Cyber-attacks on companies
In this post we show you some of the methods of cyber-attacks in companies, which are being executed by organized groups to enter the systems of companies to steal information, among other things, and then ask for ransom.
Some of these methods have been detected by the Threat Hunting team at BlackArrow, a Tarlogic Security offensive and defensive services organization.
This division is a benchmark in cybersecurity in Europe. They are based in Santiago de Compostela and Madrid and have recruited a hundred experts in these matters.
A few weeks ago, a team of hunters from this division presented a report recapping the main intrusion vectors that have been detected in companies during 2022.
Basically, they conducted research focused on hunting for potential cyber-attack threats in companies.
BlackArrow experts detected three intrusion paths, used by cybercriminals, to enter organizations’ systems and execute cyberattacks.
These techniques, in the open, have become a trend in 2022. They enter systems through ISO, LNK files and also attack the supply chain. Here’s how.
Cyber-attacks on companies through ISO files
This is one of the methods observed during the research. Cybercriminals send ISO files via Google Drive.
These on the surface are legitimate, but in reality they are the beginning of a cyber-attack on a company.
It is particularly aimed at achieving control of the systems, which is critical, especially if the system has vulnerable defensive layers.
The cyber-attack on a company by this method is executed as follows:
Any employee receives the ISO file, in their email, shared from Google Drive. When the document is automatically executed it mounts and initiates a whole series of methods aimed at executing malicious code.
These can be passed to other computers in the company via that employee’s computer. If successful, the cyberattack on that company could leave critical damage.
LNK files: Another method of cyber-attack on companies
These are shortcuts that Windows uses as a reference to an original executable file.
With this method, as with the previous one, cybercriminals use LNK files that are legitimate in appearance, but execute malicious code. The objective is to advance the intrusion sequence.
In this case, the codes are executed as follows:
An employee can receive the LNK file in his or her mailbox. It can be via e-mail or from a storage device or pen drive. When the employee opens the link, the malicious activity created by the cyber attacker is executed.
Attack through the supply chain
This method of cyberattacking a particular company has gained popularity in 2022. This is an intrusion vector known as a supply chain attack.
It means that, the objectives of the attack include supplier engagement and the pre-engagement path to customer engagement.
In this case, the objective of the attackers is to attack the large structure, weakening the smaller link. Suppliers are often more vulnerable to cyber-attacks, so attackers see a clear path to the systems of larger companies.
All this research has prompted the experts at BlackArrow to share some critical security tips to prevent cyberattacks in today’s businesses.
It is not enough to deal with vulnerabilities, you must also deal with potential threats.
It is recommended that organizations invest in Threat Hunting services to protect their systems from attackers.
In addition, they recommend strengthening cybersecurity, placing greater emphasis on how attackers act.