Hyatt’s team recently identified a rogue USB drive used to install the Raspberry Robin malware, which acts as a launchpad for subsequent attacks and gives bad actors the ability to fulfil the three key elements of a successful attack — establish a presence, maintain access and enable lateral movement. “Because it has a loader capability, it can be set to download a cobalt strike beacon to establish that persistence that enables attackers to get initial access and start building that into an environment,” Hyatt tells CSO.
In other domains, he sees threats with malvertising, or malicious ads, that can be widely deployed. A browser not using an ad blocker leaves users vulnerable to clicking on what look like ads or sponsored banners but are actually malicious and can deliver malware to their devices.
The challenge with these kinds of attacks is trying to identify the malicious activity in the exploitation phase when it’s happening. “Post-exploit, there are far more opportunities to identify malicious activity,” he says.
Hyatt sees a risk of organizations placing too much focus on new and innovative attacks and overlooking less sophisticated methods. “By focusing on security hygiene rather than chasing the latest fad, they can be better positioned to prevent low-tech attacks that are often more effective.”
QR codes ripe for exploiting
QR code-based attacks is one area that needs more attention because they seek to exploit the human element that isn’t necessarily trained to be wary of them, according to Deral Heiland, principal security researcher IoT at Rapid7.
Re-emerging with Covid-19, they’re now commonly used in many settings such as freight, accessing Wi-Fi details, authenticating online accounts and transferring payment information and are ripe for exploitation.
