Moving Target Defense Blog

Protecting your organization from advanced threats has always been difficult. Adversaries innovate constantly, changing their attack vectors and finding new ways to infiltrate their target environment. The Trickbot trojan is one of the best examples; its authors have used news coverage from President Trump’s impeachment trial and the WSReset UAC Bypass among other changes to push the trojan past antivirus and malware scanners.

The Trickbot trojan is one of the most advanced malware delivery vehicles currently in use. Attackers have leveraged it to deliver a wide variety of malicious code, in many different methods. Just yesterday, Bleeping Computer reported that news articles from President Trump’s impeachment trial have been used to hide Trickbot from antivirus scanners.

Recently, news came out about a CVE-2020-0674 vulnerability in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified memory corruption vulnerability. What this means in practice is that any application that supports embedding Internet Explorer or its scripting engine can be leveraged as an attack vector.

Antivirus protection is a baseline cost of doing business for the modern organization. At first, companies and governments only needed signature-based antivirus that tracked known malware. As fileless malware and exploits accelerated, next-gen antivirus that leveraged AI and behavioral analysis came on the scene to respond.

The 2018 Starwood Hotels breach is only the latest in a long line of high profile intrusions that hotels have faced. It’s notable primarily for how many customer records were exposed — 500 million worldwide according to parent company Marriott — and that the breach wasn’t discovered for four years. This makes the breach a particularly extreme outlier according to Ponemon Institute research data. A recent Ponemon report found that it takes an average of 197 days to discover a breach, and an average of 69 days to close it.

A whopping 186.4 million Americans shopped in stores and online between Black Friday and Cyber Monday this year, according to the National Retail Federation. On average, these shoppers spent $361.90 per person over the five-day Thanksgiving weekend.

In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.

Retailers aren’t the only ones who benefit from the holiday shopping season. Cyberattacks cost retailers more than $30 billion annually, and losses often mount during the highly profitable holiday season.

Last week, Intezer and IBM X-Force released new research identifying a new form of ransomware, which they named PureLocker. Written in PureBasic and designed to attack servers, this damaging new malware has been described as Malware-as-a-Service in a recent ZDNet article.