Cybercriminals looking for ports in stormy new world of work

Share
Credit: Mariya Borisova/Getty
A rise in remote work has seen a corresponding increase in criminals scanning for vulnerabilities among WFH teams to place ransomware on company networks

Cybercriminals are increasingly scanning remote workers looking for open ports that allow them to deliver ransomware into unsuspecting businesses, according to new research.

Cybersecurity company BlueVoyant revealed this and other findings in its new report, Emerging External Cyber Defense Trends, which looks at the risks organisations face.

"As enterprises' internal cybersecurity has become better defended and better monitored, cyber threat actors have evolved their tactics to focus on new methods of compromise, targeting a wider attack surface than ever before," says Joel Molinoff, BlueVoyant's global head of supply chain defence. 

"This report shines a spotlight on the latest cyber criminal techniques BlueVoyant's threat intelligence has observed, plus recommended actions organisations can take to help prevent these threats."

The report focuses on a number of topics, including:

Dynamic phishing tactics

Attackers increasingly evade detection by directing consumers to spoofed domains and presumed threat hunters to an error page. BlueVoyant found that redirections increased 240% in 2022.

Dynamic DNS infrastructure

Cyber criminals more and more use a new type of hosting provider to create and set up short-lived websites. This vector provides an opportunity for a low-cost, high-volume campaign that can be duplicated in future attacks — all without having to register a domain.

Smishing

The use of SMS text messages to distribute phishing messages is on the rise as cyber attackers are increasingly abusing legitimate text messaging services to deliver phishing messages.

Open ports

With the rise of remote work from the COVID-19 pandemic, more employees need remote network access. Cyber criminals are increasingly scanning for the ports that allow this in order to gain a foothold into organisations' networks. These ports, if misconfigured, are a common ransomware delivery method.

Patches

Every week new vulnerabilities are discovered across multiple industries, and these vulnerabilities can quickly become a critical attack vector. Despite this, many organisations are slow to patch.

Financial fraud

Cyber criminals are finding new ways to carry out financial fraud, such as using instant messaging to plan campaigns and sell stolen data, instead of dark web forums, which are known to be more easily accessible by law enforcement agencies, and therefore are considered less secure by many criminals.

"It has become harder for organisations to identify basic external-facing vulnerabilities and threats due to sheer volume, and threat actors are increasingly taking advantage of these exposures, pivoting and evolving their tactics to achieve their goals," says Ron Feler, BlueVoyant's global head of threat intelligence. "On top of this, organisations must now respond to potential threats much quicker as attackers have gotten quicker to exploit vulnerabilities."

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security