Tag Archive for: Organizations

Hack The Box Redefines Cybersecurity Performance, Setting New Standards in the Cyber Readiness of Organizations

/in


The innovative Cyber Performance Center approach helps businesses present a united front against cybercrime by aligning cybersecurity and corporate goals.

NEW YORK, NY, LONDON, UK and SYDNEY, AUSTRALIA / ACCESSWIRE / April 10, 2024 / Companies can level up their cybersecurity defenses – eliminating the skills and knowledge gaps that criminals regularly exploit thanks to Hack The Box’s Cyber Performance Center.

Hack The Box’s Cyber Performance Center unites individual ability, business management practices, and the human factor in the cybersecurity industry and it is designed to help organizations take a coordinated approach to their cyber readiness, reducing the vulnerabilities created when cybersecurity is siloed or treated as a tick-box requirement.

Its innovative model transcends the limits of traditional cyber training, taking a 360º overview that considers a business’s processes and technology investments along with the requirements of its cybersecurity teams. By matching processes and exercises to organizational outcomes it helps to align cybersecurity and business objectives.

Hack The Box’s disruptive approach also directly addresses the key human element within corporate cybersecurity, focusing on the upskilling and development cyber professionals need to perform to their best while providing clear career paths to encourage retention and combat the increased burnout and fatigue within the sector. This is critical as the global cybersecurity industry currently faces a skills shortage of four million people.

It is estimated that, by next year over half of significant cyber incidents will be caused by human error or skill shortages1. The Cyber Performance Center approach helps organizations tackle their security as a company-wide goal, considering the needs of its cybersecurity team, business processes, and respective technology investments to promote a healthy security culture.

Hack The Box combines these three organizational pillars with a continuous learning journey based on the latest technologies, vulnerabilities, and solutions for all cybersecurity domains. The approach enables customers to create and maintain a robust cyber strategy, unlocking the skills of each member of…

Source…

US organizations targeted with emails delivering NetSupport RAT

/in


Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method.

The malware campaign

The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a legitimate accounting service.

The attackers are leveraging a legitimate email delivery platform, “SendInBlue” or Brevo service, to evade detection.

The phishing emails prompts recipients to download an attached Office Word file (.docx) to view their “monthly salary report”.

emails delivering NetSupport RAT

The PhantomBlu phishing email. (Source: Perception Point)

After downloading the file, victims are instructed to enter the provided password, click “enable editing”, and then double-click a printer image to view the “salary graph.”

But the clickable printer image is actually an Object Linking and Embedding (OLE) package, which is a Microsoft Windows feature that allows data and object sharing between applications.

Clicking on the printer icon triggers OLE template manipulation and opens an archived .zip file containing a single LNK file: a PowerShell dropper that retrieves and executes a script, which contains – among other things – an executable for the NetSupport RAT and a registry key designed to assure its persistence.

“This advanced technique bypasses traditional security measures by hiding the payload outside the document, only executing upon user interaction,” Perception Point researchers noted.

The NetSupport RAT

The NetSupport RAT is based on the legitimate remote desktop tool NetSupport Manager. It’s commonly used by attackers to infiltrate systems to set the stage for future attacks.

“Once installed on a victim’s endpoint, NetSupport can monitor behavior, capture keystrokes (keylogger), transfer files, commandeer system resources, and move to other devices within the network – all under the guise of a benign remote support software,” the researchers said.

(Other?) attackers have previously been spotted exploiting a vulnerability (CVE-2023-36025) in the Windows SmartScreen anti-phishing and anti-malware component to deliver the NetSupport RAT.

Source…

Hacker group hides malware in images to target Ukrainian organizations

/in


A group of attackers targeting Ukraine-affiliated organizations has been delivering malicious payloads hidden within the pixels of image files. Known as steganography, it is just one of many advanced techniques the group uses to evade detection as part of a malware loader known as IDAT.

Tracked as UAC-0184 by several security firms, as well as the Computer Emergency Response Team of Ukraine (CERT-UA), the group was seen targeting Ukrainian servicemen via phishing emails masquerading as messages from Ukraine’s ​​3rd Separate Assault Brigade and the Israeli Defense Forces (IDF). While most of the recipients of these messages were located in Ukraine, security firm Morphisec has confirmed targets outside of the country as well.

“While the adversary strategically targeted Ukraine-based entities, they apparently sought to expand to additional entities affiliated with Ukraine,” researchers said in a new report. “Morphisec findings brought to the forefront a more specific target — Ukraine entities based in Finland.” Morphisec also observed the new steganography approach in delivering malicious payloads after the initial compromise.

Staged malware injection ends with Remcos trojan

The attacks detected by Morphisec delivered a malware loader known as IDAT or HijackLoader that has been used in the past to deliver a variety of trojans and malware programs including Danabot, SystemBC, and RedLine Stealer. In this case, UAC-0184 used it to deploy a commercial remote access trojan (RAT) program called Remcos.

“Distinguished by its modular architecture, IDAT employs unique features like code injection and execution modules, setting it apart from conventional loaders,” the Morphisec researchers said. “It employs sophisticated techniques such as dynamic loading of Windows API functions, HTTP connectivity tests, process blocklists, and syscalls to evade detection. The infection process of IDAT unfolds in multiple stages, each serving distinct functionalities.”

The infection happens in stages, with the first stage making a call to a remote URL to access a .js (JavaScript) file. The code in this file tells the executable where to look for an…

Source…

69% of Organizations Infected by Ransomware in 2023

/in


Over two-thirds (69%) of organizations experienced a successful ransomware incident in the past year, according to Proofpoint’s 2024 State of the Phish report.

This represents a rise of five percentage points compared to the previous year, according to the firm.

Close to 60% of these organizations reported four or more separate ransomware incidents in 2023, emphasizing the scale of this threat.

Over half (54%) of infected organizations admitted they paid a ransom to attackers. This marks a significant reduction on the proportion who paid in the previous year, which was 64%.

Paying a ransom was no guarantee of resolving the issue, with just 41% of organizations who paid regaining access to data after their first payment.

On February 23, 2024, Cybereason published research showing that 78% of organizations who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor.

Almost all (96%) of organizations impacted by ransomware no have cyber insurance. More than nine in 10 (91%) of insurers helped with ransom payments in 2023, up from 82% in 2022.

Read here: LockBit Takedown: What You Need to Know about Operation Cronos

MFA Bypass and Other Social Engineering Trends

The Proofpoint research highlighted that attackers are increasingly using advanced techniques to bypass multifactor authentication (MFA). Typically, these techniques involve proxy servers to intercept MFA tokens, with several off-the-shelf phishing kits now including MFA bypass functionality.

For example, the company said it observes around one million phishing threats use the EvilProxy framework every month. This tool is based on a reverse proxy architecture which is designed to harvest MFA-protected credentials and session cookies.

Despite the growing availability of MFA bypass capabilities, 89% of cybersecurity professionals surveyed still consider MFA to provide complete protection against account takeover.

Attackers are evolving their social engineering techniques in a range of other ways. This includes an increase in the use of QR codes as an alternative to links or attachments in phishing messages.

The researchers noted that this technique is particularly dangerous as…

Source…