It is only a matter of minutes between informing and attacking hackers.
Experts from Palo Alto Networks revealed that attackers have recently increasingly switched to so-called "scanning attacks" initiated by malware to identify vulnerabilities in target networks. Moreover, the source of the lion's share of such attacks is legitimate devices in secure networks. How do hackers manage to so deftly deceive cyber experts around their finger?
The company notes that to conduct mass scans from secure and trusted networks, hackers first penetrate these networks and infect them with malware. Only these malware carriers, which by their principle of operation are simple botnets, do not conduct DoS attacks and do not mine cryptocurrency, but massively scan the Internet for devices vulnerable to newly discovered methods of compromise.
Using a legitimate infrastructure allows hackers to anonymously identify vulnerabilities in a wide variety of networks, while bypassing any geographical restrictions.
As noted, infected devices are used to generate a much larger number of scan requests than attackers could do using only their own hardware.
This gives hackers faster identification of potential targets and a longer time frame for attacks, especially against large companies that are responsible for cybersecurity issues, eliminating vulnerabilities as quickly as possible.
As the main signs of suspicious activity of such "malicious scans", experts noted an unusually high volume of requests and the use of recognizable malicious signatures, often used by intruders.
As part of monitoring network traffic, Palo Alto Networks specialists identified new scanning models, as well as the use of previously unknown URLs as malware delivery channels, which are also used for the operation of command servers.
Analysis of malicious activity shows that popular botnets, such as Mirai, are actively integrating new vulnerabilities for distribution, which underlines the need for timely updating of systems for detecting and blocking attacks.
For example, after the spread of information about the presence of zero-day vulnerabilities in Ivanti products in January — a sharp increase in the number of scans was immediately recorded, which indicates an increased interest of cybercriminals in newly discovered vulnerabilities.
Experts at Palo Alto Networks emphasize that with advanced monitoring systems and rapid response, organizations can detect and neutralize these threats in time, protecting their critical assets. The key to success is continuous improvement of cybersecurity tools and well-established information about new threats in order to have time to prepare your networks for current risks.
Experts from Palo Alto Networks revealed that attackers have recently increasingly switched to so-called "scanning attacks" initiated by malware to identify vulnerabilities in target networks. Moreover, the source of the lion's share of such attacks is legitimate devices in secure networks. How do hackers manage to so deftly deceive cyber experts around their finger?
The company notes that to conduct mass scans from secure and trusted networks, hackers first penetrate these networks and infect them with malware. Only these malware carriers, which by their principle of operation are simple botnets, do not conduct DoS attacks and do not mine cryptocurrency, but massively scan the Internet for devices vulnerable to newly discovered methods of compromise.
Using a legitimate infrastructure allows hackers to anonymously identify vulnerabilities in a wide variety of networks, while bypassing any geographical restrictions.
As noted, infected devices are used to generate a much larger number of scan requests than attackers could do using only their own hardware.
This gives hackers faster identification of potential targets and a longer time frame for attacks, especially against large companies that are responsible for cybersecurity issues, eliminating vulnerabilities as quickly as possible.
As the main signs of suspicious activity of such "malicious scans", experts noted an unusually high volume of requests and the use of recognizable malicious signatures, often used by intruders.
As part of monitoring network traffic, Palo Alto Networks specialists identified new scanning models, as well as the use of previously unknown URLs as malware delivery channels, which are also used for the operation of command servers.
Analysis of malicious activity shows that popular botnets, such as Mirai, are actively integrating new vulnerabilities for distribution, which underlines the need for timely updating of systems for detecting and blocking attacks.
For example, after the spread of information about the presence of zero-day vulnerabilities in Ivanti products in January — a sharp increase in the number of scans was immediately recorded, which indicates an increased interest of cybercriminals in newly discovered vulnerabilities.
Experts at Palo Alto Networks emphasize that with advanced monitoring systems and rapid response, organizations can detect and neutralize these threats in time, protecting their critical assets. The key to success is continuous improvement of cybersecurity tools and well-established information about new threats in order to have time to prepare your networks for current risks.
