Attacker Planning Shows a New Level of Sophistication with Vulnerability Chaining

New hacking schemes built off of vulnerability chaining

Financial services and transaction-based service providers should take heed. In the last 30 days, chatter in dark web forums is signaling that attackers are developing new schemes built off vulnerability chaining techniques to gain access to corporate and enterprise systems. When successful, these attacks allow unauthorized parties to move, often undetected, throughout the network, gaining access to sensitive data and/or critical systems. Attackers can then chose to monetize the attack through data or bitcoin theft, cyber extortion or other exploitive measure.

Vulnerability chaining – a hacking technique

Vulnerability chaining is a well-established technique of hacker tradecraft which occurs during their reconnaissance process. As hackers work to enumerate a target’s digital footprint they identify direct and peripheral vulnerabilities and weaknesses in hardware and software to exploit.

The main benefit of this methodology is that the attackers can gain initial access through whatever technology and exploit tool that they deem to have the highest chance of success and can then go through their “exploit rolodex” to continue deeper into the target network. And they can plan out a large chunk of the operation prior to ever setting digital foot on the target network.

Microsoft IIS 6.0 serves and Monero may be entry point for cyber attacks

Specifically, analysis of attacker discussion patterns across darkweb forums in the last 30 days has highlighted a cluster of focus on malicous code injections of web-based software used to process large volumes of transactions. Using the concept of vulnerability chaining while analyzing the patterns of attacker reconnaissance, Cybeta’s threat analysts further anticipate that the initial entry point may focus on susceptible Microsoft IIS 6.0 servers. Microsoft IIS 6.0 servers undergoing the most reconnaissance are located in the United States and SE Asia.

Interestingly, this same analytical methodology showed a clear uptick in interest, discussion and activity around the cryptocurrency Monero. Although further analysis is needed for a definitive conclusion, it is possible Monero is in the crosshairs either as a preferred mechanism for future ransomware payments or potentially as a target itself for theft.

Take preemptive steps to stop an attack

Risk Managers, their CISOs and IT experts should be taking preemptive steps to monitor for any unusual activity and to strengthen internal detection and response efforts.   Cybeta can help your company stay abreast and protected from this and other emerging cyber threats.

Preventing, detecting, and responding to a data breach is not easy. Cybeta™  offers a suite of cyber intelligence solutions that leverages advanced analytics to produce threat quantifications.   Cybeta™ enables leaders to uncover strengths and weaknesses in their cybersecurity capabilities, detect emerging cyber threats, evaluate threat level against the competition, and make real-time business decisions.   Cybeta experts can help you identify the best solution to predict, preempt, and prevent future threats and cyber attacks.