Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label sophisticated attacks. Show all posts
sophisticated attacks
Business Security Cyber Security IT Flaw Security flaw sophisticated attacks

Public Holidays And Weekends Make Companies More Vulnerable to Cyberattacks

 


 Cyberattacks Surge During Holidays and Weekends: Semperis Report

Companies are particularly susceptible to cyberattacks during public holidays and weekends due to reduced security manpower. A recent report on ransomware assaults, published by Semperis, a provider of identity-based cyber resilience, confirms this vulnerability.

The study revealed that an average of 86% of organizations assessed across the United States, United Kingdom, France, and Germany were targeted during public holidays or weekends. The findings also indicate that 75% of businesses reduced their security workforce by up to 50% during these periods, leaving critical systems exposed.

Targeted Attacks During Key Business Events

Half of the respondents who experienced cyberattacks reported being targeted during major business events such as mergers or acquisitions. For instance, after UnitedHealth acquired Change Healthcare, cybercriminals exploited a security flaw in remote access systems to breach the company’s infrastructure.

The report highlighted that 90% of ransomware attacks compromised a firm’s identity service, such as Microsoft Active Directory (AD) or Entra ID, as these are widely used and vulnerable. Additionally:

  • 35% of businesses reported insufficient funds to safeguard against cyberattacks.
  • 61% of organizations lacked adequate backup solutions for their identity services.

While 81% of respondents stated they possess the knowledge to defend against identity-related threats, 83% admitted to experiencing a successful ransomware assault within the past year. This disconnect underscores the need for better implementation of security measures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly emphasized the need for vigilance during weekends and public holidays. Notably, the ransomware group Clop exploited a long weekend to take advantage of a vulnerability in the MOVEit data exchange software. This attack affected over 130 companies in Germany, leading to significant data breaches and blackmail attempts.

Solutions to Mitigate Risks

To address these vulnerabilities, enterprises must take the following measures:

  • Protect critical flaws, such as those in Active Directory (AD) and other identity services.
  • Ensure security operations centers (SOCs) are adequately staffed during off-hours.
  • Integrate cybersecurity into the broader business resiliency strategy, alongside safety, financial, and reputational risk management.

Prioritizing security as an essential component of business resilience can make the difference between surviving and thriving in the face of catastrophic cyber incidents.

Read more »
Trend Micro
Africa APT41 Cyber Security Cybersecurity Earth Baku Europe malware Middle East sophisticated attacks Threat actor Trend Micro

China-Backed Earth Baku Broadens Cyber Assaults to Europe, Middle East, and Africa

 

The China-backed threat actor Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecoms, technology, healthcare, and education sectors are among those singled out as part of the intrusion set.

Trend Micro researchers Ted Lee and Theo Chen, in an analysis published last week, noted that Earth Baku has updated its tools, tactics, and procedures (TTPs) in more recent campaigns. The group utilizes public-facing applications such as IIS servers as entry points for attacks, subsequently deploying sophisticated malware toolsets on the victim's environment. The findings build upon recent reports from Zscaler and Google-owned Mandiant, which also detailed the threat actor's use of malware families like DodgeBox (aka DUSTPAN) and MoonWalk (aka DUSTTRAP). Trend Micro has assigned them the monikers StealthReacher and SneakCross.

Earth Baku, a threat actor associated with APT41, has been known for its use of StealthVector as far back as October 2020. Their attack chains involve the exploitation of public-facing applications to drop the Godzilla web shell, which is then used to deliver follow-on payloads. StealthReacher has been classified as an enhanced version of the StealthVector backdoor loader, responsible for launching SneakCross, a modular implant and a likely successor to ScrambleCross that leverages Google services for its command-and-control (C2) communication.

The attacks are further characterized by the use of other post-exploitation tools such as iox, Rakshasa, and a Virtual Private Network (VPN) service known as Tailscale. Sensitive data exfiltration to the MEGA cloud storage service is accomplished by means of a command-line utility dubbed MEGAcmd. "The group has employed new loaders such as StealthVector and StealthReacher to stealthily launch backdoor components, and added SneakCross as their latest modular backdoor," the researchers stated.

"The persistence of Earth Baku is notable," said the researchers. "Their tactics show a sophisticated understanding of public-facing applications, allowing them to infiltrate various sectors with precision." They further explained that the group's post-exploitation tools are customized to fit specific operational needs, with iox and Rakshasa playing significant roles in maintaining prolonged access and stealth. Tailscale, the VPN service, ensures the attackers can manage their operations without detection, while MEGAcmd allows for efficient data exfiltration.

The continued evolution of Earth Baku's methods, including the introduction of new malware like SneakCross, highlights the growing complexity and threat posed by this actor. The group’s ability to adapt and refine their TTPs makes them a formidable adversary in the cyber landscape.
Read more »
Subscribe to: Posts (Atom)