Key findings include:
- Tor traffic increased by 350 percent.
- Hacktivist campaigns continued to compromise and deface the websites of Israel- and European Union-based organizations.
- Phishing emails continued to be successful attack vectors, with attackers using them to launch APT campaigns.
- There has been an uptick in anomalous ICMP traffic outside the realm of normal activity based on the structure and frequency of packets.
The hacktivist campaigns OpUSA and OpIsraelReborn continued to compromise and deface Israel- and European Union-based organizations’ websites; the primary attack vectors consisted of spear phishing, Domain Name System (DNS) registry tampering, SQL injection, Cross-Site Scripting (XSS) and Distributed Denial of Service (DDoS) attacks.
Spear phishing attacks identified by SERT revealed that users still fall victim to phishing attacks despite the existence of anti-phishing awareness programs within organizations. While tactics and techniques have evolved over the years, this specific attack vector has maintained a very high success rate. Solutionary provides recommendations and insight in its report to help organizations mitigate this preventable threat, and offers examples of spoofed emails and scenarios to better prepare for this frequent attack.
Finally, the report summarizes a noticeable increase in ICMP traffic targeting monitored devices in the U.S. and Europe. While ICMP is designed for diagnostic and control purposes and it occurs in normal traffic, the SERT has identified traffic that is outside the realm of normal activity based on the structure and frequency of the packets. One such payload shared commonalities with the famed worm Nachi. While conclusions have not been cemented, the traffic shares attributes similar to previous attacks, and many previous attacks have been foreshadowed by an increase in similar anomalous activity.
For more details, download the report here (registration required).