Technical depth on how CodeHunter deconstructs binaries, scripts, containers, and packages to determine exactly what each artifact is capable of doing before it runs.

Abstract security journey visualization illustrating the path to controlled software execution and the importance of verifying code behavior before it runs

Formjacking Exposes Mortgage Lenders to Cyber Threats

/in , , /by

Formjacking is malicious JavaScript code that steals digital information through online forms — and it’s wreaking havoc on mortgage lenders. Malicious software lurks in the background of compromised online forms waiting to steal credit card information, social security numbers, passwords, and other PII while innocent hopefuls sign up for an account or apply for a home loan.

Cybercriminals use formjacking to take advantage of trusting home buyers operating under the illusion of digital safety. Most prospective clients assume bankers and lenders place everyone’s information under a tight watch, trusting the mortgage lenders implicitly as they fill out web forms. They rarely stop to consider who else might be accessing them.

How Does Formjacking Work?

The method is simple and eerily effective: A cybercriminal slips malicious JavaScript code into a website’s back or front end, which sends copies of users’ input to them instantly. If their code seeps into the front end, malicious actors can add extra input fields to any form. They can request sensitive information like a social security number or bank account credentials. And, if they’re particularly hungry, they can track mouse clicks and IP addresses.

If that sounds bad, it only gets worse. It’s far too easy for these formjackers to go undetected for months or even years. They can set the script to activate at certain times of day to avoid a cybersecurity team’s working hours or split it into multiple files to make detection that much harder.

Mortgage Lenders: A Tempting Target

Mortgage lenders are a tempting target for their size, ubiquity, and access to sensitive information. What better way to demonstrate what formjacking can do than with the hackers who infiltrated hundreds of real estate websites with a single video?

Brightcove provides video streaming services to many well-known clients, including Sotheby’s International Realty. In January 2021, an attacker injected JavaScript codes into a video used in over 100 real estate websites run by Sotheby’s — which means that every time a user opened an infected page, the software would import the video. Then, the malicious code would become embedded in the website.

Sotheby’s was only recently able to end the attack campaign, meaning that for a year, their attacker hoarded clients’ names, email addresses, phone numbers, and credit card data.

The danger is not limited to clients either. Though news reports tend to highlight the damage to consumers, formjacking can just as easily steal internal information through company portals. If a cybercriminal managed to embed their code into an employee training video purchased from a mass retailer, for example, they wouldn’t need to wait long before taking a snapshot of an employee’s login credentials.

Formjacking is a growing trend — and it’s not going away anytime soon. Though it would be nice to believe that Brightcove’s breach was an anomaly, 4,800 websites are compromised with formjacking every month. Attackers especially enjoy targeting third-party tools because the average eCommerce website uses 40-60 of them, with the majority (68%) of those tools accessing form and input fields. Given the prevalence of these tools in modern business, anyone can be an easy target.

Protect Your Organization From Formjacking

Safeguarding your business from formjacking is becoming increasingly important, and there are steps you can take to minimize risk:

  1. Website admins should manage permissions with a zero-trust mentality: In other words, trust nobody — and limit access to those who need it to do their job.

  2. Most data breaches are a result of human error. Educate your staff about cybersecurity best practices.

  3. Require two-factor authentication (2FA) to verify form submissions on your website. While 2FA doesn’t stop formjacking itself, it can minimize damage by preventing an attacker from taking over a person’s accounts. The malicious actor must simultaneously compromise both devices customers use for authorization (not an easy feat). Attackers tend to look for easier prey.

  4. Detect unwanted changes to your environment with file integrity monitoring (FIM). You’ll be alerted to any changes made to files you’ve set it to monitor.

  5. Run penetration tests and vulnerability scans. No matter how confident you feel about your security, make it a habit to look for weaknesses and consider new ways to strengthen your cybersecurity framework.

  6. Run quality assurance tests on new updates. Make sure things are operating as you intend before launching something new, from back-end functionality to UI interactions.

It’s time to level up your security and stay multiple steps ahead of cybercriminals — it’s your job to protect your customers’ assets, and your own! Update your cybersecurity framework and audit your organization with meticulous detail because what you don’t know will hurt you.

 

Read More: What Is Malware — and Why You Should Give a Sh*t

Hooded figure viewing lines of code on a screen with a city backdrop, symbolizing the risk of unauthorized software execution across connected urban environments

11 Wild Ransomware Attack Statistics for 2022

/in /by

Hoping for a better 2022? Back up your data.

After a chaotic and surreal couple of years, 2022 is already stretching our collective limit. The system is once again buckling under the weight of the pandemic, businesses are pivoting (or shuttering) in response to new challenges, political turmoil continues around the world — and ransomware is now a national security threat.

Organized cyber gangs continue to ruthlessly attack enterprise organizations, from government and financial institutions to critical infrastructures such as transportation and hospitals. Ransomware-focused threat actors like FIN12 are using the healthcare industry for target practice — taking advantage of known vulnerabilities — and becoming more efficient and nimble with their methods by the day. And ransom demands are soaring to record levels.

