Priya PatelTLDR:
Attackers are now using malware-infected devices to scan target networks, hiding their identity and increasing their reach. By analyzing scan characteristics like request volume, systems can detect scanning patterns and vulnerabilities. Examples include exploiting MOVEit and Ivanti vulnerabilities. Attackers target common technologies like routers and collaboration tools. Monitoring scanning activities and patching vulnerabilities are crucial for defense.
Attackers are now using malware-infected devices to scan target networks instead of directly scanning them. This approach helps them to hide their identity, evade geographical restrictions (geofencing), and grow their botnets.
Compromised hosts provide more resources to launch large-scale scans than a single attacker machine could manage. Systems can effectively detect established and novel scanning patterns by analyzing scan characteristics like request volume and matching them with known threat signatures.
Attackers use scanning techniques to probe target networks for weaknesses, which can identify open ports, software vulnerabilities, and even operating systems. By exploiting these vulnerabilities, attackers can gain unauthorized access or disrupt systems.
Technology stack targeted by attackers. Attackers were observed using novel URLs within their exploits to bypass security measures. In both cases, the scanning requests preceded the detection of subsequent malicious payloads, highlighting the importance of proactive scanning detection for timely threat mitigation.
Malware-driven scanning. The technique allows attackers to evade detection and use the resources of compromised devices for large-scale vulnerability scanning, where the targets can vary depending on the attacker’s goals, which could be focused attacks against specific entities or widespread scanning to infect more devices.
Defenders need to patch vulnerabilities and update detection systems to block new variants, while monitoring scanning activities across multiple networks can help detect new scanning patterns more rapidly.
