Herjavec Group’s Threat Summary Analysis – Q2 2019

June 20, 2019

Herjavec Group’s Threat Management Team leverages this Quarterly Threat Summary to provide an overview of the most common threats and vulnerabilities seen in customer environments in recent months.

While Phishing, Ransomware, Crypto-Jacking and IoT Vulnerabilities were prominent in 2018 and the early months of 2019, we have seen a recent uptick in Business Email Compromises, Credential Stuffing, and Web Application Attacks. A summary of each threat type, as well as their potential impact and mitigation strategies, has been outlined below.

For timely threat communication, security recommendations and mitigation techniques, please subscribe to HG Threat Advisory Communications

Business Email Compromise

Cyber-Enabled Financial Fraud

Business Email Compromise (BEC) attacks involve fraudulent requests to pay invoices, change banking information, buy gift cards, or other actions that result in payments being directed to attackers.  Often impersonating high-level executives or business partners, the attackers rely on a sense of authority or urgency to bypass normal procedures, checks, and balances.

BEC attacks have resulted in the loss of billions of dollars and have affected organizations across every vertical.  The transnational criminal organizations responsible for these attacks employ a variety of methods to trick their victims into making wire transfers including spear-phishing, social engineering, malware, and identify theft.  The funds are often difficult to recover due to the laundering and transfer techniques used by the attackers.

Recommendations to Mitigate Risk

In order to defend against BEC attacks, organizations need to employ the following mitigation strategies:

  • Define robust policies regarding the update or change to any billing or financial information
  • Follow the “don’t rely on email alone” principle
  • Apply Multi-Factor Authentication
  • Apply detection rules for email to identify potentially fraudulent or suspicious email messages
  • Add visible banners to emails to indicate when a message came from an external and/or suspicious source

Credential Stuffing

Credential stuffing occurs when an attacker attempts to gain access to systems or applications by leveraging the vast quantity of leaked credentials and the human propensity to reuse usernames and passwords.  This is a subcategory of brute force attacks, automatically entering large numbers of credentials into services to identify potential account reuse.

These attacks are increasingly common and affect organizations across every vertical. 

Recommendations to Mitigate Risk

In order to reduce the risk of falling victim to a credential stuffing attack, users and organizations should use the following strategies:

  • Enable Multi-Factor Authentication for all user accounts
  • Internal security teams can check user passwords against caches of leaked credentials to identify overlap, and force password resets where necessary
  • Organizations can enable advanced brute force detection, multi-factor authentication, CAPTCHA, etc. to reduce the likelihood of credential stuffing

Web Application Attacks

Web Application attacks continue to be one of the most common hacking methods we support and defend against. These attacks take many forms – leveraging exploits or vulnerabilities in applications, weaknesses in configurations, denials of service, etc.  Often these attacks are performed in an effort to gain access to sensitive or important data; other times they are used as a foothold into the organization as part of a larger attack.

Recommendations to Mitigate Risk

To protect your web applications against targeted attacks, consider the following mitigation strategies:

  • Invest in defensive technologies including web application firewalls and scanners
  • Integrate application security processes and practices into all phases of the web application lifecycle
  • Limit inbound requests to only required services

To download a PDF copy of the Q2 2019 Threat Summary, click below.

For more information on Herjavec Group's Threat Management practice and our comprehensive cybersecurity services, request a 15-minute service briefing.

Herjavec Group regularly publishes Threat Advisories with the most up-to-date information on industry threats and vulnerabilities. A subset of Herjavec Group’s recent Threat Advisories can be viewed here.

To receive timely and informative Threat Advisories from Herjavec Group, sign up for our mailing list below.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn