Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cybersecurity Agencies. Show all posts

UK and US Warn of Rising Iranian Spear Phishing Threat

 

The UK’s National Cyber Security Centre (NCSC) collaborated with government agencies across the Atlantic to issue a new alert regarding Iranian cyber-threats last week. 

The security advice, issued in collaboration with the FBI, US Cyber Command - Cyber National Mission Force (CNMF), and the Department of the Treasury (Treasury), claimed that Iran's Islamic Revolutionary Guard Corps (IRGC) was behind the spear phishing attack. 

The campaign is aimed at individuals "with a nexus to Iranian and Middle Eastern affairs," but it is also focused on US political campaigns, with the ultimate goal of expanding its information operations, the advice stated. Current or former top government officials, think tank personnel, journalists, activists, and lobbyists seem to be potential targets. 

Threat actors change their strategies according to the specific target, which could involve impersonating family members, professional contacts, prominent journalists, and/or email providers. The lure may be an interview, an invitation to a conference or embassy event, a speaking engagement, or another political or foreign policy dialogue. 

“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” the report reads. 

“Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors. Victims sometimes gain access to the document but may receive a login error.” 

Prevention tips

The advisory advised readers to be suspicious of unsolicited contact, attempts to send links or files via social media and other online services, email messages flagging alerts for online accounts, emails purporting to be from legitimate services and shortened links. It also recommended enterprises to:

  • Implement a user training program for phishing awareness.
  • Recommend users only use work emails for official business, always keep software updated, switch on multi-factor authentication, and never click on links or open attachments in unsolicited emails.
  • Users are recommended to use advanced protection services and hardware security keys. 
  • Switch on anti-phishing and spoofing security features. 
  • Block automatic email forwarding to external addresses.
  • Monitor email servers for changes to configuration and custom rules.

Encina Wastewater Authority Reportedly Targeted by BlackByte Ransomware

Carlsbad, California – Encina Wastewater Authority (EWA) has become the latest target of the notorious BlackByte ransomware group. The group, known for its aggressive tactics, has hinted at a cyberattack on EWA's platform, suggesting the potential sale of sensitive company documents obtained during the intrusion.

Despite BlackByte's claims, EWA's website, http://encinajpa.com, remains operational without immediate signs of intrusion. However, cybersecurity experts speculate that the threat actor may have infiltrated the organization's backend systems or databases rather than launching a visible front-end attack like a distributed denial-of-service (DDoS) assault.

Encina Wastewater Authority serves over 379,000 residents and businesses across North San Diego County, playing a crucial role in wastewater treatment, resource recovery, and environmental protection for public health and regional water sustainability.

The Cyber Express has reached out to Encina Wastewater Authority for clarification on the alleged cyberattack. As of writing, no official statement or response has been issued by the organization, leaving the claims unconfirmed. The BlackByte ransomware group has also shared sample documents, indicating the attack and offering their sale or removal via email.

BlackByte has been a concern for cybersecurity agencies since its emergence in July 2021, targeting critical infrastructure and gaining attention from the Federal Bureau of Investigation (FBI) and the US Secret Service (USS). Despite mitigation efforts, such as the release of a decrypter by Trustwave in October 2021, BlackByte continues to evolve its tactics and persists in targeting organizations worldwide through a ransomware-as-a-service (RaaS) model.

The situation regarding the alleged cyberattack on Encina Wastewater Authority will be closely monitored by The Cyber Express, and updates will be provided as more information becomes available or any official statement from the organization is issued.

IRS Sends Cyber Attachés Abroad to Combat Cybercrime

 

The Criminal Investigation (CI) of the Internal Revenue Service (IRS) is taking a courageous initiative in the fight against cybercrime by sending cyber attachés across four continents. Earlier on Thursday, the regulator provided this update.

The most recent plan focuses on preventing tax and financial crimes involving cryptocurrencies, decentralised finance, peer-to-peer payments, and mixing services; the CI hopes to improve global cooperation in the struggle against these illegal practises. 

The effort highlights the IRS's dedication to always being one step ahead of cybercriminals in the rapidly changing digital environment. 

Beginning of the global cyber showdown

A pilot programme run by the IRS CI will begin in June and place cyber attachés in key sites throughout the world. Sydney, Singapore, Bogota, and Frankfurt were selected as the cities for deployment, representing Australia, Asia, South America, and Europe, respectively. 

These attachés will use their specialised expertise in close cooperation with regional law enforcement organisations to combat tax evasion, financial fraud, and other illegal actions made possible by digital currency. 

The IRS CI seeks to foster a seamless interchange of knowledge, information, and resources with foreign counterparts by stationing cyber attachés abroad. This proactive strategy is aware that a unified worldwide front is necessary to effectively battle cybercrime.

Jim Lee, Chief of the CI, emphasises the significance of providing international partners with the same level of expertise and resources as those available within the United States. To address the global scope of cyber threats, this programme will need to forge powerful multinational coalitions. 

