3 Cyber Risk Trends to watch out for

0-Day exploit ransomware

Whereas traditional ransomware attacks known and internationally referenced vulnerabilities (CVEs), this new trend targets flaws that are unknown to manufacturers and for which there is no "security patch" on hand, ready to be installed.

These kinds of ransomware have two distinctive features:

1. They are extremely effective. Given that the vulnerability is unknown, it is impossible to ward off the attack and only "behavioural analysis" type detection methods will be of any use.
2.  They are particularly expensive for anyone (criminal group, government, etc.) wishing to use this 0-Day. This cost is down to the fact that these 0-Day vulnerabilities are sold on platforms at prices of up to several hundred thousand dollars. This implies the need for the criminal groups to generate a certain return on investment when attacking their intended targets.

What is most surprising is that these 0-Day vulnerabilities have been used in the past by states for "cyber espionage" or "nation-state sponsored" cyber attacks. Today, they are being sold to the highest bidder.

Attacks on Cloud services authentication

The second trend that caught our attention revolved around attacks on the authentication of Cloud services. Despite the unanimous voices clamouring for the need for two-factor authentication (MFA), many organisations and users are yet to adopt this approach.

These days, cybercriminals are increasingly targeting the "tokens" that are issued once authentication has been successfully completed. These tokens are often used to improve the user experience by eliminating the need for repeated MFA authentication. It doesn’t take a rocket scientist to work out that, if this token is reused during its period of validity, it will enable the cyber-attacker to obtain the same access with the same privileges as the user or application using it.

So just imagine the risk when using tokens with extended validity!

Attacks on software repositories

Attacks on software repositories make up the third and final trend observed.

Programmers are today in the habit of reusing a huge amount of code from the "community" that is made available in these repositories. Just think of Phyton code, .NET libraries, etc., but that’s not all.

It hasn’t escaped the security companies’ notice that cybercriminals have infiltrated these platforms by making malicious code available inside code offered as legitimate. This paves the way for them to compromise the entire software supply chain and conduct attacks throughout the various layers of an organisation.

How can we protect ourselves against these new trends?

MCG has set up a cybersecurity technology watch designed to address these new trends and anticipate potential threats to its customers. This monitoring activity allows them to benefit from personalised advice from our team of experts and tailor-made solutions to ramp up their resilience, while continuing to focus on their core business.