Tag Archive for: Continued

Nuspire Threat Report Reveals Continued Surge in Q3 2022 Threat Activity

/in


Threat activity in Q3 continued to surge following Q2, one of the most active quarters in recent history. According to Nuspire’s Q3 Threat Landscape Report, the company’s researchers noted that threat actors remain opportunistic, preying on organizations that are slow to patch against new vulnerabilities. They also continue to launch widespread phishing campaigns, hoping to lure a victim into interacting with their malicious payloads.

These researchers – Josh Smith, Cyber Threat Analyst, and Justin Heard, Threat Intelligence Manager – spent time reviewing their findings during a recent webinar. Read on for a recap of the key data points, attack vectors and mitigation strategies Josh and Justin shared.

Malware – CoinMiner activity decreases while Kryptik is on the rise

Malware saw an overall decrease in Q3 of 15.73%, however Nuspire witnessed surges in info stealer malware variants like Kryptik.

“Kryptik is a type of trojan malware that seeks to steal credentials from browsers and applications, as well as cryptocurrency wallets, files and SSH keys,” said Josh. “We saw a 236% increase over Q2, which is indicative of a rising usage of information-stealing malware.”

CoinMiner was a top malware in Q2, and while its usage decreased in Q3, it still remained a top variant.

“CoinMiner activity decreased almost 40% in Q3, which could have to do with the struggles we’re seeing in the cryptocurrency arena,” said Josh. “Perhaps this malware isn’t as attractive as it used to be, however I don’t see it going away, because this is a passive income strategy, meaning threat actors don’t have to do a lot of work to reap their rewards.”

Mitigation

There are several ways to combat malware threats to protect your environment from a breach.

“Next generation antivirus is great because it’s not only looking for a specific signature, but also, it can detect certain behaviors that are indicative of a threat,” said Justin. “Another strategy is network segmentation, where you segregate devices in a way that disallows a threat actor to get into other areas of your network.”

Botnets – Torpig Mebroot continues to dominate

Botnets shot up over 100% in Q2, and…

Source…

Kaspersky finds evidence of continued Russian hacking campaigns in Ukraine

/in


APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine.

apt.jpg
Image: Profit_Image/Shutterstock

Security researchers at Symantec have presented what they said is further evidence that the Russian advanced persistent threat hacking team known as Shuckworm has been actively waging a cyber espionage campaign against organizations in Ukraine.

According to a report from The Security Service of Ukraine released in November 2021, Shuckworm, also known by Armageddon, Gamaredon, Primitive Bear and other monikers, is relatively new to the APT world. The SSU believes Shuckworm was founded in 2013 or 2014 and initially operated with a very low profile. Despite its relative newness to the scene, the SSU said “the group is able to turn into a cyberthreat with consequences, the scale of which will exceed the negative effect of the activities of [known Russian APTs APT28, SNAKE and APT29].”

Symantec said its findings are consistent with the SSU’s report, which said Shuckworm has become more sophisticated since 2017, the end result of which is a group with custom-built malware to infiltrate and legitimate tools to keep itself connected.

Anatomy of a cyber espionage attack

There are a variety of methods that APTs use to establish a permanent presence in victim networks. In the particular case study Symantec included in its report, Shuckworm likely used a tried-and-true ingress method: Phishing.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

The attack began July 14, 2021, and continued for over a month, Symantec said, and it all began with a malicious Word document. “Just five minutes after the document is opened, a suspicious command is also executed to launch a malicious VBS file,” Symantec said. That file, in turn, installed the Pterodo backdoor software that was previously linked to Shuckworm.

The creation of Pterodo is what the SSU said divides Shuckworm’s early days from its more dangerous later years. Prior to the creation of Pterodo, Shuckworm relied on legitimate remote access tools like RMS and UltraVNC. Now, through the…

Source…

New Blackphone 1 Vulnerability Highlights Continued Challenges In Mobile Security – CRN

/in

InfoWorld

New Blackphone 1 Vulnerability Highlights Continued Challenges In Mobile Security
CRN
The vulnerability finding fits into a larger growing narrative around mobile security challenges. Consumers are becoming more aware and basing more of their mobile decision-making around security, a study by Accenture found earlier this week. According
Blackphone update closes security holeInfoWorld
Bug in Silent Circle's Blackphone let attackers remotely control deviceComputerworld

all 20 news articles »

“mobile security” – read more