Find

VMware points out that current malware countermeasures mostly address threats posed using Windows operating systems, leaving many public and private cloud deployments vulnerable to attacks that use Linux operating systems.

FC brings a unique perspective at Intersec, where he will discuss how cybercriminals get around access controls, how governments and organizations can identify their cyber weaknesses, and what they can do to improve their security.

Companies typically operate with a skeleton workforce during vacation periods, with less workers on the watch for any form of crisis. In a variety of ways, this makes it easier for cybercriminals to operate.

“In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations’ supply chains and networks to achieve maximum disruption,” said Maya Horowitz.

HP discovered exploits of the zero-day CVE-2021-40444 – a remote code execution vulnerability that allows for the exploitation of MSHTML browser engine utilizing Microsoft Office documents – a week before the fix was released on September 14.

“The extent to which cyberattackers abuse Google Forms came to light while we were researching how malware abuses encryption to conceal its activities and communications,” said Sean Gallagher, senior threat researcher at Sophos.

"Burnout is a huge issue with incident response teams, who are handling a spike in engagements in what is still a largely remote environment," says Rick McElroy, principal cybersecurity strategist at VMware.

The study, which was released at this week's Black Hat 2021 event, where Acronis is a Diamond sponsor, cautions that based on attack trends identified in the first six months of the year, small and medium-sized businesses (SMBs) are particularly vulnerable.

“Adversaries could use social engineering and phishing campaigns in the lead up to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event. Social engineering and phishing campaigns continue to provide adversaries with the access needed to carry out such attacks,” the federal law enforcement agency warned.

While AI technology can do amazing things, it can have both positive and negative implications. Cybersecurity professionals must confidently employ that same advanced technology in counter-measures to protect networks from bad actors exploiting increasingly-advanced technology.