How Log4Shell, BlueKeep, and OpenSMTPD affect companies cybersecurity.
Kaspersky Lab has published a new report, Cyber Threat Landscape for Russia and the CIS for the first quarter of 2024 and the entire year 2023. In the document, the Kaspersky Cyber Threat Intelligence team described in detail the current threats, tactics, techniques and procedures of attacks, as well as suggested methods for reducing cyber risks.
One of the key trends identified in the report was the increasing threat of hacktivism over the past 1.5 years. Hackers target organizations with weak security, regardless of their industry, and use any available tools on an open network. At the same time, groups that pursue espionage and financial gain, such as cryptographers, do not reduce their activity.
Criminals do not seek to change their scenarios and continue to attack organizations that are least prepared from the point of view of cybersecurity. Hackers actively exploit known vulnerabilities in popular products. More than 50% of the most actively exploited vulnerabilities were registered at the end of the last decade.
In 2023 and the first quarter of 2024, cybercriminals exploited vulnerabilities in 7-Zip archivers (CVE-2023-31102, CVE-2023-40481 and CVE-2022-29072), WinRAR (CVE-2023-38831), as well as in the Google Chrome browser (CVE-2023-1822, CVE-2023-1812, CVE-2023-1813, and others) for attacks on corporate devices in Russia and the CIS. Most of these flaws allow malicious code to be executed, and almost all of them were registered in 2023.
Ransomware continues to pose a significant threat. In 2024, they remain one of the main threats to organizations around the world. The number of such attacks is consistently high, the ransom amount is growing, and companies are facing difficulties in decrypting data. Among the most common ransomware programs in the first quarter of 2024 were Dcryptor, Lockbit and Conti, and a year earlier Phobos, Lockbit and Conti were in the lead.
Kaspersky Lab noted that the purpose of the report was to show the importance of properly structured information security processes and analyze the tactics, techniques and procedures of attackers.
It is emphasized that to prevent attacks, it is important to build a process for eliminating vulnerabilities (Patch Management) and use comprehensive security solutions to quickly identify and eliminate threats. An important role is played by improving the digital literacy of employees, as in many cases attacks become possible due to the human factor.
Kaspersky Lab experts recommend:
Kaspersky Lab has published a new report, Cyber Threat Landscape for Russia and the CIS for the first quarter of 2024 and the entire year 2023. In the document, the Kaspersky Cyber Threat Intelligence team described in detail the current threats, tactics, techniques and procedures of attacks, as well as suggested methods for reducing cyber risks.
One of the key trends identified in the report was the increasing threat of hacktivism over the past 1.5 years. Hackers target organizations with weak security, regardless of their industry, and use any available tools on an open network. At the same time, groups that pursue espionage and financial gain, such as cryptographers, do not reduce their activity.
Criminals do not seek to change their scenarios and continue to attack organizations that are least prepared from the point of view of cybersecurity. Hackers actively exploit known vulnerabilities in popular products. More than 50% of the most actively exploited vulnerabilities were registered at the end of the last decade.
- The most common vulnerability in 2023 and the first quarter of 2024 was CVE-2021-44228 (Log4Shell) in the Apache Log4j library, which allows remote code execution.
- This is followed by CVE-2019-0708 (BlueKeep) in Microsoft Windows and Microsoft Windows Server, which also allows you to disclose confidential information, increase privileges, and replace the user interface.
- Third place is occupied by CVE-2020-7247 in the OpenSMTPD mail server, which allows remote code execution and privilege escalation.
In 2023 and the first quarter of 2024, cybercriminals exploited vulnerabilities in 7-Zip archivers (CVE-2023-31102, CVE-2023-40481 and CVE-2022-29072), WinRAR (CVE-2023-38831), as well as in the Google Chrome browser (CVE-2023-1822, CVE-2023-1812, CVE-2023-1813, and others) for attacks on corporate devices in Russia and the CIS. Most of these flaws allow malicious code to be executed, and almost all of them were registered in 2023.
Ransomware continues to pose a significant threat. In 2024, they remain one of the main threats to organizations around the world. The number of such attacks is consistently high, the ransom amount is growing, and companies are facing difficulties in decrypting data. Among the most common ransomware programs in the first quarter of 2024 were Dcryptor, Lockbit and Conti, and a year earlier Phobos, Lockbit and Conti were in the lead.
Kaspersky Lab noted that the purpose of the report was to show the importance of properly structured information security processes and analyze the tactics, techniques and procedures of attackers.
It is emphasized that to prevent attacks, it is important to build a process for eliminating vulnerabilities (Patch Management) and use comprehensive security solutions to quickly identify and eliminate threats. An important role is played by improving the digital literacy of employees, as in many cases attacks become possible due to the human factor.
Kaspersky Lab experts recommend:
- conduct regular training sessions for employees;
- use complex and unique passwords;
- set up multi-factor authentication;
- restrict access rights;
- build network segmentation;
- install reliable EDR solutions to protect end devices;
- use solutions with Sandbox technology to prevent malware penetration through email attachments;
- regularly update the operating system and software on all corporate devices;
- for effective protection, it is important to provide information security specialists with access to up-to-date information about the latest tactics, techniques and procedures of intruders.
