Infoblox new report reveals insights into recent significant threats

04/11/2020

Infoblox has published its first Quarterly Cyberthreat Intelligence Report for Q3 2020 that includes data on threat activity publicly released from July 1, 2020, through September 30, 2020. The company will be publishing these reports during the first month of each calendar quarter. This data provides original research context and insight into significant threats recently observed, detailed analysis of advanced malware campaigns and analysis of recent significant attacks. In some cases, the company reports and expands on original research published by other security firms, industry experts and university researchers. Infoblox believes that timely information on cyberthreats is vital to protect the user community at large.

Below are the main highlights:

The Cybercrime Explosion Continues – there is evidence that cyberattacks will continue to increase over time due to expanding opportunities for exploitation by cyberattackers, such as the recent increase in teleworking. Infoblox researchers continue to see a large emphasis on email campaigns and socially engineered attacks designed to engage victims.
Teleworking Creates New Opportunities for Threat Actors – Teleworking has presented vulnerabilities that are more easily exploited by threat actors who continue to move aggressively to leverage these new opportunities. Remote workers require access to enterprise resources from a variety of endpoints, including both employer-provided and personal laptops, as well as a broad mix of mobile devices. However, many cybersecurity procedures and security controls used within enterprise facilities are unable to provide the same level of security for remote locations. The enterprise security stack is far too complex to work remotely without significant changes, preparation and planning.
Email and Social Engineering: Prominent Attacker Techniques of Choice – Email campaigns remain one of the top attack vectors for threat actors. Emails with malicious attachments or URLs directing users to malware-laden websites remain a top threat for commercial, government and home users. Email-based scams will continue to grow and evolve through 2020 and beyond.
Top attack types in Q3 – these were BLM and COVID themed malware, banking trojans/malware, Hidden Cobra (nation state actor, also bank-focused), APT 39 (Iran), and credentials harvesting.
- Cybercriminals are hijacking social movements to victimize companies through manipulating workers’ emotions.
- Financial information is the primary goal, even for the North Korean nation state actor (who is known for siphoning money to fund their heavily sanctioned regime).
Research into APT 39 validates that it has been targeting their own citizens, dissidents, companies, and academic institutions in Iran. It has also targeted foreign citizens, foreign governments, and organizations predominantly in the travel, hospitality, academic and telecommunications industries across the globe.