Tag Archive for: CyberAttacks

FS-ISAC: Ransomware drives surge in cyberattacks in 2023

/in


Cybersecurity

Image by Pete Linforth from Pixabay

Cybersecurity threats in the Asia-Pacific (APAC) region surged by 15% in 2023, with ransomware attacks as the top driver for the increase, according to the latest report released by the Financial Services Information Sharing and Analysis Center (FS-ISAC). 

The findings, drawn from FS-ISAC’s network of member financial firms from 75 countries, underscore the growing sophistication of cyber threats faced by businesses. Ransomware attacks continue to wreak havoc, ranking as the fourth most common threat to the financial sector in the APAC region.

Based on FS-ISAC’s data, there is an average of 1,963 attacks per week and organizations in the region found themselves increasingly targeted by cybercriminals in 2023. The report, titled “Navigating Cyber 2024,” warns that this pattern is expected to persist in 2024, aligning with global trends in cybercrime.

READ:
Report: 11% of DDoS attacks in APAC target financial institutions
Report: The cyber threats that matter to financial institutions

“Each year, a new set of threats comes to light, requiring the financial services sector’s mitigation strategies to advance at an equal if not faster pace than threat actors’ tactics,” said Steven Silberstein, CEO of FS-ISAC.

Emerging threats

The report highlighted the evolving tactics, techniques, and procedures (TTPs) employed by threat actors, including social engineering, SEO poisoning, malvertising, and QR code phishing. The use of generative artificial intelligence (GenAI) by cybercriminals is also identified as a growing concern, enabling scale and automation in attacks while posing challenges for defense mechanisms.

The emerging threats that pose challenges to the financial sector’s cybersecurity posture include heightened geopolitical hacktivism, new extortion tactics in response to global regulations, challenges posed by quantum computing and AI advancements, and vulnerabilities in the supply chain.

 “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global…

Source…

China linked to UK cyber-attacks on voter data, Dowden to say

/in


  • By James Gregory & Iain Watson, political correspondent
  • BBC News

Image caption,

Deputy Prime Minister Oliver Dowden is expected to address MPs on the threat

The UK government is expected to link cyber-attacks which accessed personal details of millions of voters to China.

The attacks on the Electoral Commission took place in August 2021 but were only revealed last year.

Several MPs and peers who have been critical of Beijing are thought to have also been targeted in cyber-attacks.

The prime minister called China “the greatest state-based challenge to our national security”.

Rishi Sunak said: “China represents an economic threat to our security and an epoch-defining challenge.

“So it is right we take steps to protect ourselves.”

The BBC understands other Western nations will set out similar concerns.

Acknowledging the attacks last August, the Electoral Commission said unspecified “hostile actors” had gained access to copies of the electoral registers and broken into its emails and “control systems”, but added that it had neither had any impact on any elections nor anyone’s registration status.

The commission said last August that they weren’t able to predict exactly how many people could be affected, but that the register for each year contained the details of around 40 million people.

Deputy Prime Minister Oliver Dowden will address Parliament on Monday about the threat.

It is now thought that Mr Dowden will suggest those behind the attack had links to Beijing, as well as laying out how the UK will respond to what it deems a wider threat.

Publicly identifying the attackers lays the groundwork for potential legal and political actions, such as sanctions or diplomatic protests.

Linking the attackers to China, a fellow member of the UN Security Council, would be an escalation in the diplomatic tension between the two countries.

The prime minister then was David Cameron, who is now the foreign secretary after taking a seat in the House of Lords last year.

China’s foreign ministry spokesperson Lin Jian said the government cracked down and punished all types of malicious cyber activities.

He called on all parties to “stop spreading false information and…

Source…

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

/in


Mar 24, 2024NewsroomArtificial Intelligence / Cyber Espionage

Compiled HTML Help Files

The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data.

Kimsuky, active since at least 2012, is known to target entities located in South Korea as well as North America, Asia, and Europe.

According to Rapid7, attack chains have leveraged weaponized Microsoft Office documents, ISO files, and Windows shortcut (LNK) files, with the group also employing CHM files to deploy malware on compromised hosts.

The cybersecurity firm has attributed the activity to Kimsuky with moderate confidence, citing similar tradecraft observed in the past.

Cybersecurity

“While originally designed for help documentation, CHM files have also been exploited for malicious purposes, such as distributing malware, because they can execute JavaScript when opened,” the company said.

The CHM file is propagated within an ISO, VHD, ZIP, or RAR file, opening which executes a Visual Basic Script (VBScript) to set up persistence and reach out to a remote server to fetch a next-stage payload responsible for gathering and exfiltrating sensitive data.

Rapid7 described the attacks as ongoing and evolving, targeting organizations based in South Korea. It also identified an alternate infection sequence that employs a CHM file as a starting point to drop batch files tasked with harvesting the information and a PowerShell script to connect to the C2 server and transfer the data.

“The modus operandi and reusing of code and tools are showing that the threat actor is actively using and refining/reshaping its techniques and tactics to gather intelligence from victims,” it said.

The development comes as Broadcom-owned Symantec revealed that the Kimsuky actors are distributing malware impersonating an application from a legitimate Korean public entity.

“Once compromised, the dropper installs an Endoor backdoor malware,” Symantec said. “This threat enables attackers to collect sensitive information from the victim or install additional malware.”

It’s worth noting that the Golang-based Endoor,…

Source…

The War for Headspace: NextGen cyberattacks aim to manipulate people’s minds 

/in


For thousands of years, the only two domains of war were land and sea. Nations fought battles with rudimentary weapons that were blunt, inaccurate or massive (siege weapons).

It was in World War I that a new domain – air – was added. Forty-three years later, in April 1961, space became the fourth domain when the Soviet Union launched Vostok 1 and Yuri Gagarin.

It would take another 50 years to add the next domain. In 2011, the United States Department of Defense officially incorporated cyberspace as the fifth domain of war. The advance of technology brought the ability to wage war and terrorism to our front door.

But it’s the next domain where future wars will begin. It’s a domain not constrained to a single geography, nation, or political party. This domain gets shaped throughout a lifetime, augmented by rapid technological change, and fueled by recent developments in generative AI.

The next domain is headspace. It’s where countries will wage the war for the mind. And someone will win before the first shots get fired. In this war, shaping the narrative will be as crucial as shaping the battlefield is to military planners. The ability to influence perception will become more valuable than the ability to tell the truth.

Disinformation has emerged as a new kind of warfare. Adversaries are leveraging it to erode truth and influence people to think and act in ways they might not have conceptualized. They are fueling Intimidation of those voicing opinions. And online violence has spilled over into real-world violence on a global scale.

The nature of the threat and the vectors of attacks are no longer just about ones and zeros. It’s evolving to the manipulation of perception to achieve a goal. It’s so vital to national security the Pentagon was exploring the ability to counter opinion and influence actions three months after 9-11.

Originally called the Office of Strategic Influence, it was a short-lived program that never got traction, especially after allegations of planting news stories, including false ones, around the globe.

Deceptions like these are not new tactics. During the Cold War, the ability to manipulate, influence, deceive, coerce and persuade the press was a staple,…

Source…