Along the year 2021, POST Cyberforce – through their overall cyber analysis – has observed three trends from cyberattackers in Luxembourg. Their favorite one remains phishing, a technique that enables the attacker to directly reach the end-user. The proceeding consists in an email or SMS item alerting on urgent changes on the victims’ account (bank, insurance,…), which invites them to click on an infected link. The latter leads to a specific webpage – also known as “phishing kits” – where the targets are invited to enter their login details. This action allows the attacker to exploit the victims’ data. POST team also detected a new method, which is the use of shorter URLs so as to hide malicious hyperlinks.
As enterprises increasingly shift to cloud solutions to stock their data, hostile actors tend to rely on this technique – also called “spearphishing” – to take advantage of private resources. To achieve this, they spot employees to access their professional account – also known as AD (Active Directory) account. Private individuals are not exempted, as attackers mostly tend to steal their bank information so as to commit fraud crimes. Furthermore, phishing can be achieved through a simple phone call where the interlocutor encourages the victim to install a tool to steal their data.
The exploitation of known vulnerability comes second in the cyberattack ranking. This attack entails a systematic way to penetrate computer systems due to security holes in the software. This can represent a theoretical description of the vulnerability or a deployable program for direct use. The year 2021 was notably marked with Log4Shell, which represents a vulnerable version of Log4j software, which enables a cyberattacker to take control over the computer – if they first succeed to enter the server. This vulnerability contributed to the discovery of multiple similar vulnerabilities on other devices.
Finally, data breach comes last to the cyberattack podium. Although Luxembourg was not directly targeted, data breach attacks starting outside eventually reached the country. These occurrences can also take the form of scrapings – which aims to collect personal data from social media pages in order to create personalized phishing campaigns. These mainly appeared on Facebook, LinkedIn, and Instagram, from April to July 2021.
Although there are less attacks in Luxembourg, one should bear in mind that cyberattacks are growing more sophisticated, hence harder to detect. For this reason, companies must prepare internally so as to be able to face these current and future threats, as they represent the number one target for cyber criminals. If companies want to ensure their cybersecurity, they are required to hire “a team capable of identifying breaches and risks, as a Security Operations Center”, and be prepared to “cope with attacks, regardless of its nature”. POST also recommends establishing a business continuity plan, which aims at adopting a holistic approach towards the business activity.
“Today, it is required to consider other approaches – starting from questioning whether we are genuinely ready to face any eventuality. Are adequate procedures well implemented to suppress the attack, limit the damage or, if need be, restore systems or data?”, POST Luxembourg Head of CyberForce Offensive Security.