Infoblox Raises Phishing Email Alarm, Analyzes SolarWinds Hack
Infoblox took a close look at that big SolarWinds hack in its latest report.
![Cybersecurity lock Cybersecurity lock](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8a8e2421170d03f2/65244d1dd319c6bd6b40ad54/13-Cybersecurity.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Infoblox noted that multiple bills that address cybersecurity are moving through Congress.
The State Cyber Resiliency Act would give grants to states that want to implement cybersecurity plans. The State and Local Cybersecurity Improvement Act would similarly provide grants.
The State and Local Government Cybersecurity Act of 2019 woud make the Department of Homeland Security more involved in cybersecurity threats that involve state, tribal and local governments.
Infoblox gave an example of a high-profile phishing attack.
The California State Controller’s Office suffered a breach last month after an employee clicked on a suspicious link. As a result, an authorized user gained access to the employee’s email account and sent emails to other employees using the account.
Although the Office responded quickly, it surmised that the threat actor got personal identifiable information (PII) about unclaimed property holders. That includes addresses and social security numbers.
CPO Magazine detailed the event.
Infoblox touched on the stunning amount of sophistication in the RaaS space. Yes, that’s right – it’s a space.
According to Infoblox, threat actors are fine-tuning their social engineering methods to take down specific organizations. In addition, their ransomware tools are improving.
Threat actors continue to harness the pandemic for social engineering. Gmail blocked an average of 18 million daily malicious messages referencing COVID-19.
A recent Trickbot malware campaign impersonated the director of the World Health Organization to target banking customers.
This goes to show that cybercriminals know how to prey off our fears and insecurities for their gain.
According to Infoblox, emails carry from 75% to more than 90% of malware. The threat actors coerce employees into opening email attachments and URLs.
Infoblox noted that the majority of email attack campaigns target a wide variety of companies and users, while some “spear-phishing” cases target a specific group or person.
On the other hand, Infoblox wrote that DNS security can “substantially protect” remote workers. Threat actors heavily utilized DNS [domain name system] attacks last year. A study by EfficientIP and IDC found that 79% of organizations faced a DNS attack last year.
“Often, one of the earliest steps in the execution of a threat actor’s attack chain is the use of DNS to reach out to malicious domains and establish C&C [command and control] communications,” the Infoblox report said.
Work-from-anywhere comes with security consequences.
Infoblox cited a Malwarebytes survey that found that businesses largely remain working from home. Seventy percent of companies had moved 61% or more of their employees to a work-from-anywhere setup.
However, Infoblox stated in its report that untrusted home networks contain a variety of pitfalls for users. In addition, many employees are using home devices that lack a properly configured firewall. Moreover, on-premises enterprise security features simply can’t help distributed workers “without significant redesign.”
Infoblox also analyzed the devastating SolarWinds supply chain attack, in which a nation-state breached thousands of companies and agencies.
Infoblox noted that threat actors circumvented code-signing. Software designers use certificate-based digital signatures to ensure that users know the software came from the original source. However, these cybercriminals not only got around code-signing but managed to get a legitimate SolarWinds digital signature. From there, the malicious code entered into SolarWinds’ regular distribution and propogated.
The report authors urged software suppliers to re-examine their code signing policies.
“Crafting a strategy to breach a software provider’s most secured continuous integration/continuous delivery (CI/CD) pipeline means threat actors re aiming for the heart of cyber defenses,” the report concluded.
Infoblox also analyzed the devastating SolarWinds supply chain attack, in which a nation-state breached thousands of companies and agencies.
Infoblox noted that threat actors circumvented code-signing. Software designers use certificate-based digital signatures to ensure that users know the software came from the original source. However, these cybercriminals not only got around code-signing but managed to get a legitimate SolarWinds digital signature. From there, the malicious code entered into SolarWinds’ regular distribution and propogated.
The report authors urged software suppliers to re-examine their code signing policies.
“Crafting a strategy to breach a software provider’s most secured continuous integration/continuous delivery (CI/CD) pipeline means threat actors re aiming for the heart of cyber defenses,” the report concluded.
Email leads all cyberattack pathways, according to Infoblox.
The latest Infoblox Cyberthreat Intelligence Report concludes that email accounts for up to 90% of malware attacks. Threat actors are more and more carefully crafting deceptive emails that lure employees into opening harmful attachments and links.
The report noted that enterprises are struggling to adapt to the security demands of cloud transformation.
“In several ways, even the most capable enterprise security architects have to start from scratch to determine what security controls were necessary to protect new cloud environments,” the report authors wrote. “In addition, many new vendors have to invent the security controls uniquely required by various cloud environments.”
Infoblox, which recently keyed partners in on how they factor into its phase 3.0, publishes a quarterly report.
Check out the slideshow above to see some of the report’s key findings.
Read more about:
MSPsAbout the Author(s)
You May Also Like