As today’s businesses and organizations continue to deploy more modern and sophisticated cybersecurity solutions to address today’s security threats, cybercriminals have begun adapting their strategies to gain access to and exploit network vulnerabilities. One of these techniques used by modern cybercriminals is to initiate multi-vector smokescreen attacks in an attempt to lure the attention of IT security professional away from their true targets. While security teams are busy address the high-profile distraction attack, attackers use more sophisticated methods to breach the network and deploy malware. These threats will then often lie dormant for long periods of time before launching their attack.As illustrated by recent breaches targeting the financial services industry, the impact of these smokescreen-style cyberattacks can be severe. Given the large amount of lucrative personal and financial data stored within the financial services sector, it makes sense that cybercriminals are willing to demonstrate extreme patience with their attacks if it tips the odds of success in their favor.

Our latest Global Threat Landscape Report for Q2 revealed that cybercriminals are leveraging a wider scope of attack capabilities, strategies, and vectors across the kill chain. From reconnaissance and weaponization, to post-attack command and control, cybercriminals have a variety of smokescreen distractions to choose from.

To maintain an effective security posture against smokescreen attacks, IT professionals need the capability to conduct their threat analysis and detection efforts network-wide, enabling them to identify and rate multiple attack vectors simultaneously and then being able to address and mitigate those attacks at machine speeds.

Smokescreen Attacks in the Modern Threat Landscape

Today’s modern cybersecurity threats move at such a rapid pace that cybersecurity professionals often tend to focus on high-volume activity, addressing primary threats that seem to pose the most immediate danger to network security. While this practice makes sense, it can inadvertently cause IT teams to lose sight of the bigger picture. By focusing on the task at hand with tunnel-vision, network security is left more vulnerable in areas outside of that initial focus—something cybercriminals have been quick to recognize and exploit.

As they attack a network across numerous fronts, a growing number of cybercriminals are looking to create confusion and misattribution of defense priorities. They understand the security tools their targets leverage and aim to overwhelm them by introducing sophisticated attacks that can move laterally across a network and set off significant amounts of threat indicators. With this in mind, there are a variety of cyberattacks and methods that can be leveraged as a smokescreen:

Cryptojacking: Cybercriminals are leveraging exploits and distributing unique malware variants into the browsers of machines operating within a target’s network. From there, these infections leach CPU resources in order to generate cryptocurrency. These attacks have the potential to drastically slow down the performance of network machines, providing a clear false motive of financial gain to effectively distract cybersecurity teams.

DDoS Attacks: Distributed denial of service (DDoS) attacks have been a consistent threat to businesses and organizations across industries for a long time. For cybercriminals with access to large-scale botnet swarms, a target’s network can be flooded with requests that overwhelm network bandwidth, causing it to slow down or crash completely. These sorts of attacks can quickly consume all of the attention and resources of a security team, allowing them to miss a more sophisticated attack targeting the network at the same time. 

Ransomware: Ransomware variations like SamSam and WannaCry have been on the cybersecurity community’s radar for some time—and for good reason. Since entering the stage, ransomware has made several large-scale successful attacks. However, given the fairly autonomous lateral movement of ransomware, coupled with the overall impact it can have on an organization, it also makes for an effective distraction. 

Designer Attacks: Modern cybercriminals are shifting away from the traditional “spray and pray” approach of scaling wide attacks in the hopes that a vulnerability can be exploited. Instead, highly sophisticated attacks are carried out targeting specific, pre-identified network vulnerabilities, and they are increasingly being launched under the cover of a larger, more noisy attack.

Mitigating the Impact of Smokescreen Attacks 

Addressing cyberattacks in and of themselves can be difficult enough for IT personnel, especially amid the challenge of the growing cybersecurity skills gap. With modern, complex attacks serving as distractions for additional attacks that lie “below the radar,” however, cybersecurity professionals find themselves attempting to effectively secure the network across a variety of attack vectors simultaneously.

As a result, having the ability to maintain proper cybersecurity hygiene is of the utmost importance. In fact, across industries, a staggering 93% of cyberattacks could have been prevented with simple security maintenance like routine scans and patching. It stands to reason that the best way to address a current smokescreen attack is to prevent it from happening in the first place.

However, in today’s threat landscape, it’s no longer a question of if you experience cyberattacks, but when. In order to address attacks on multiple fronts, cybersecurity teams need the capabilities to identify and address multiple threats, while mitigating the damage caused by any successful breaches. With this in mind, consider the following:

  • Automate threat analysis efforts: The analysis capabilities required to scan for, recognize, and address modern threats is growingly increasingly difficult to perform. What’s more, the amount of time it takes to manually inspect each individual network element means existing cybersecurity personnel are stretched thin. By adopting automation, IT teams can effectively identify threats across the network at machine speed—allowing them to identify all threats and thereby better focus on their priority tasks.
  • Segment networks: Segmenting a network not only helps limit the amount of damage a successful attack can cause, but it also helps limit the ability of cybercriminals to maneuver across the network while a smokescreen attack has IT professionals preoccupied. 
  • Merging network elements into a Security Fabric: By unifying your cybersecurity solutions across the network into a comprehensive Security Fabric, IT personnel can actively synchronize resources to defend against smokescreen attacks. In doing so, security personnel can increase their response time to secondary attacks, thereby identifying them and mitigating any damage they intend more effectively.

Final Thoughts

As cybersecurity efforts grow in response to today’s increasingly complex threat landscape, cybercriminals are adapting their tactics. By initiating a smokescreen attack they can preoccupy IT personnel and increase the likelihood that a secondary attack will succeed. In an effort to help organizations across industries secure themselves against these kinds of cyberattacks, Fortinet has released a variety of products designed to usher in the third generation of security, giving organizations the tools they need to effectively secure themselves against today’s threats.

Download our most recent Threat Landscape Report. Sign up for our weekly FortiGuard Threat Brief or for our FortiGuard Threat Intelligence Service.

Tags: