Malware trend observation: Attackers rely on knowing which industries and individuals are likely to not be following best practices, as many ‘newsworthy’ events in the past couple weeks were malware or techniques that even well maintained basic antivirus would stop.
Whether it’s miner malware targeting individuals that pirate software/movies and are likely to have AV turned off, or ‘brand new’ APT reports that are using techniques easily detected by AV, many things recently are simply attackers relying on basics not being in place.
If you have served any time as an IT person you will know certain industries think they ‘can’t’ do certain security measures such as patch/segment/least privilege-attackers know that too and are clearly using it as an easy mode entry point.
Some regions stay on old versions of productivity software due to linguistic reasons (IMEs/plugins) and that is 100% something targeted attacks know-many cases we research quite simply wouldn’t work with up to date AV and software.
There’s no mystical superpowers in most attacks, and we need to make that clear when we talk about how to harden environments. Observing trends that are used by attackers, discussing them honestly, and providing creative mitigations goes a long way to protecting actual people.
I’ve also investigated many cases involving actual mystical attacker superpowers in my time, and basic understanding and protections still go a long way to securing the humans in those instances too.