Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help

Unseen threats: Creative malware that may be compromising your network

Featured Image for Unseen threats: Creative malware that may be compromising your network

By now, we’re all aware of the headline-grabbing attacks that have shaken the cybersecurity insurance market and felled companies large and small, but what about the unseen threats that organizations are vulnerable to every day? Email phishing may be what people commonly associate with cyber attacks — it accounted for 48% or reported claims where data was available —  but that doesn’t negate the danger that many smaller, craftier attacks pose to your organization and its data.

Watering hole attack

Imagine you and your colleagues are hungry for lunch, but your meeting has run late, so rather than try a new restaurant, you opt to visit a place you know has good food. Without thinking, you download the menu to remember the exact name of your preferred dish. Unfortunately, you don't realize that attackers have hacked the restaurant's website, replacing the normal PDF menu with a malware file; as a result, your organization's network has been compromised. This scenario illustrates a watering hole attack, or strategic website compromise attack, a method attackers use to compromise a specific organization or group of people. Attackers may compromise websites they know users regularly visit, or they may lure them to a malicious site with a combination of email prompts. Their end goal is always the same, regardless of how they execute the attack: to gain unauthorized access to your organization's network.

It isn't a far-flung idea to imagine an advanced persistent threat (APT) actor; typically, a nation or state-sponsored group could use a watering hole attack to target a specific group or organization. These threat actors typically gain unauthorized access to a system and remain undetected for an extended period. The best defense against this type of attack is a layered approach. Zero trust network access (ZTNA) solutions can control access to your network, while Endpoint Detection and Response (EDR) solutions utilize a combination of threat intelligence and heuristic-based algorithms to detect and respond to malware in a network, often before a human being even realizes the network has been infected.

Wireless network compromise

We've all heard the warning many times before, probably during our annual security training, the Wi-Fi at coffee shops and cafes poses many security risks. This warning calls to mind man-in-the-middle attacks, where an attacker positions themselves between the device, your phone or laptop, connecting to the network, and the actual connection point to steal your emails, credentials, or maybe just your credit card information. But what about rogue hotspots meant to look like your organization's legitimate Wi-Fi network? Perhaps the easiest way for attackers to compromise your credentials is to create a Wi-Fi hotspot that appears to be legitimate by mimicking the name (SSID) of your organization's hot spots. Because the name looks legitimate to the device, it could automatically try to connect, allowing the attacker to steal their personal data and company information. From here they may seek to pivot into your organization's network and deploy malware or ransomware. It's a good idea to use an additional layer of security when connecting to a wireless network, especially if you have a legitimate need to use public Wi-Fi. However, keep in mind that cybersecurity doesn't pause because you believe you're connected to your organization's Wi-Fi; use a VPN or ZTNA solution.

Password pivoting

Password management, let's be honest, most people don't have great habits around this basic tenant of cybersecurity. Reusing passwords is a common bad habit that often follows employees from home to work, a bad habit that could inadvertently compromise your organization. While this may seem innocuous enough, it becomes especially dangerous when you consider that reused passwords are often included in high-profile data breaches.

Attackers can use a recycled password to find more information about a target, including other sensitive personal accounts, identifiable information, and even more passwords. For example, suppose an employee uses the same password for their email address admin@yourorganization.com and their personal networking account. In the event of a data breach, attackers can use the password to uncover even more sensitive data. Attackers can now gain access to your organization's network and other accounts.

Password management and multi-factor authentication (MFA) can help mitigate the bad habit of password reuse. Coalition recommends all organizations adopt some practical guidelines for passwords. Even if an employee's password is compromised — or reused — with MFA, attackers will remain shut outside the network.

Third-party attacks

By now, it's no secret that the last two years have been transformative for many industries. In addition to transitioning to work from home, industries like manufacturing are becoming increasingly reliant on cloud services and cloud-based technologies, thus becoming dependent on third-party vendors for at least a portion of their operations. Unfortunately, only halfway through 2021, we have already seen large scale attacks against third-party vendors that undoubtedly crippled some businesses.

Additionally, compromises often cause more compromises with competing attackers sometimes impersonating the compromised company to deploy malware or phishing victims. If a trusted third party has administrator remote access to your network, their attack surface becomes your attack surface.

Effectively mitigating third-party risk is tricky, but with Coalition Control, policyholders can monitor multiple third parties, vendors, suppliers, and other partners via a watchlist. Also inside the Coalition Control ecosystem is information about all of our cybersecurity partners, including ZTNA, EDR, and training solutions.

Defense in depth: Monitor your risks with Coalition Control

Cybersecurity is a constantly evolving landscape, and attackers are only becoming stealthier. While there are many controls organizations can put in place to mitigate their risk factor, no one solution is comprehensive enough to stop all possible attacks. Coalition recommends that organizations layer their mitigation strategies to create a true defense in depth solution, and of course, with the added benefit of cyber insurance and Coalition Control organizations can take true stock of their risk and work to actively mitigate their vulnerabilities.