2021 was the “Year of Ransomware,” and the projections for 2022 are even more harrowing. Cybersecurity pundits will have to get creative when they name 2022: We expect the declaration of the “Year of Ransomware” to become as redundant as the “Year of Cybersecurity.”

Ransomware Attack Statistics for 2022

1. Ransomware is the fastest-growing cybercrime.

A report by Cybersecurity Ventures estimates that an organization will be attacked by ransomware every 11 seconds.

2. Ransomware and extortion attacks bring in a level of profit that matches the budgets of nation-state attack organizations.

And that’s only the publicly reported earnings. Consider that an estimated 75% of ransomware attacks go unreported and you’ll begin to grasp how lucrative “ransomware as a service” (RaaS) has become.

3. Ransomware costs are projected to rise 1225% in less than ten years.

Annual damages from ransomware are projected to rise 1225% by 2031, up to $265 billion per year.

4. REvil broke the record for ransomware demands with a $70 million price tag.

The previous record occurred just four months prior at $50 million.

5. The average ransom paid by mid-sized organizations was $107,404.

And that number will only increase, especially with the growing prevalence of double extortion.

6. The average ransom paid by healthcare organizations in 2021 was $131,000.

Considering what’s at stake for a healthcare facility — lifesaving machinery, confidential patient information, and lives (people died from malware in 2021) — it’s no surprise that the ransom payouts are higher in healthcare than other industries. Regardless of payout, victims’ data was leaked in at least 72% of the incidents (an additional 15% didn’t know if data was compromised).

7. The average cost of recovery from ransomware across all industries is $1.85 million.

The average cost of a ransomware attack is $1.85 million when you consider factors like downtime, lost business, and damaged reputation in addition to the ransom paid.

8. Larger organizations reported more ransomware attacks.

Almost half (42%) of companies with 1,001-5,000 employees were hit by ransomware in 2021 — compared to 33% of smaller companies.

9. Almost a third of organizations attacked by ransomware paid the ransom.

It might seem easier to quietly pay off cybercriminals rather than deal with an embarrassing public fallout and sky-high fines — but it’s a spectacularly bad idea. Instead, follow protocol and alert the authorities immediately.

Read More: Call the Feds! What Bank CISOs Need to Do After a Data Breach

10. A staggering 43% of organizations in the energy, oil, gas, and utilities sectors reported making ransom payments.

42% of local governmental organizations, 35% of organizations in the education sector, and 34% of healthcare organizations also reported meeting the ransom demands.

11. On average, just 65% of a victim’s data is restored after payment.

It’s just one of many reasons why the FBI advises against paying ransoms. Read More: Should Hospitals Pay Off Cyber Terrorists? What to do after a ransomware attack.

Don’t become another ransomware statistic in 2022.

Change and adapt to the new cybersecurity landscape because things will only get more challenging as cybercriminals hone their skills and tactics. Regularly back up your data — it’s expected in today’s cyber minefield. Educate yourself and your employees about the latest threats, and review your defenses against escalating attacks. Don’t settle for anything less than the utmost vigilance and cutting-edge cybersecurity protocols.

CodeHunter brand mark representing Zero Trust for Code and pre-execution control over what software is allowed to run

Why You Need To Reverse Engineer Malware — And Automate Your Analysis

/in /by
 

If You’re Not Automating, You’re Already Behind

If you’re like many of the tech leaders we work with, you know you can’t build a strong cybersecurity framework without the capacity to quickly — even proactively — identify and reverse engineer malware. And if you’re not automating, you’re already behind. It’s time to solve problems before malware wreaks havoc in your networks.

Reverse Engineering Then and Now: A Changing Cybersecurity Climate

Although reverse engineering malware has been around for decades, the process has evolved alongside new, complex problems. The hackers of the ‘90s had nothing on the hackers of today. Today’s cybercriminals are using malware that’s increasingly more complex — designed to evade detection and outsmart the methods and tools that have worked in the past.

Reversing the work of today’s hackers requires smart automated programs to disassemble software without source codes or signatures — so you can quickly discover what the malware does and which systems it affects, even when it’s previously unknown, disguised, or lying dormant.

Automating Reverse Engineering — How CodeHunter Works

Before advanced automated solutions, the time-consuming process of identifying the problem and reverse engineering — observation, disassembly, and de-formulation — was carried out manually by engineers, delaying solutions while malware wreaks havoc in the network.

CodeHunter’s automated platform empowers your team to identify and reverse engineer all types of malware — known and unknown — faster than ever before. We use a patented approach to behavior computation and binary analysis to find malware in executable files without the need for source code or signatures. We don’t just search networks to discover malware, we detect malware that may have been lying dormant — reducing possible damage to your data, systems, and entire operation.