Two Common Cyberattacks You Need to Be Careful About in 2023

A cyberattack is an unauthorized attempt to harm, steal, or infiltrate digital devices, computers, computer networks, or infrastructures by hackers. MITRE ATT&CK is a knowledge base that provides information on adversary tactics and techniques based on real-world observations, and can be used as a resource to educate people on cybersecurity threats.

Posted by Saportif Technology on

Two common cyberattacks you need to be careful about

    You can see almost everyone having some sort of digital device that has internet access nowadays. You may normally think that this is a perfect thing that brings happiness and comfort to peoples lives. But there is no rose without a thorn, you bring a major risk to your life aswell. Having internet also means that you are exposed to others on the internet meaning you are vulnerable to cyberattacks.

 

What is a Cyberattack

    A cyberattack is an unauthourized attempt to harm, steal or infiltrate target digital devices, computers, computer networks or infrastructures by hackers. A hacker is called the person who performs these actions. Cyberattacks can severely harm individuals, companies or even nations. Luckily, there are so many resources to educate people in order to make them be aware of these threats. One of them is Mitre ATT&CK.

 

What is MITRE ATT&CK 

 

    MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. You can think of it as the Wikipedia of cybersecurity. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. ATT&CK lists cyberattacks by their technique types ranging from reconnaissance to credential access. Each technique can have their own procedure examples that give information about previous implementations, mitigations that give suggestions on how to get ahead of the technique and detections that help find out whether we were attacked or not. Two common attack techniques listed in Mitre ATT&CK are Credentials from Password Stores under Credential Access and Phishing for Information under Reconnaissance.

 

Credentials from Password Stores

    The most important things that we contain in our computers and computer networks are our credentials such as usernames and passwords for specific applications or websites. If these credentials were to be stolen, the attacker could access our emails, social network accounts, bank accounts, etc.

 
Procedure Examples

    There are many procedure examples in Credentials from Password Stores. Some of them are:

- Evilnum: It can collect email credentials from victims.

- LaZagne: It can obtain credentials from databases, mails, and WiFi accross multiple platforms.

- PLEAD: It can steal saved passwords from Microsoft Outlook

 

Mitigations

    There is one mitigation in Credentials from Password Stores.

- Password Policies: It suggests us to change our login keychain in order to increase the complexity.

 

Detections

    Credentials from Password Stores has three suggestions to detect the incoming cyberattack.

- Command: You should watch out for commands and arguments that search for common password storage locations.

- File: You should watch out for files that perform exploration of common password storage locations.

- Process: You should monitor API calls or processes that may search for common password storage locations.

 

Phishing for Information

    Attackers may send phishing messages to access sensitive information about victims. These informations can be credentials or any information that can be used to perform harmful actions. Phishing for information isn’t exactly the same as Phishing meaning the only goal is the gain informations about the victim without any action. Some Phishing for Information methods are emails, instant messages or any other conversation methods.

 
Procedure Examples

    There are two procedure examples in Phishing for Information.

- APT28: It has used spearfishing to compromise credentials.

- ZIRCONIUM: It has targeted presidential campaign staffers with credential phishing emails.

 
Mitigations

    There are two mitigations.

- Software Configuration: We are suggested to use anti-spoofing and email authentication to filter incoming messages in order to eliminate ill-intentioned ones.

- User Training: It suggests to train users to be more aware of these techniques and spearfishing attemps.

 

Detections

    There are two detections.

- Application Log: Depending on the phishing method, this can vary. One of them is, monitoring for suspicious email activity, such as several accounts that receive messages from the same sender.

- Network Traffic: Monitor the network traffic to detect traffic patterns that don’t follow the expected protocol standards and monitor for uncommon data flows.