Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Network Threats. Show all posts

Phishing: The Biggest Security Threat of 2023

The year is about to end and every year we are witnessing that cybercriminals are advancing their methods of attacking systems and networks. Therefore there are various reasons why private firms and federal agencies should be more prepared for the coming years. As per the recent analysis Phishing attacks will be the greatest security threat in 2023. 

What should be done and what should be avoided?  


According to security analysts, Phishing attacks are more popular among other methods of targeting victims and have already claimed millions of victims worldwide. As per the ratio of attacks, phishing attacks are still on the rise. 

When we talk about phishing first we need to know why is phishing so dangerous? Because the emails that you receive from hackers will appear legitimate and use elements of social engineering to make victims far more likely to fall for the scam. 

Following the steps, hackers often fooled victims into providing their sensitive data and credentials such as credit card numbers, social security numbers, and detailed account information in hopes of rectifying some nonexistent issues with an account. 

Furthermore, 74% of organizations in the United States suffered from a successful phishing attack last year, which is a 14% increase from 2019. 

Subbu Iyer, regional director for India and ASEAN, at Forescout Technologies, said that "digital transformation wave even as the cybersecurity teams in most companies are perennially understaffed and under-resourced. Poor knowledge of digitization, lack of cyber skills, and inadequately trained cybersecurity professionals are some of the factors leading to elevated cyber threats." 

Below are the indicators to identify whether the email you have received is legitimate or a scam. 

  • If you look closely you will notice poor grammar and spelling mistakes in the message.  
  • You will see that the email is coming from unusual email addresses, for instance, "4m4zon" instead of "amazon". 
  • The email includes links, if a source asks you to click on it, this is likely a sign of phishing.

How you can secure your system from phishing attacks? 


One way to protect your company from phishing attacks is to educate users and all employees. Educate them on how they can identify a phishing email and what could be done to avoid losses after receiving a phishing email. Furthermore, advanced technology and updated systems are required at the workplace to fight against phishing attacks and their consequences.

IsaacWiper, The Third Wiper Spotted Since the Beginning of The Russian Invasion

 

Recently, ESET cyber researchers have discovered a new data wiper, named as IsaacWiper, that is being used against an unnamed Ukrainian government network after Russia’s invasion of Ukraine. 

After the HermeticWiper attack, the new wiper came to light on 24th February within an organization that was not infected with the HermeticWiper malware (aka KillDisk.NCV), which contaminated hundreds of machines in the country on February 23. 

The cybersecurity firms ESET and Broadcom’s Symantec have discovered that the infections followed the DDoS attacks against various Ukrainian websites, including the Cabinet of Ministers, Ministry of Foreign Affairs, and Rada. 

“With regard to IsaacWiper, we are currently assessing its links, if any, with HermeticWiper. It is important to note that it was seen in a Ukrainian governmental organization that was not affected by HermeticWiper,” Jean-Ian Boutin, ESET Head of Threat Research, said. In a new blog post, the company stated that the IsaacWiper attack likely “started shortly after the Russian military invasion and hit a Ukrainian governmental network.” 

The organization has revealed the technical details of the second attack on 1st March. It said that based on the observations it looks like the attacks were planned for months, though the organization did not name any particular entity or group for the attack. IsaacWiper and HermeticWiper have no code similarities and the former is less sophisticated than the latter. 

Once the network is infected, IsaacWiper starts by enumerating the physical drives and calls DeviceIoControl with the IOCTL IOCTL_STORAGE_GET_DEVICE_NUMBER to get their device numbers. 

Then IsaacWiper wipes the first 0x10000 bytes of each disk using the ISAAC pseudorandom generator. The ESET has published concluded analysis report,  saying that “at this point, we have no indication that other countries were targeted. However, due to the current crisis in Ukraine, there is still a risk that the same threat actors will launch further campaigns against countries that back the Ukrainian government or that sanction Russian entity.” 

Lockean Multi-ransomware Hitting French Companies--CERT-FR

 

France’s Computer Emergency Response Team (CERT-FR) professionals identified details about the tools and tactics used by a ransomware affiliate group, named Lockean. Over the past two years, the cyber group is targeting French companies continuously. Reportedly, at least eight French companies’ suffered data breaches on a large scale. The group steals data and executes malware from multiple ransomware-as-a-service (RaaS) operations. 

According to the data, the companies that have been victimized by this group are the transportation logistics firm Gefco, the newspaper Ouest-France and the pharmaceutical groups Fareva and Pierre Fabre, among a few others. 

“Based on incidents reported to the ANSSI and their commonalities, investigations were carried out by the Agency to confirm the existence of a single cybercriminal group responsible for these incidents, understand its modus operandi and distinguish its techniques, tactics, and procedures (TTPs…” 

“…First observed in June 2020, this group named Lockean is thought to have affiliated with several Ransomware-as-a-Service (RaaS) including DoppelPaymer, Maze, Prolock, Egregor, and Sodinokibi. Lockean has a propensity to target French entities under a Big Game Hunting rationale), reads the report published by CERT-FR.” 

In 2020, Lockean was spotted for the very first time when the group targeted a French manufacturing company and executed DoppelPaymer ransomware on the network. Around June 2020 and March 2021, Lockean compromised at least seven more companies’ networks with various ransomware families including big names like Maze, Egregor, REvil, and ProLock. 

In most of the attacks, the hackers gained initial access to the victim network through Qbot/QakBot malware and post-exploitative tool CobaltStrike. Qbot/QakBot is a banking trojan that changed its role to spread other malware into the system, including ransomware strains ProLock, DoppelPaymer, and Egregor, CERT-FR officials said. 

The cybercriminal group had used the Emotet distribution service in 2020 and TA551 in 2020 and 2021 to distribute QakBot via phishing email. Additionally, the group used multiple tools for data exfiltration including AdFind, BITSAdmin, and BloodHound, and the RClone.