The company was able to fully determine the attack was an inside job. An employee used fraudulent means to gain access to customer support databases, retrieve the data and sell it. (SC Magazine, 2019)
Too much reliance on limited or biased AI (artificial intelligence), whether in looking for anomalous behavior of employees, software, or networks, is resulting in everything from alert fatigue to the increased risk of wrongful termination litigation. You have to have trust in the people in your organization. (SC Magazine, 2019)
Another flaw exists in the driver’s installer software and is also rated high-severity. The software incorrectly loads dynamic link libraries without validating their path or signature. This could enable an DLL preloading attack, where an attacker gains control of a directory on the DLL search path, and places a malicious copy of the DLL in that directory. (Threatpost, 2019)
The firmware update process does not perform cryptographic signature verification before accepting updates and writing the contents to SPI flash. The second bug is a command-injection bug. In this context, the code that performs the firmware update process itself contains the command-injection vulnerability. Once in, the stealth and persistent nature of the flaw allows for an attacker to hide on a system’s flash chips. Neither a software upgrade or swapping out local storage would mitigate the attack vector (Threatpost, 2019)
Malvertising is an attractive attack vector for EK users, mainly because it offers a large potential victim pool compared to other avenues. When leveraging a compromised website to deliver exploits, the victim pool is confined to only people navigating to that website. In contrast, with malvertising, attackers can hit a much larger array of different victims in different locations. (Threatpost, 2019)
In terms of the attacks that succeeded, over half of them were phishing attacks; a third resulted in malware infections; another 35 percent pointed to software exploits. Most respondents said that they needed more skills to combat threats, but 80 percent also said that they struggled to recruit the right people. Two-thirds of respondents said that their budgets for people and technology were too low. (Threatpost, 2019)
One of the more commonly exploited vectors used by attackers today is poorly secured third-party supply-chain vendors. Adversaries often take aim at organizations that have unfettered access to a multitude of customers, to get a foothold inside their primary target. To make matters worse, in most scenarios, visibility into these environments as a customer is essentially zero, meaning that at any point an attacker could gain unauthorized access without your knowledge.
Consider the following real-world scenario: Scheduled routine maintenance on the company’s IT equipment takes place, but while on site, the technician performs some additional configuration one of the routers – which opens a backdoor for the attacker to stroll right in. The technique is no different than having an inside accomplice working at a bank, providing the access for carrying out a robbery
Consider this other scenario: An insider feeds intelligence to attackers and “accidentally” clicks on phishing links. I’ve seen employees of companies assist nation-state adversaries by simply opening the door for them: I worked on a case where an employee intentionally infected his computer, allowed the adversary to use his machine as a backdoor, then played the victim. (Threatpost, 2019).