In the evolving world of cybersecurity, zero-day threats represent the worst-case scenario for any organization. These are attacks that exploit previously unknown vulnerabilities, bypassing traditional defenses and leaving security teams scrambling to respond. For CISOs, zero-day malware isn’t just a technical problem—it’s a business risk that threatens data, trust, and continuity.
Facing an unknown malicious threat is one of the biggest challenges for cybersecurity analysts. Unlike known threats, which can often be addressed with existing protocols and tools, unknown threats require adaptive thinking and a strategic approach. Below are key steps analysts can take to detect, analyze, and contain these threats.
In the realm of cybersecurity, custom malware has become a formidable threat to organizations of all sizes. Unlike generic malware, which is designed for mass deployment and targets a wide range of victims, custom malware is meticulously crafted to infiltrate specific organizations. This personalized approach makes it incredibly effective at bypassing traditional security measures, posing significant risks to targeted businesses.
In the intricate web of cybersecurity, one of the most insidious dangers comes from within: insider threats. These threats, posed by employees or other insiders with access to an organization’s systems and data, can be challenging to detect and devastating in their impact. Understanding the nature of insider threats and implementing proactive measures to catch them early is crucial for safeguarding an organization’s digital assets.
Zero-day malware is called such because it takes advantage of zero-day vulnerabilities, which are newly discovered flaws that have yet to be patched. The time when the vulnerability is discovered is referred to as “Day 0”. These vulnerabilities provide cyber attackers with a window of opportunity to launch their attacks, often catching victims- and their security systems- off guard. In the time that it takes for a patch to be deployed across an entire enterprise malware can already be siphoning critical information from your system.
The probability of falling victim to an advanced malware attack, including zero-day exploits, multi-part malware, and custom attacks continues to rise. Cybercriminals persist, finding new ways to find their way into “secured” corporate networks, and tools like malware-as-a-service have made it easy to launch sophisticated attacks for even the most novice of threat artists. For organizations to stay ahead of a breach, a multi-layered cybersecurity practice that combines a robust defense-in-depth strategy with cutting-edge technologies like automated threat detection and reverse engineering malware analysis is critical. Read more
Malware-as-a-service (MaaS) poses a serious threat to enterprise organizations. MaaS functions much like any other software-as-a-service you may be familiar with, and in some cases even comes with technical support. Hackers develop complex malware systems that can be easily purchased by even the most novice of cybercriminals, who can then launch sophisticated attacks against individuals and businesses. Malware-as-a-service democratizes cybercrime, providing any run-of-the-mill criminal with the expertise of an experienced hacker, drastically increasing the average strength and sophistication of a malware attack. Read more
After a chaotic and surreal couple of years, 2022 is already stretching our collective limit. The system is once again buckling under the weight of the pandemic, businesses are pivoting (or shuttering) in response to new challenges, political turmoil continues around the world — and ransomware is now a national security threat.
Organized cyber gangs continue to ruthlessly attack enterprise organizations, from government and financial institutions to critical infrastructures such as transportation and hospitals. Ransomware-focused threat actors like FIN12 are using the healthcare industry for target practice — taking advantage of known vulnerabilities — and becoming more efficient and nimble with their methods by the day. And ransom demands are soaring to record levels.
2021 was the “Year of Ransomware,” and the projections for 2022 are even more harrowing. Cybersecurity pundits will have to get creative when they name 2022: We expect the declaration of the “Year of Ransomware” to become as redundant as the “Year of Cybersecurity.”
A report by Cybersecurity Ventures estimates that an organization will be attacked by ransomware every 11 seconds.
And that’s only the publicly reported earnings. Consider that an estimated 75% of ransomware attacks go unreported and you’ll begin to grasp how lucrative “ransomware as a service” (RaaS) has become.
Annual damages from ransomware are projected to rise 1225% by 2031, up to $265 billion per year.
The previous record occurred just four months prior at $50 million.
And that number will only increase, especially with the growing prevalence of double extortion.
Considering what’s at stake for a healthcare facility — lifesaving machinery, confidential patient information, and lives (people died from malware in 2021) — it’s no surprise that the ransom payouts are higher in healthcare than other industries. Regardless of payout, victims’ data was leaked in at least 72% of the incidents (an additional 15% didn’t know if data was compromised).
The average cost of a ransomware attack is $1.85 million when you consider factors like downtime, lost business, and damaged reputation in addition to the ransom paid.
Almost half (42%) of companies with 1,001-5,000 employees were hit by ransomware in 2021 — compared to 33% of smaller companies.
