The Cyber Attack Trend is Shifting

More cyber attacks by Emotet and Lapsus$

In early March of 2022, IPA (Information-technology Promotion Agency) Japan announced that there were 323 malware Emotet infections reported during March 1st to March 8th. And they announced that this number is about 7 times more than the same period in February. Recently, malware Emotet is attached to emails sent to many Japanese companies. Since the malware is compressed into a password protected zip file, even if the company uses an anti-malware solution, the file can just pass through. Plus in Japan, since there is a culture of sending an attachment file by compressing it into a password protected zip file, many Japanese are used to opening the zip file attached to an email. These increased the effectiveness of attack. And, one of major companies in Japan ended up suspending their factories for a while.

Other than Emotet, there were attacks by a cyber crime group called Lapsus$. Lapsus$ get into a company’s network and acquires internal information. Then, they will threaten the company to pay or else, they will expose confidential information into the internet. The name Lapsus$ suddenly became famous as they successfully acquired and exposed internal information of world well-known companies.

The reason why these attacks are different from previous attacks

The methods of those attacks are quite usual. Emotet will just attach malware to an email. And, Lapsus$ mostly uses social engineering to acquire valid account information. However, there is a big difference compared to previous malware or ransomware attacks. Those attacks become successful because of vulnerabilities in the business structure. Well-known companies were damaged by Emotet because of the infection via their partner companies. Plus, well-known companies were damaged by Lapsus$ because of the successful social engineering via an outsourced person.

Many companies keep improving their security measures so that in many cases, companies themselves become secure. However today, businesses are run by various companies cooperating together. Therefore, keeping security by the company is not enough. The company needs to make sure that related companies are also secure.

This implies that if a company provides supply to a major company, a certain level of security will be required in order to continue business with the major company. Plus, if a company is running business by using many outsources, the company will need to be responsible for the security of those outsource companies.

Time to think about zero trust security

The concept of zero trust security is "never trust, always verify” the user when they use the IT system. For example, if a user would like to access data in the intranet from an internal network, access to the data was allowed because the people in the intranet can assume that they are internal people. However, in zero trust security, since we “never trust but always verify”, the user needs to have authentication to access the data even if they are accessing from an internal network.

Multi-factor authentication(MFA) is effective in zero trust security because it will ask to verify not only with ID and passwords but also with valid mobile devices. Therefore, even if a hacker successfully acquired credential information to sign-in, unless the hacker also acquires a valid mobile device, they can not sign-in.

Malicious hackers always try to find vulnerabilities within business systems in order to succeed. And today, partner companies and outsourced people which the company can not force to fulfill the same security level become a target. In the near future, more companies might request the same level of security to those partner companies and outsourced people. Therefore, the companies working with a big company will need to prepare to improve their security level in order to continue business with the big company. And, implementing a zero trust security model will be the key to improve security.

WRITTEN BY