A Blended Threat is a computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods—for example, using characteristics of both viruses and worms. A blended threat often involves an infection chain that begins with a user visiting a website and then diverted to a malicious URL. After this, social engineering lures will lead the user to download a malicious file which will continue to download additional malicious files. By using multiple methods and techniques, cybercriminals are able to quickly and quietly invade your network many times, leading to ransomware and extortion demands.
Additional Reading: Secret Service Creates Cyber Fraud Task Forces
What does this mean for an SMB?
Attacks like these can be prevented. The best way to do this is by training your staff. If you’re an MSP, you should consider training your clients to lower your critical support events. In many cases, business owners don’t realize that the threats don’t stop at the office doors. Employees go home and may have less secure measures in place to defend against cyber threats. That can lead to an infection from home invading your business network and services. Protect your staff and your business through awareness and knowledge.
- Train employees on cybersecurity basics, helping them become more aware of the threats they face when interacting online. (Phishing, Social Engineering Attacks)
- Periodically Phish Test Employees (at least annually, but preferably quarterly or monthly)
- Be wary of public, unsecured WiFi (use a VPN if dealing with sensitive information)
- Govern employees with the proper policies, following NIST Guidelines (WISP, Acceptable Use, Password Policy, etc)
- Employ a Password Manager, require it in your Password Policy, demand strong password hygiene in your employees and business
- Enable Two-Factor Authentication wherever possible and especially on all Internet facing services you use (O365, Salesforce, Finance apps. etc.)
- Work with your IT staff or third party vendors to ensure your critical data is being encrypted at rest and in transit (ensure keys are strong and passwords long)
- Regularly backup critical data following the 3-2-1 methodology
- Use the principle of least privilege
- Patch your systems regularly and triage critical vulnerabilities using a repeatable process with established timelines based upon threat levels
- Stay current with the always-changing cyber threats.
By implementing these measures at your business you’ll become more aware and more secure. You may not have perfect security but you’ll be doing what you can to reduce the risks you face.
Blended Threats Explained:
CyberHoot loves this video explanation of Blended Threats despite it being created way back in 2009. It is thorough, easily understood, and well constructed. All of the technologies discussed, antivirus, behavior based analysis, are as appropriate today as 11 years ago. This technology vendor’s behavior based approach to threat blocking is sound and should be considered in your cybersecurity toolbox.
The only technology recommendation missing from this video is the advent of Domain Name Services (DNS) protection. Consider deploying Cisco Umbrella, WebRoot DNS protection or something similar.