According to several recent media reports, malicious cyber actors have begun to utilize four new types of cyberattacks as part of their current destructive repertoire. The website www.databreachtoday.com noted that these new attacks are “significantly reshaping the threat landscape that CISOs have to deal with.”
These four new emerging cyberattacks are identified as:
- Defensive Evasion;
- Triple Extortion;
- Wiper Malware; and
- Accelerated Exploit Chain.
Defensive Evasion consists of multiple techniques used by attackers to avoid detection throughout the compromise of a victim’s network. Researchers have identified approximately 37 known evasion techniques, including uninstalling or disabling security software. Another well-known defensive evasion technique includes obfuscating and/or encrypting data and scripts inside the victim’s network.
In a triple extortion cyberattack, ransomware operators:
- Access and exfiltrate confidential data from the victim’s network;
- Release malware that encrypts the victim’s data; and
- Threaten to inform and extort the initial victim’s business partners, shareholders and suppliers about the incident.
Wiper malware is especially disturbing. A wiper attack involves the wiping, overwriting and/or removal of data from the victim’s network. These particular attacks are not motivated by monetary gain but are purely destructive in nature. Wiper malware is also used to “cover the tracks” of cyber threat actors who are exfiltrating data from a victim and want to ensure there is no digital trail to follow during the follow-up investigation of the incident. Wiper attacks are also known as “disruptionware” attacks and you can learn more about them here.
Finally, accelerated exploit chain attacks (also known as vulnerability chains) are becoming increasingly common. Instead of trying to use a “single point of compromise” during the scope of the cyberattack, the exploit chain uses a series of multiple exploits simultaneously that expand the scope of the intrusion attempt’s attack matrix to compromise victims and their data.
While these are not the only emerging cyberattack threats on the horizon, these attacks have become much more prevalent. Vigilance and strong cyber hygiene defenses are critical to defending yourself and your data from these emerging cyber threats.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.
