STM Announces New Cyber Threat Status Report

Date: Issue 94 - September 2019

Executing significant projects in the field of cyber security and developing indigenous products, ThinkTech, the Technological Think Tank of STM, published the Cyber Threat Status Report on July 22 which covers the period from April to June.

In the report, while warning against cyberattacks carried out by malicious software, it stated that attacks targeting increasing software vulnerabilities are frequently spread via office documents and spam e-mails.  The reported noted that Turkey is amongst the target countries of cyberattacks that have been carried out via malware.

STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.’s new Cyber Threat Status Report warned against the fact that attacks using malware have been on the rise recently by targeting software vulnerabilities and poses a serious security threat to not only personal data but also can impact critical infrastructures as well.  It was also stated in the report that unauthorized accesses made through malware give rise to illegal capture of sensitive data, such as identity numbers and passwords, and disclosure of corporate information, and the vulnerabilities that are remotely run by cyber attackers increase the extent of the risk.

Cyberattacks being Realized without the Necessity of Password and Username

The rapid development of information technologies results in the diversification and increase in instances of software vulnerabilities that may possibly become targets. The report stated that Microsoft has recently released a patch for a security vulnerability named BlueKeep and underlined that the attacker is able to run codes with the ‘administrator’ authorization without any authentication. The fact that Windows 7 and Windows 2008 R2, one of the most widely used operating systems for critical infrastructures, is affected by the BlueKeep vulnerability shows just how great the effects of vulnerability exploit code development can be.

Another cyberattack mentioned in the report is the APT34 (OilRIG) which was leaked through a special Telegram channel last April. These malware codes provide access to databases using vulnerabilities in web applications. In this way, attackers can access a great deal of data without the need of a username and password, infect the intranet of an organization over the servers and capture user passwords.

Turkey also the Target of Attacks via Office Documents

The report also drew particular attention to malicious codes sent in the form of office documents and e-mail attachments in attacks designed to hack data and systems. Emotet, known for its worldwide campaigns, poses cyber threats through office documents and phishing attacks.

Active since 2017, APT MuddyWater carries out its attack campaigns with malicious office documents that are sent as e-mail attachments. The attacker’s ability to download files to the captured systems and run them from remote server results in a risk increase. Turkey is also amongst the countries that Emotet and MuddyWater has targeted recently.

Attention to Raffle Applications Targeting Personal Information

According to STM’s report, it is seen that attacks on mobile platforms in the form of a contest or raffle to capture users’ information are increasing, especially on special days and periods. Mentioning the malicious raffle application released during the month of Ramadan, the report stated that personal information of users such as ID numbers or customer IDs, passwords and phone numbers are collected in order to be eligible for the raffle.

Mind-Boggling Threat in Computed Tomography Diagnosis

Having referred to university research, the STM Cyber Threat Status Report highlighted the risks that have arisen due to attacks on medical imaging systems such as Magnetic Resonance Imaging (MRI) and computed tomography (CT). Within the scope of the research, an attack demo carried out in a volunteer hospital demonstrated that the imaging results can be interfered with and diagnostic findings could be changed. When the modified images were examined by radiologists, the intervention caused a great deal of error in the diagnosis of the disease. STM previously announced that it has initiated R&D activities to develop an innovative cyber security product to reduce such critical risks in hospitals and to prevent possible attacks, and drew attention to this fact once again in its report.

Today, the fact that cyber threats have spanned a wider attack area proves the importance of protective and preventive measures that need to be taken by companies. Stating that awareness should be expanded on this issue, the report cautions companies and advises them to take necessary security measures in their systems by scanning vulnerabilities that arise worldwide. In cyber security processes, there is also an increasing need for decision support systems that place risk management on a rational basis by performing automated vulnerability scanning. STM continues to develop and invest in systems that empower cyber security experts to make fast and prioritized decisions to provide an optimal advantage in vulnerability management.