Security breaches and ransomware attacks have come to the forefront in recent months as cybercrime has seen a major increase. Our security experts are constantly searching for the latest vulnerabilities, methods of attack, and strategies for defense. The RKON security team had the opportunity to attend the Black Hat 2021 Security Conference, where we joined industry experts, cybersecurity peers, vendors, and clients to discuss protection of IT environments and business information.
Below we outline some of our insights from the conference, including the top 5 cybersecurity threats by platform. Here we break down the platforms that are being most targeted and how cybersecurity criminals are breaching these platforms.
Microsoft’s software-as-a-service offering features the company’s well-known desktop applications, application services, and productivity services. The platform is intended for businesses and individual users alike, with millions of customers around the globe. Breaches are derived from attackers disabling security features, which allows bad actors to bypass mailbox audit logging. After circumventing mailbox audit logging, hackers are able to add other applications, such as Microsoft Graph, with escalated privileges to avoid access controls.
Amazon Web Services
Amazon’s cloud computing platform boasts over 200 fully featured services from data centers globally. Although, IT experts have identified security issues within the platform. Attackers are able to leverage cross-account vulnerability to manipulate various services, including AWS Config, AWS Cloudtrail, and AWS Serverless Repository. Bad actors can then leverage these services to perform actions on other clients’ resources due to unsafe identify policies.
Microsoft Windows Hello
Windows Hello is Microsoft’s biometrics security system, allowing users to login with just a fingerprint, iris scan, or facial recognition. Experts at Black Hat discussed some of the issues with the platform, specifically attackers being able to circumvent Windows Hello’s facial recognition for device authentication by imitating a USB camera using a modified USB device with an infrared image of the user. Once given access to a individual’s device, attackers have access to all of the files, permissions, and communications stored within the computer.
MacOS is well-known around the world as Apple’s operating system for their line of computers. The security industry has raised concerns about the accessibility of personal resources within the operating system. It has been found that attackers are able to bypass Apple’s Transparency, Consent, and Control (TCC) framework, which restricts access to sensitive personal resources. Cybercriminals are leveraging process injection, mounting, application behavior, and simple file searches to find vulnerabilities and gain access to these protected resources.
File systems have been a popular system to attack for years. There are many methods to exploit, but what IT experts are seeing now is a focus on file and folder uploads via a website. Attackers are able to hack a file system from a website call for filed and folder upload. Bad actors can upload malicious files to the website in an effort to exploit vulnerabilities.
Each of these platforms are at risk of being attacked. Private Equity & Mid-market organizations should keep up to date with the latest vulnerabilities and strategies to ensure protection of their business. We offer cybersecurity assessments as a part of RKON’s security services where we can help you prevent, analyze, identify, and remediate any potential of on-going security threats. Don’t hesitate to contact us online, or give us a call at (312) 654-0300.