Editorial TeamDeepfake Phishing Targets Trump’s Chief of Staff – May 30th
In today’s daily roundup – Deepfake Phishing Targets Trump’s Chief of Staff, ConnectWise Breached by Suspected Nation-State Actor, and Unbound Security Raises $4M Seed Funding.
AI increasingly used to deliver malware
Many organizations’ ongoing enthusiasm for incorporating artificial intelligence (AI) is leaving them open to sophisticated and carefully planned cyber-attacks. Cybersecurity company Mandiant, a Google subsidiary, has issued an urgent warning for companies to be wary of downloading AI tools from unvetted websites.
Cybercriminals crack MFA defenses
Cybercriminals are now using social engineering techniques developed to crack passwords to break through multi-factor authentication (MFA) defenses, such as sending a code to another device, such as the user’s smartphone.
According to the UK’s National Cyber Security Centre (NCSC) report, Not all types of MFA are created equal…: “Attackers have realized that many of the same social engineering techniques that tricked us into handing over passwords can also be updated to overcome some methods of MFA. We’ve seen the success of attacks against MFA-protected accounts increasing over the past couple of years.”
Microsoft Helping US Hospitals from Cyber Attacks – June 11th
Microsoft announced the launch of its new cybersecurity program to support hospitals in rural America from cyber attacks.
Microsoft’s new security suite and cyber training offering will provide nonprofit pricing and discounts to critical access hospitals and rural emergency hospitals.
Law Enforcement Ramp-Up Efforts to Capture ‘Emotet’ Mastermind – June 3rd
The law enforcement agencies behind Operation Endgame are seeking information about Odd, who is allegedly behind the ‘Emotet’ malware.
Initially a banking trojan, the ‘Emotet’ malware evolved into a tool that delivers an array of payloads, including TrickBot, IcedID, QakBot, and others.
Chinese Hackers Using ORB Networks to Evade Detection – May 23rd
Mandiant revealed that Chinese-linked state-backed hackers rely on operational relay box (ORBs) network proxy meshes to avoid detection for cyber espionage campaigns.
For example, Mandiant pointed out that these advanced persistent threat actors (APTs) used ORBs for the ‘SPACEHOP’ critical vulnerability campaign earlier this year.
Ransomware drives corporate cyber-crime
Cybercriminals are getting greedier. According to Google subsidiary Mandiant’s M-Trends 2024 Special Report, the proportion of financially motivated intrusions grew from more than a quarter of all investigations (26 percent) in 2022 to over a third (36 percent) in 2023.
Ransomware-related intrusions represented almost two-thirds of financially motivated intrusions and 23 percent of all 2023 intrusions; the remaining financially motivated intrusions included business email compromise (BEC) fraud and cryptocurrency theft. In 70 percent of cases, organizations learned of ransomware-related intrusions from external sources. In three-quarters of those cases, organizations were notified of a ransomware incident by an attacker ransom message. The remaining quarter came from external partners, such as law enforcement or cybersecurity companies.
“This is consistent with the extortion business model in which attackers intentionally and abruptly notify organizations of a ransomware intrusion and demand payment,” says Mandiant.
Visa’s Warning on RAT Campaign Targeting Financial Orgs – April 5th
Visa released an alert on the ‘JsOutProx’ remote access trojan (RAT) malware phishing campaign which targets financial institutions and customers.
The JSOutProx malware linked to the ‘Solar Spider’ threat actor delivers a RAT that could steal sensitive data, establish a C2 connection, and extract Outlook information, among others.
Telegram: The New “Epicenter for Cybercrime” – February 1st
A report released by cybersecurity researchers at Guardio Labs called attention to the emergence of Telegram as the ‘epicenter for cybercrime’.
The Guardio researchers attribute the rise of Telegram for cybercrime to the “democratization” of the phishing ecosystem enabled by the messaging platform, allowing threat actors to initiate a mass attack for as low as $230.
Russia-Backed Hackers Infiltrate Microsoft’s Corporate Email System – January 22nd
Microsoft announced on a blog post that the email intrusion attack began in November 2023 and was discovered on January 12th, 2024. Microsoft deduced that the attack originated from a Russian nation-state hacking group.
The Microsoft blog post stated the attack gained access to a small percentage of Microsoft corporate email accounts, consisting of Microsoft leadership, security, and IT team members. The incident is still under investigation and reported to the SEC, Microsoft vowed to take any further necessary action while being as transparent as possible.
CISA Signs Cybersecurity MoU with the Republic of Korea – November 10th
The Cybersecurity and Infrastructure Security Agency (CISA) announced a signed Memorandum of Understanding (MoU) with the Republic of Korea’s National Intelligence Service (NIS) to establish collaboration efforts under the bilateral Cyber Framework between the US and the Republic of Korea signed in April.
The framework between the Republic of Korea and the US includes sharing technical and operational cyber threat information and best practices in cyber crisis management.
FBI sounds second call to arms to fight cybercrime
The US Federal Bureau of Investigation (FBI) is increasingly anxious to enlist the private sector in the losing battle it is fighting against global cybercrime and espionage. Speaking in Washington on Monday, FBI director Christopher Wray stressed the importance of “collaborative, public-private” operations in fighting cybercrime, developing a strategy previously outlined by FBI Deputy Director Paul Abbate at a Boston cybersecurity conference three months ago.