It might seem easier to quietly pay off cybercriminals rather than deal with an embarrassing public fallout and sky-high fines — but it’s a spectacularly bad idea. Instead, follow protocol and alert the authorities immediately.
Read More: Call the Feds! What Bank CISOs Need to Do After a Data Breach
42% of local governmental organizations, 35% of organizations in the education sector, and 34% of healthcare organizations also reported meeting the ransom demands.
It’s just one of many reasons why the FBI advises against paying ransoms. Read More: Should Hospitals Pay Off Cyber Terrorists? What to do after a ransomware attack.
Change and adapt to the new cybersecurity landscape because things will only get more challenging as cybercriminals hone their skills and tactics. Regularly back up your data — it’s expected in today’s cyber minefield. Educate yourself and your employees about the latest threats, and review your defenses against escalating attacks. Don’t settle for anything less than the utmost vigilance and cutting-edge cybersecurity protocols.
Formjacking is malicious JavaScript code that steals digital information through online forms — and it’s wreaking havoc on mortgage lenders. Malicious software lurks in the background of compromised online forms waiting to steal credit card information, social security numbers, passwords, and other PII while innocent hopefuls sign up for an account or apply for a home loan.
Cybercriminals use formjacking to take advantage of trusting home buyers operating under the illusion of digital safety. Most prospective clients assume bankers and lenders place everyone’s information under a tight watch, trusting the mortgage lenders implicitly as they fill out web forms. They rarely stop to consider who else might be accessing them.
The method is simple and eerily effective: A cybercriminal slips malicious JavaScript code into a website’s back or front end, which sends copies of users’ input to them instantly. If their code seeps into the front end, malicious actors can add extra input fields to any form. They can request sensitive information like a social security number or bank account credentials. And, if they’re particularly hungry, they can track mouse clicks and IP addresses.
If that sounds bad, it only gets worse. It’s far too easy for these formjackers to go undetected for months or even years. They can set the script to activate at certain times of day to avoid a cybersecurity team’s working hours or split it into multiple files to make detection that much harder.
Mortgage lenders are a tempting target for their size, ubiquity, and access to sensitive information. What better way to demonstrate what formjacking can do than with the hackers who infiltrated hundreds of real estate websites with a single video?
Brightcove provides video streaming services to many well-known clients, including Sotheby’s International Realty. In January 2021, an attacker injected JavaScript codes into a video used in over 100 real estate websites run by Sotheby’s — which means that every time a user opened an infected page, the software would import the video. Then, the malicious code would become embedded in the website.
Sotheby’s was only recently able to end the attack campaign, meaning that for a year, their attacker hoarded clients’ names, email addresses, phone numbers, and credit card data.
The danger is not limited to clients either. Though news reports tend to highlight the damage to consumers, formjacking can just as easily steal internal information through company portals. If a cybercriminal managed to embed their code into an employee training video purchased from a mass retailer, for example, they wouldn’t need to wait long before taking a snapshot of an employee’s login credentials.
Formjacking is a growing trend — and it’s not going away anytime soon. Though it would be nice to believe that Brightcove’s breach was an anomaly, 4,800 websites are compromised with formjacking every month. Attackers especially enjoy targeting third-party tools because the average eCommerce website uses 40-60 of them, with the majority (68%) of those tools accessing form and input fields. Given the prevalence of these tools in modern business, anyone can be an easy target.
Safeguarding your business from formjacking is becoming increasingly important, and there are steps you can take to minimize risk:
Website admins should manage permissions with a zero-trust mentality: In other words, trust nobody — and limit access to those who need it to do their job.
Most data breaches are a result of human error. Educate your staff about cybersecurity best practices.
Require two-factor authentication (2FA) to verify form submissions on your website. While 2FA doesn’t stop formjacking itself, it can minimize damage by preventing an attacker from taking over a person’s accounts. The malicious actor must simultaneously compromise both devices customers use for authorization (not an easy feat). Attackers tend to look for easier prey.
Detect unwanted changes to your environment with file integrity monitoring (FIM). You’ll be alerted to any changes made to files you’ve set it to monitor.
Run penetration tests and vulnerability scans. No matter how confident you feel about your security, make it a habit to look for weaknesses and consider new ways to strengthen your cybersecurity framework.
Run quality assurance tests on new updates. Make sure things are operating as you intend before launching something new, from back-end functionality to UI interactions.
It’s time to level up your security and stay multiple steps ahead of cybercriminals — it’s your job to protect your customers’ assets, and your own! Update your cybersecurity framework and audit your organization with meticulous detail because what you don’t know will hurt you.
