Intelligent CIO Africa Issue 21 - Page 18

LATEST INTELLIGENCE MALWARE REVIEW: A LOOK BACK AND A LOOK FORWARD PRESENTED BY T hroughout 2017, major cyber events that resulted in severe financial and business-critical data loss dominated the global media. From cyber-enabled banking heists to WannaCry, NotPetya, and a second serving of Shamoon, the critical threats posed to our information security were glaringly apparent. While these major events took the spotlight, less visible evolutions in the threat landscape continued. Download whitepaper here Phishers demonstrated how quickly they could exploit recently disclosed vulnerabilities, change how they use or modify flexible malware, and how swiftly they could profit from new attack surfaces. With the rise in and proliferation of cryptocurrencies, the increase in enterprise use of cloud platforms, and leaks of sophisticated and highly effective exploitation methods, attackers have more gates through which they can access sensitive enterprise and personal information and finances. Furthermore, public disclosures of sophisticated capabilities help less-sophisticated actors close the gap as they are handed improved tactics, techniques, and procedures (TTPs). This report details the 18 INTELLIGENTCIO emerging trends that defined 2017 and profiles areas of priority for network defenders in 2018. Delivery Methodologies Over the past year, three notable malware delivery trends emerged throughout the thousands of phishing campaigns analysed by Cofense Intelligence. First, we observed an increase in abuse of legitimate software features to deliver malware, complicating detection and mitigation by network defence solutions. Second, the rapid widespread exploitation of recently disclosed vulnerabilities further exposed the dangers of operating legacy operating systems and how widely legacy systems are still in use, as well as the insufficient speed with which many organisations patch their systems. Third, malicious actors are consistently innovating phishing delivery techniques to keep pace with changing technology trends and new attack surfaces to increase infection rates and evade detection. n