The United States remained the largest host and target for cyber-attacks in the first three months of the year, a quarter which saw hackers take up new tools, tactics and procedures – and return to some old ways – in order to improve success rates.
These are some of the key findings of Trend Micro’s latest quarterly Security Roundup report, which revealed new activity from two infamous targeted attack campaigns – Rocket Kitten and Operation Pawn Storm.
Both remain alive and well, adapting their infrastructure and techniques to hit new targets – most notably the White House.
In fact, it’s the US that remains the most popular target for attacks as well as the largest host. It’s responsible for the highest number of malicious URLs (29%), spam (16%), hosted C&C servers (29%) and C&C connections (52%).
This doesn’t mean that those behind such attacks are US-based, of course, merely that they’re using and abusing computing infrastructure inside the country.
The healthcare industry took a beating in Q1 as attackers looked to exploit under-investment in security by some major US players.
First Anthem lost sensitive records on 80 million customers and staff, then Premera Blue Cross exposed 11 million.
But while attackers sought to update old campaigns with new TTPs, and make use of increasingly sophisticated exploit kits, they also returned to some old, tried-and-tested techniques, like macro malware.
Although these threats require user consent to run, they proved a popular vector in the period, having been downloaded over 500,000 times, according to Microsoft.
Elsewhere, there was worrying news for enterprises, as crypto-ransomware attackers expanded their efforts to include corporate targets, Trend Micro claimed.
And an increase in mobile adware propelled the volume of Android threats past five million – keeping the total figure on course for a predicted eight million by the end of the year.
Ross Dyer, technical director at Trend Micro, referenced guidance from the UK government’s CESG to share some best practice tips with Infosecurity for firms to “mitigate the risk and deal with breaches as effectively and efficiently as possible.”
These include “establishing account management processes to monitor user activity, limit the number of privileged accounts, and delete accounts of outgoing staff,” he said.
Removable media controls, continuous monitoring of all IT systems, up-to-date security patches and anti-malware defenses are also vital, said Dyer.
“In addition there is now an overwhelming need for advanced malware detection technologies with sandbox capabilities which allow for unknown data to be expected and analyzed in a safe environment, before a user can access it,” he concluded.