It seems like we are now approaching the 1.5-month mark here with the COVID19 epidemic.  It seems that the stock markets are picking up steam again, and countries around the world are opening up yet once again, even many states here in the U.S. (well, IL is the exception, we are still under a very strict lockdown here – who knows when it will all end). 

But unfortunately, the total number of unemployed still arises, and in fact, I hear it is just as bad as it was during the Great Depression.

But honestly, I think things will start to pick up slowly.  It may not the be proverbial V-shaped recovery that I would it would but, it may be more of a flatter U-shaped kind of recovery.  But hey, maybe slower is better in the end. 

At least it will be solid.  But, also unfortunately, the total number of Cyberattacks is still increasing at even a faster clip, probably even more so than anybody ever thought that it would.

Yes, the COVID19 has been of course a huge catalyst in this, but the Cyberthreat landscape was going to prove to be a much more complex one when the security pundits made their predictions towards the latter part of 2019. 

Although the news still surrounds itself with the likes of Zoombombing and the security issues of WFH, keep in mind that the traditional threat vectors are still lurking out there. 

They are as follows:

*Ransomware;

*File extension attacks;

*File less attacks against critical applications.

These trends have been further substantiated as well as conducted through an extensive research project conducted by a Cybersecurity company known as Panda Security.  Their report is entitled:  “Panda Security Threat Insights Report 2020”.  It can be downloaded in its entirety at this following link:

https://www.pandasecurity.com/emailhtml/2004-report-threath-20/Threat-Insights-Report-en.pdf

Specifically, the following were examined:

*Almost 15 million distinct malware events since 2019;

*Over 76,000 alerts and warnings that were designed to exploit the vulnerabilities that are found in various software applications, network infrastructures, and hardware devices (which also includes workstations and all forms of wireless devices).

Ransomware:

The report also provides a geographic breakdown of which country has been hit the most.  The following diagram illustrates the impacts of Ransomware on a global basis:

(SOURCE:  https://www.securitymagazine.com/articles/92336-panda-security-report-ransomware-fileless-attacks-are-still-growing-concern)

As one can see, the majority of the targeted countries seem to like in the Middle Eastern, South American, and even the Pacific Rim geographic regions.  All in all, it appears that Thailand is the overall of the leader of the pack here, and quite surprisingly, the United States is quite low. 

Some of the reasons cited for these high rates in these geographic segments because of insecure endpoints from within the network infrastructures.

This is a point I have hit upon many times before – just because the direct lines of network communications are secure, you still need to secure the endpoints.  In other words, the point of origination and points of destination need to be fortified as well. 

Many companies are still ignoring to do this on a worldwide basis, thus that is why they are still becoming victims of Ransomware attacks.

The study even noted that the targets in these specific geographic regions are not the end by any means, rather; it has been projected by the research that they are also the places where a bulk of the Cyberattacks are also being launched from as well.

File Extension Attacks:

In most Phishing attacks, the file extensions of .DOC, .XLS, and .PPT have been exploited the most (these represent Word, Excel, and Power Point, respectively). 

The following illustration points out the top 17 file extensions that have been targeted thus far:

(SOURCE:  https://www.securitymagazine.com/articles/92336-panda-security-report-ransomware-fileless-attacks-are-still-growing-concern)

Upon closer look, it appears that the .PDF extension is the most widely used one in order to deploy the various types of Malware payloads.  Actually, IMHO, I find this to be rather surprising.  For example, whenever I peruse the Cyber news headlines on a daily basis, while attacks on the .PDF extension are rising, most of the calamity comes from the O365 suite of applications, as just described. 

In fact, much to my disbelief, I am also quite surprised to see that these extensions are ranked towards the bottom of the list.  For instance:

*.XLS is at #6;

*.DOC is at #7;

*.PPT is at #15.

But overall, the Microsoft product line is represented in 8 different situations here, including the above.

*File less Attacks Against Critical Applications:

This is a newer type of threat variant that is coming about these days, and the worst part of it is that they often go undetected by even the most sophisticated of anti-virus and anti-malware software applications.  Specifically, it can be further defined as follows:

“A file less malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer. Unlike other malware attacks where software is unknowingly installed onto the user’s device, file less malware attacks use applications that are already installed which are thought to be safe. Therefore, file less malware attacks do not need to install malicious software or files to initiate an attack.”

(SOURCE:  https://whatis.techtarget.com/definition/fileless-infection-fileless-malware)

So, the difference between this kind of threat variant and the traditional Malware attack is that the latter actually deploys a malicious software application (most often in the form of a .EXE file); whereas the latter typically uses the applications that are already in existence on the end uses computer or wireless device. 

The primary reason why file less attacks go undetected is that they often reside from within the RAM of the computer and/or wireless device, and from there, it executes a series of specially designed events in order to cause the damage that it was originally designed to leave. 

Also, this threat variant does not leave any traces or even writes itself to any partitions of the hard drive, thus evading detection, as just previously described.

The list below depicts the top software applications that are exploited in this regard:

(SOURCE:  https://www.securitymagazine.com/articles/92336-panda-security-report-ransomware-fileless-attacks-are-still-growing-concern)

Microsoft related products round up the list in total, with 6 applications that are being typically being exploited.  I am also kind of surprised to see that Firefox is ranked all the way at the top, because I do not come across them too many times in the news headlines when I do my research on a daily basis. 

I am glad to see that Chrome, while still on the list, is ranked all the way at the bottom. 

I know that Google has so far done a great job in beefing up Chrome in terms of its security features and functionalities.

My Thoughts On This:

There you go, a deeper dive into the most prevalent Cyberattacks that are happening this year, minus the Zoombombing and other COVID19 related Cyber events.  What can you do to protect your self from all of them?  Well, everybody is at risk.  The key lies in learning how to mitigate that level of risk, so that you further minimize the damage and downtime that you might experience.

Probably the key take away here is that always keep backups and update those backups on a daily basis.  In this regard, I am actually a big fan of using the Cloud, primarily that of the AWS and Azure.  Both of these juggernauts offer enterprise grade level security for your mission information and data. 

But keep in mind that the learning curve can be a little steep in the beginning, and it can also take some time to get used to them as well.

But, if you are an SMB owner, and your needs are pretty basic and straight forward, something like Dropbox or Google Cloud will also serve you just as well also.

Finally, it will be quite interesting to see what all this look like one year from now, when hopefully the COVID19 hopefully shakes itself out as the primary threat vector.