Cybersecurity remains a critical concern for organizations worldwide. Recent findings from Kaspersky, a global enabler of digital security, underscore the need for enhanced protection measures and reveal a sophisticated new threat targeting Microsoft Exchange servers.
These developments highlight the challenges faced by cybersecurity professionals and the solutions required to combat advanced cyber threats.
A recent Kaspersky research report reveals that 98% of cybersecurity experts believe improvements are necessary to maximize protection against increasingly complex cyber threats.
The study, conducted among IT security professionals, indicates that while most professionals see “a few” or “some” areas needing enhancement, one in four advocates for significant upgrades to existing cybersecurity frameworks.
This near-universal call for improvement reflects the growing complexity of cyberattacks, which include advanced persistent threats (APTs), ransomware, and phishing campaigns leveraging social engineering tactics.
The report emphasizes the need for upskilling cybersecurity teams to address these challenges.
Kaspersky recommends comprehensive training programs, such as those developed by its Global Research and Analysis Team (GReAT), to equip professionals with the skills to tackle targeted threats.
Additionally, the implementation of endpoint detection and response (EDR) solutions, like Kaspersky Endpoint Detection and Response, is critical for timely incident remediation.
Corporate-grade security solutions, such as the Kaspersky Anti Targeted Attack Platform, are also advised to detect advanced threats at the network level early on.
As phishing remains a primary attack vector, Kaspersky underscores the importance of security awareness training through platforms like the Kaspersky Automated Security Awareness Platform to educate employees on recognizing and mitigating social engineering attempts.
The demand for improved cybersecurity measures is further driven by a global shortage of skilled professionals.
According to a 2022 study by (ISC)², there is a 3.4 million-worker skills gap in the cybersecurity field, pushing organizations to outsource to managed service providers (MSPs) or managed security service providers (MSSPs) for expertise.
Kaspersky’s findings suggest that 65% of businesses outsource IT security functions due to the efficiency of external specialists, with additional reasons including the need for specialized knowledge (51%) and a shortage of in-house IT staff (50%).
These insights highlight the necessity for scalable solutions and continuous education to stay ahead of cyber adversaries.
Compounding these challenges, Kaspersky’s GReAT has uncovered a sophisticated new backdoor named GhostContainer, targeting Microsoft Exchange servers in government and high-tech sectors in Asia.
Discovered during an incident response case, GhostContainer is a customized malware built on open-source tools, likely part of an APT campaign.
The malware reportedly disguises itself as a legitimate server component, employing advanced evasion techniques to blend into normal operations.
Once loaded, it grants attackers full control over the compromised server, enabling data exfiltration, command execution, and persistent access through proxy and tunneling capabilities.
GhostContainer’s modular design allows it to dynamically extend its functionality by downloading additional modules, making it a versatile tool for cyber espionage.
Kaspersky researchers note that the malware leverages open-source projects like Neo-reGeorg for covert communication and tunneling, and its control commands are hidden within normal Exchange web requests, making detection challenging.
The intrusion likely exploits N-day vulnerabilities, such as CVE-2020-0688, to gain initial access.
So far, Kaspersky has identified two confirmed victims—a key government agency and a high-tech company—both in Asia, though the absence of exposed infrastructure complicates attribution to any specific threat actor.
The discovery of GhostContainer underscores the threat posed by open-source ecosystems, with Kaspersky reporting a 48% increase in malicious packages in 2024, totaling 14,000 by year’s end.
To counter such threats, Kaspersky recommends providing security operations centers (SOCs) with access to up-to-date threat intelligence, such as Kaspersky Threat Intelligence, which offers insights from over 20 years of cyberattack data.
Organizations are also urged to adopt comprehensive security solutions and conduct regular employee training to mitigate risks from phishing and other social engineering tactics.
Kaspersky’s findings serve as a reminder of the dynamic and sophisticated nature of modern cyberattacks.
The near-unanimous call from cybersecurity professionals for improved tools and training, coupled with the emergence of threats like GhostContainer, highlights the need for organizations to bolster their defenses.
By investing in various security solutions, continuous education, and threat intelligence, businesses can better protect their critical infrastructure and data from increasingly stealthy adversaries.
As Kaspersky continues to develop digital security solutions and share its expertise, the global cybersecurity ecosystem will be equipped to build a safer digital environment.