging users to click on URLs in text messages disguised as COVID-19-related information.
In the future, it is highly likely that attackers will use keywords related to daily life to lure users, so users should prohibit the execution of URLs from unknown sources in text messages or emails and use verified websites or platforms when searching for issues.
▲ Hacking group presumed to be supported by the state is active
In the first half of this year, numerous reports were published at home and abroad on the activities of hacking groups believed to be supported by certain countries. According to the report, their hacking activities were not limited to specific fields but occurred in various fields such as politics, society, economy, culture, defense industry, medicine, and cryptocurrency. In particular, as the number of COVID-19 infections has recently increased, cyberattack attempts have occurred targeting domestic and foreign pharmaceutical companies.
Attack methods are becoming increasingly sophisticated, such as exploiting vulnerabilities in web browsers such as IE (Internet Explorer) and Chrome, as well as exploiting vulnerabilities in programs that run in conjunction with domestic web browsers or creating phishing sites impersonating famous domestic portals. Accordingly, individuals and organizations must practice basic security rules, such as updating all programs in use to the latest version and applying security patches.
Source: Pangyo Techno Valley Official Newsroom
→ Go to ‘Asia Innovation Hub Pangyo Techno Valley 2021’ news