A rise in consumer digital traffic has corresponded with a rise in fraud attacks, Arkose Labs reveals. As the year progresses and more people than ever are online, historically ‘normal’ online behavioral patterns are no longer applicable and holiday levels of digital traffic continue to occur on a near daily basis.

Fraudsters are exploiting old fraud modeling frameworks that fail to take today’s realities into account, attempting to blend in with trusted traffic and carry out attacks undetected.

“As the world becomes increasingly digital as a result of COVID-19, fraudsters are deploying an alarming volume of attacks, and continually devising new and more sophisticated ways of carrying out their attacks,” said Vanita Pandey, VP of Marketing and Strategy at Arkose Labs.

“The high fraud levels that accompany high traffic volumes are likely here to stay, even after the pandemic ends. It’s crucial that businesses are aware of the top attack trends so that they can be more vigilant than ever to successfully identify and stop fraud over the long-term.”

Bot attacks and credential stuffing skyrocket

Q3 of 2020 saw its highest ever levels of bot attacks. 1.3 billion attacks were detected in total, with 64% occurring on logins and 85% emanating from desktop computers.

Due to the widespread availability of usernames, email addresses and passwords from years of data breaches, as well as easy access to automated tools to carry out attacks at scale, credential stuffing emerged as a main driver of attack traffic. 770 million automated credential stuffing attacks were detected and stopped by Arkose Labs in Q3.

For ecommerce, every day is Black Friday

The rise in digital traffic for most of 2020 means businesses have been dealing with holiday season levels of traffic since March. With every day now resembling Black Friday, some retailers are better equipped to handle the onslaught of holiday season traffic and fraud.

However, it remains to be seen if a holiday sales bump will occur this year, given already record high traffic levels for many ecommerce businesses.

While much of 2019 saw a marked shift from automated attacks to human sweatshop-driven attacks, automated attacks dominated much of 2020, with Q3 seeing a particularly high spike. This trend is likely to revert back to more targeted attacks in Q4, as during the holiday shopping season fraudsters typically employ low-cost attackers to commit attacks that require human nuance and intelligence.

Europe emerges as the top attacking region

Nearly half of all attacks in Q3 of 2020 originated from Europe, with over 10 million sweatshop attacks coming from Russia and 7 million coming from the United Kingdom.

Many European countries, such as the United Kingdom, France, Italy and Germany, are among those whose GDP shrunk the most since the global pandemic began. A surge in attacks from nations suffering the biggest dips in economic output highlights the economic drivers that spur fraud.

Pandey said, “COVID-19 has sent the world into turmoil, upending digital traffic patterns and introducing long-lasting consequences. Habits formed during 2020 – namely conducting commerce, school, work and even socializing entirely online – will be difficult to let go of, so fraud teams must be capable of quickly cutting through digital traffic noise and spotting even the most subtle signs of attacks. In particular, using targeted friction to deter malicious activity will be key in the months and years ahead.”

Source: helpnetsecurity

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform.

The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept (PoC) code for as many as 12 security vulnerabilities affecting the web interface of CSM that makes it possible for an unauthenticated attacker to achieve remote code execution (RCE) attacks.

The flaws were responsibly reported to Cisco’s Product Security Incident Response Team (PSIRT) three months ago, on July 13.

“Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn’t mention any of the vulnerabilities,” claimed frycos in a tweet, citing the reasons for going public with the PoCs yesterday.

Cisco Security Manager is an end-to-end enterprise solution that allows organizations to enforce access policies and manage and configure firewalls and intrusion prevention systems in a network.

The company released the 4.22 version of CSM on November 9 with a number of security enhancements, including support for AnyConnect Web Security WSO along with deprecating MD5 hash algorithm and DES and 3DES encryption algorithms.

The vulnerabilities allow an attacker to craft malicious requests as well as upload and download arbitrary files in the context of the highest-privilege user account “NT AUTHORITY\SYSTEM,” giving the adversary access to all files in a specific directory.

“The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device,” Cisco said in its advisory. “An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.”

The flaw has a CVSS score of 9.1 out of 10, making it critical in severity.

A separate flaw (CVSS score: 8.1) due to an insecure Java deserialization function used by CSM could have allowed an unauthenticated, remote attacker with system privileges to execute arbitrary commands on an affected device.

However, Cisco is yet to address the flaw, with a planned fix set to be included in Cisco Security Manager Release 4.23.

The company also said it’s aware of public announcements about the vulnerabilities and that it hasn’t so far found any evidence that the flaws were exploited in the wild.

Source: thehackernews.com

A recent survey from the Financial Services Information Sharing and Analysis Center (FS-ISAC), highlighted that rapidly evolving ransomware attacks have become a primary security concern for most financial organizations. In its latest report, “The Rise and Rise of Ransomware,” the FS-ISAC stated that, “While financial institutions remain resilient to ransomware attacks, they are not immune. Ransomware is a rapidly evolving threat that financial institutions globally and in the APAC region need to be vigilant against.”

The research indicated that ransomware operators have openly claimed successful attacks against eight financial institutions globally in 2020, three of which were banks. It was found that attackers targeted third-party vendors and suppliers used by firms in Asia. The FS-ISAC suggested that even organizations with robust cybersecurity defenses are still vulnerable to ransomware threats, especially through their third-party providers.

Ransomware: A Multi-Business Model

Hackers diversified ransomware attacks by incorporating new revenue streams like:

• Extorting victims by threatening to publicly name them and publish sensitive data online.
• Auctioning off victims’ data to other criminals on the dark web.
• Ransomware-as-a-service, where less technical criminals can buy sophisticated ransomware kits

Top Ransomware Variants

According to the report, the top five ransomware variants in the last 12 months include, Ryuk, Maze, WastedLocker, Troledesh, and Sodinokibi.

“FS-ISAC members regularly report on phishing campaigns sent to staff, including those which lead to ransomware. Ryuk largely dominated the first quarter’s notifications to FS-ISAC with 9 to 12 campaigns noted per month; however, Maze started in earnest in the second quarter with 12 campaigns observed in April,” the report said.

Preventive Measures:

FS-ISAC also recommended certain practices to help prevent ransomware attacks. These include:

• Regularly educate and train employees to maintain situational awareness and report any potential issues immediately.
• Provide real-world examples and repercussions of successful ransomware exploits.
• Perform regular phishing tests to assess your employees’ knowledge and ability to prevent ransomware attacks.
• Train cyber teams to coordinate a response with other parts of the organization including finance, communications, and the executive team to respond when ransomware hits.
• Ensure your incident response and business continuity plan includes ransomware response protocols.
• Include steps to isolate or power-off affected devices that have not yet been completely corrupted.
• Ensure ways to immediately secure backup data or systems by taking them offline and make sure backups are free of malware.

Source: cisomag