PART 2: Phishing, Quishing, and other lurking cyberthreats

October 24, 2023

We now face an ever-growing plethora of threats. As more people began working from home during COVID and cloud applications became more ubiquitous, cybersecurity threats and alerts increased significantly. Ironically, according to McAfee Enterprise, during this same period, 33% of organizations reduced their cyber security budgets.

The nature and extent of ransomware, phishing, supply chain, zero-day and insider cyber threats are morphing as technology evolves. Phishing attacks have become even more insidious, embedding themselves in indecipherable QR codes (Quishing) that have become commonplace in our everyday life. According to a recent study of 38 organizations across nine industries and 125 countries, 22% of phishing attacks in the first weeks of October 2023 used QR codes to deliver malicious payloads.

In a QR code phishing attack, hackers will create a QR code that looks legitimate, such as one that appears to offer a discount. In Austin, San Antonio, and Houston Texas, criminals started putting stickers with malicious QR codes on the city parking meters. And recently, the FBI issued a warning that hackers are planting fake QR Codes in restaurants. While QR codes have become the new default for accessing restaurant menus across both Canada and the US, it is now advisable that you that in lieu of using a QR code, you request a conventional paper menu.

Some of the most common threats today fall into the following categories:

1. Zero-Day Exploits: Zero-day vulnerabilities are software vulnerabilities that are unknown to the software vendor or have not yet been patched. Cybercriminals exploit these vulnerabilities before a patch or fix is available, making them difficult to anticipate and defend against.

In March 2021, a series of vulnerabilities in Microsoft Exchange Server were exploited by a group named Hafnium. Before Microsoft was able to issue a patch, Hafnium was able to access email accounts and install malware at a number of sites.

Over the years Google Chrome has also been a target for many zero-day vulnerabilities. And while Google frequently releases patches for vulnerabilities, in many cases, vulnerabilities have been exploited before patches were released.

2. Supply Chain Attacks: Cybercriminals may target the supply chain to compromise software or hardware components, that can then be used as an entry point into an organization's systems. These attacks can be challenging to predict or detect because they exploit vulnerabilities in the supply chain that are often overlooked.

When a hacker steals a certificate used to vouch for the legitimacy or safety of a company’s product, they can use it to sign malware and make it appear legitimate. Hackers have also gone further upstream to compromise open-source development tools that are being used by companies to build their own custom software applications.  

In 2020 a supply chain attack exploited SolarWinds Orion software. Attackers inserted malicious code into legitimate software updates for the platform. Once the updates were applied to systems, attackers were able to move laterally within the compromised networks. The 2020 attack, was attributed to a Russian state-sponsored hacking group.

3. Internet of Things (IoT) Vulnerabilities: As IoT devices proliferate, unanticipated security risks arise due to inadequate security measures on these devices (end points). Attackers can readily exploit IoT vulnerabilities to gain access to networks.

Many IoT devices come equipped with default usernames and passwords that are easily guessed or readily available online. This makes them susceptible to exploitation by malicious hackers who can leverage these credentials to gain unauthorized access to the device, enabling remote control.

In the first half of 2021, the frequency of attacks targeting IoT devices witnessed a staggering surge, with a growth rate exceeding 100 percent. From January to May 2021, there were 1.5 billion recorded IoT attacks. The surge in attacks can be attributed to the rapid proliferation of IoT technology across diverse domains, ranging from consumer wearables to industrial IT. Additionally, the prevalence of remote work arrangements in the post-COVID era has further heightened the prominence of the Internet of Things.

IoT devices are particularly susceptible to malware infiltration due to their lack of robust security mechanisms inherent in more sophisticated computing machines. These devices are typically designed with a primary focus on functionality, often lacking the storage capacity and processing power found in conventional computers. Cyber criminals view IoT devices as easily accessible entry points for their malicious activities.

While infecting a single IoT device may not have a significant impact, the true danger arises when multiple devices are compromised. Attackers assemble armies of compromised devices (botnets) that can be manipulated to carry out orchestrated attacks on other systems within the network. With botnets at their disposal, attackers can direct these zombie devices to execute various types of assaults, such as overwhelming the network with excessive traffic (denial of service) or disseminating spam messages, among other tactics.

4. Social Engineering Attacks: Cybercriminals often use social engineering tactics, such as phishing, quishing (noted above) and pretexting, to manipulate individuals within an organization to reveal sensitive information or perform actions that compromise security.

Despite the general awareness of phishing attacks, the Terranova Worldwide Corporation study in 2021, shows that more than 14% of individuals inadvertently downloaded malicious software.  

In recent years, the cybersecurity threat landscape has undergone a profound transformation, driven by the ever-changing technological environment and the unprecedented disruptions caused by the COVID-19 pandemic.  

What's particularly noteworthy is that, despite the escalating cyber threats, a surprising percentage of organizations have opted to reduce their cybersecurity budgets. This decision, though understandable given economic constraints, underscores the precarious situation that organizations now find themselves in as they confront an ever-expanding array of cyber threats.

The nature and sophistication of these threats continue to evolve. Ransomware, phishing, supply chain attacks, zero-day vulnerabilities, and insider threats have all grown more intricate and elusive. The proliferation QR codes and expansion of IoT devices have created new avenues for cyber criminals to exploit.

In this ever-evolving landscape of cyber threats, both organizations and individuals must maintain unwavering vigilance, adapt their security strategies, and invest in robust cybersecurity measures to safeguard their digital assets and personal information. The consequences of complacency in the face of these evolving threats can be severe, underscoring the imperative need for proactive defense measures in our increasingly interconnected world.

Like what you're reading? Stay tuned for part three of our Cybersecurity series coming soon!

And if you don't want to miss any news from Connex, sign up to our newsletter below.