#contactcenterworld, @eSentire, @mrb_pr
Opportunistic threat actors are leveraging trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources. According to a new cyber threat report from eSentire, Inc., a pure-play Managed Detection and Response (MDR) provider, 91% of endpoint incidents detected in Q1 2018 involved known, legitimate binaries, such as PowerShell or mshta.exe. These processes are used by opportunistic and targeted threats alike, allowing them to circumvent basic controls to deliver and install malware.
"eSentire Threat Intelligence data shows heavy use of legitimate Microsoft binaries, such as PowerShell and mshta.exe, popular tools for downloading and executing malicious code in the initial stages of a malware infection," said Eldon Sprickerhoff, founder and chief security strategist, eSentire. "PowerShell can also be leveraged by adversaries to reduce their on-disk footprint and evade detective controls by operating in memory and obfuscating command-line parameters."
In late January 2018, an eSentire advanced threat analytics operation (powered by machine learning and coined "Blue Steel"), detected an adversary leveraging an unknown exploit in Kaseya’s Virtual System Administrator (VSA) product to deploy crypto miners across the infrastructure of a small number of eSentire customers. The attack broadly targeted the trusted system of MSPs and cloud platforms through Kaseya VSA endpoint agents for initial access to deliver malicious scripts. eSentire discovered the threat and notified Kaseya of the intrusions, resulting in multiple security fixes.
539% Increase in Consumer-Grade Router Attacks
The report also indicates a dramatic increase in attacks targeting popular consumer-grade routers, like Netgear and Linksys (both of whom own a significant share of the consumer network device market, at 51% and 26% respectively*), – eSentire saw a 539% increase from Q4 2017 to Q1 2018.
Trending in router exploitations was first observed in late 2017 when the Reaper Botnet gained media attention. Additionally, intrusion attempts across industries grew 36%, mostly due to DNS manipulation in consumer-grade routers. These manipulations allow attackers to redirect victims to malicious infrastructure to achieve a variety of results, including malware and phishing landing pages. Other exploits focused on consumer-grade routers.
"The increase in attacks against consumer network devices can be attributed to the perceived value in recruiting devices for attacks against businesses, as opposed to leveraging them as potential network entry-points," said Sprickerhoff.
Additional Report Findings:
"While industry sentiment is focused on the ever-changing threat landscape, the data suggests that it’s the cybercriminal landscape that’s shifting. As we continue to see successful efforts in disrupting malicious infrastructure and comprehensive threat blocking, cybercriminals are forced to diversify their hacking methods. They’re pivoting to use new methods for sustaining infrastructure," said Sprickerhoff. "Technology is changing rapidly, and as it does, attackers are shifting their techniques to match. The increase in router-based attacks is a prime example."
Methodology
The eSentire Threat Intelligence team used data gathered from 1,500+ proprietary network and host-based detection sensors distributed globally across multiple industries. Raw data was normalized and aggregated using automated machine-based processing methods. Processed data was reviewed by a visual data analyst applying quantitative analysis methods. Quantitative intelligence analysis results were further processed by a qualitative intelligence analyst resulting in a written analytical product.
eSentire’s 2018 Q1 Threat Report provides a quarterly snapshot, analyzing all cyber threat events investigated by the eSentire Security Operations Center (SOC), while addressing three key areas: threat types, threat volume, and attack types. Each topic is divided into multiple sections, including visual data analysis, written analytical analysis, practical recommendations, and key assumptions. The report concludes with takeaways and recommended actions that organizations can take to protect their business networks from compromise, including protecting against vulnerability exploit and router compromise, revisiting organizational awareness training programs to protect against phishing, and protecting against opportunistic threat like PowerShell-based attacks.
About eSentire, Inc.:
eSentire® keeps mid-size organizations safe from constantly evolving cyber attacks that traditional security defenses simply can’t detect. eSentire combines people, process and technology to deliver an unmatched, premium level service that detects, remediates and communicates sophisticated cyber threats in real-time, 24/7.
About MRB PR:
MRB PR is a public relations company.
Published: Thursday, June 28, 2018
3.) | Accordia Solution Accordia Solution CIS Accordia Solution is an innovative developer of seamlessly integrated cost-effective omnichannel Contact Center Solutions specifically targeted at the micro, small and medium operations.Our core business model involves the development and marketing of IP Telephony and IP Contact Center Solutions. We also strive to develop customer interaction solutions which include contact center and customer relationship management (CRM) that enhances Customer Experience Of The Future (CEOTF) and optimizes agent productivity. Our flagship product, the Accordia Customer Interaction Suites (CIS), offers comprehensive functionality by helping your business meet and exceed the level of service in line with... (read more) |
4.) | Adversus Dialer Adverus Dialer Adversus is a web-based dialer and practical CRM solution for telemarketing, fundraising, and appointment scheduling businesses. |
11.) | Astute Solutions Astute Agent Astute Agent gives your agents everything they need to work cases confidently and efficiently. This modern case management CRM is the preferred choice for Consumer Relations and Customer Care teams who support some of the world’s most prestigious brands. Astute Agent balances agent efficiency with customer experience. Here’s how: - Automated email responses Using natural language processing, Astute Agent reads incoming customer emails and automatically supplies a response to agents to review and send. - Auto-populated case fields AI capabilities automatically suggest reason codes, product codes, and other case information, saving agents minutes per case. - Time-saving case feat... (read more) |
16.) | ContactCenter4ALL CC4Teams Contact Center solutions; that is what we do! So we know, like no other, that integrating natively with Microsoft, making our solution available on the same screen is what your customer contact team needs. CC4Teams enhances Microsoft Teams with features and adds additional functionality to use Microsoft Teams as a complete Omni-ChannelContact Center solution. For example, CC4Teams adds our proprietary drag and drop IVR (no code needed), ad-hoc or scheduled call recording, operator attendant, historical and real-time reporting (integrates with Microsoft PowerBi), wallboards, home workers, supervisor functionalities, and skilled based routing directly to Microsoft Teams. The intuitive CC4... (read more) |
17.) | Contaque Contaque VERVE Cloud or On-Premise? Elevate Customer Experience Either Way with Our Contact Center Solutions! |
I am checking out all the amazing and daily updated content on ContactCenterWorld.com and networking with professionals worldwide
Send To Friends Post On My Wall