The use of cyber attachés expands on the CI's prior international cooperation initiatives. A permanent cyber attaché from the CI has been based at the Europol headquarters in The Hague, Netherlands, since 2020. 

To promote collaboration and coordination with European law enforcement authorities, this role was created. With the expansion of the attaché programme, the CI is now able to reach more people and have a greater influence in areas that are known to be hubs for cybercriminal activity. 

An emphasis on crypto-inspired crimes 

Cybercriminals are using cryptocurrency for different illegal activities as the world becomes more digitised. The IRS's decision to give tax and financial crimes involving cryptocurrencies top priority shows how determined it is to confront these new dangers head-on. 

The CI attempts to safeguard people, businesses, and the economy by focusing on criminal activity such as tax fraud, drug trafficking, money laundering, public corruption, and healthcare fraud.

U.S. authorities are increasingly going after cybercriminals, especially those who use cryptocurrencies or decentralised finance (DeFi) to do their crimes. In a recent development, the IRS seized two domains connected to the notorious mixing service, ChipMixer, which is notorious for its involvement in hacking schemes, fraud, cryptocurrency heists, and ransomware operations. 

Such measures strongly suggest that law enforcement organisations are aggressively going after persons who use digital currencies for illegal purposes. Nevertheless, despite the ongoing cybercrimes in the sector, the cryptocurrency market has remained calm. With a valuation firmly above $1 trillion, the global cryptocurrency market has lost 1.1% during the last 24 hours.

Hackers Employing Encryption are Successfully Infiltrating Organizations Worldwide

 

Threat analysts find it “increasingly difficult” to spot and thwart cyber assaults targeting their businesses, according to the latest findings from Security AI-driven hybrid cloud threat detection and response firm Vectra. 

According to the study, 70% of businesses have experienced an assault that exploited encrypted traffic to evade detection. 45% acknowledged that they have been a victim more than once. Unfortunately, 66% of respondents still lack visibility into all of their encrypted traffic, making them extremely susceptible to additional encryption attacks. 

As per the survey, analysts are unable to respond to complex threats due to the burdens placed on cybersecurity and networking specialists, which are continually growing. Major conclusions include:

  • 40% more resources in the cloud and 36% more devices on the network are to blame for the growth in workloads in threat detection and response, according to 45% of cybersecurity and networking professionals. 
  • 37% think that as threats have become more sophisticated, it has become more difficult for analysts to identify real attacks. 
  • 69 percent concur that the time between exploitation and detection provides hackers too much time to infiltrate a network – with 29 percent also citing communication issues between the security operations center and other IT teams. 
  • In addition, 23 percent believe SOC analysts do not have the right level of skills, and 18 percent believe they're understaffed, indicating security teams are not equipped to mitigate the cyberattacks. 
  • More than half (60%) of small and medium-sized businesses feel threat detection and response is now harder – suggesting smaller businesses are struggling to keep pace with the evolving landscape of cybercrime. 

“Organizations face a barrage of threats on all fronts – in their network, cloud, and IT environments – while cybercriminals use techniques like encryption to breach firms undetected. What’s more, many don’t have the skills or staff to deal with increasing security workloads,” stated Mark Wojtasiak, VP of Product Strategy at Vectra. 

“To stem the tide against them, security teams need total visibility into their environments, so they can spot the signs of an attack before it becomes a breach.”

Five Eyes Agencies Warn Managed Service Providers of Cyber Attacks

 

The Five Eyes alliance of cybersecurity authorities from the United States, the United Kingdom, Australia, New Zealand, and Canada last week published a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. 

The advisory recommends customers of MSPs in the member nations on how to guard sensitive details and reassess security posture and contractual agreements with their service providers based on individual risk tolerance. MSPs are a prime target for cybercriminals and nation-state actors–because attacking an MSP can lead to additional downstream victims (as we witnessed with Kaseya and the SolarWinds assaults.)

"As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," Jen Easterly, director of US's Cybersecurity and Infrastructure Security Agency (CISA) stated. 

"We know that MSPs that are vulnerable to exploitation significantly increase downstream risks to the businesses and organizations they support. Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain," she added. 

The alert is the result of a collaborative effort among the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation in the U.S.; the National Cyber Security Centers in the United Kingdom and New Zealand; the Australian Cyber Security Center; and the Canadian Center for Cyber Security. 

Mitigation tips 

In the advisory issued on the second day of the NCSC's Cyber UK conference, where several senior figures from the cybersecurity agencies have met to discuss the issue of global cyber threats, the authorities recommend that MSP customers ensure that their MSPs implement the following measures and controls: 

• To counter initial assault, enhance the security of vulnerable devices, protect internet-facing services and defend against brute-force and phishing attacks. 
• Improve monitoring and logging processes for the delivery infrastructure activities used to provide services to the customer. 
• Enable multifactor authentication across all customer services and products. 
• Periodically erase obsolete accounts and infrastructure and apply updates to the infrastructure whenever available and necessary. 
• Develop incident response and recovery plans. 
• Understand and proactively manage supply chain risk. 
• Adopt transparent processes and, at the same time, manage account authentication and authorization.