Tag: Sophisticated | Page 3

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

July 18, 2023/in Computer Security

Jul 18, 2023THNMalware / Cyber Attack

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that’s commonly associated with Chinese hacking crews.

Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and September 2022.

The cybersecurity company said the incident could be the result of a supply-chain attack, in which a legitimate piece of software used by targets of interest is trojanized to deploy malware capable of gathering sensitive information from compromised systems.

The attack chain takes the form of a malicious installer for E-Office, an application developed by the National Information Technology Board (NITB) of Pakistan to help government departments go paperless.

It’s currently not clear how the backdoored E-Office installer was delivered to the targets. That said, there’s no evidence to date that the build environment of the Pakistani government agency in question has been compromised.

This raises the possibility that the threat actor obtained the legitimate installer and tampered it to include malware, and then subsequently lured victims into running the trojanized version via social engineering attacks.

“Three files were added to the legitimate MSI installer: Telerik.Windows.Data.Validation.dll, mscoree.dll, and mscoree.dll.dat,” Trend Micro researcher Daniel Lunghi said in an updated analysis published today.

Telerik.Windows.Data.Validation.dll is a valid applaunch.exe file signed by Microsoft, which is vulnerable to DLL side-loading and is used to sideload mscoree.dll that, in turn, loads mscoree.dll.dat, the ShadowPad payload.

Trend Micro said the obfuscation techniques used to conceal DLL and the decrypted final-stage malware are an evolution of an approach previously exposed by Positive Technologies in January 2021 in connection with a Chinese cyber espionage campaign undertaken by the Winnti group (aka APT41).

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats?…

Source…

Iranian Hackers’ Sophisticated Malware Targets Windows and macOS Users

July 6, 2023/in Computer Security

Jul 06, 2023Ravie LakshmananEndpoint Security / Malware

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware.

“TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho,” Proofpoint said in a new report.

“When given the opportunity, TA453 ported its malware and attempted to launch an Apple flavored infection chain dubbed NokNok. TA453 also employed multi-persona impersonation in its unending espionage quest.”

TA453, also known by the names APT35, Charming Kitten, Mint Sandstorm, and Yellow Garuda, is a threat group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) that has been active since at least 2011. Most recently, Volexity highlighted the adversary’s use of an updated version of a Powershell implant called CharmPower (aka GhostEcho or POWERSTAR).

In the attack sequence discovered by the enterprise security firm in mid-May 2023, the hacking crew sent phishing emails to a nuclear security expert at a U.S.-based think tank focused on foreign affairs that delivered a malicious link to a Google Script macro that would redirect the target to a Dropbox URL hosting a RAR archive.

Present within the file is an LNK dropper that kicks off a multi-stage procedure to ultimately deploy GorjolEcho, which, in turn, displays a decoy PDF document, while covertly awaiting next-stage payloads from a remote server.

But upon realizing that the target is using an Apple computer, TA453 is said to have tweaked its modus operandi to send a second email with a ZIP archive embedding a Mach-O binary that masquerades as a VPN application, but in reality, is an AppleScript that reaches out to a remote server to download a Bash script-based backdoor called NokNok.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

NokNok, for its part, fetches as many as four modules that are capable of…

Source…

Cybersecurity Trends & Statistics; More Sophisticated And Persistent Threats So Far In 2023

May 7, 2023/in Computer Security

2023 text written on a flowing binary code background. New Year 2023 celebration concept.

getty

The pace of technological innovation has led to a transformation in many areas of our lives. In 2023, although it is only Spring, the impact of emerging technologies including artificial intelligence/machine learning, 5G, IoT, and quantum are significantly impacting everything connected to the internet.

The introduction of these potentially disruptive technologies do have implications on cybersecurity and the challenges of keeping us safe. In particular, AI is the hot topic of focus as generative artificial intelligence can leverage ChatGPT-powered for code, and ai/machine learning to amplify social engineering capabilities and help identify target vulnerabilities for hackers. These evolving tech trends and statistics are already telling a story for 2023.

As data continues to be produced and stored in greater volumes, and as connectivity greatly expands globally on the internet, the attack surface has become more exploitable with gaps and vulnerabilities for criminal and nation state hackers. And they are taking advantage.

In fact, the global cyber-attacks Rose by 7% already in Q1 2023. “Weekly cyber-attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The figures come from Check Point’s latest research report, which also suggests that the education and research sector experienced the highest number of attacks, rising to an average of 2507 per organization per week (a 15% increase compared to Q1 2022). The Check Point report also shows that 1 in 31 organizations worldwide experienced a ransomware attack weekly over the first quarter of 2023.” Global Cyber Attacks Rise by 7% in Q1 2023 – Infosecurity Magazine (infosecurity-magazine.com)

In addition, key malware statistics for 2023 are adding to cybersecurity difficulties. It is estimated that 560,000 new pieces of malware are detected every day and that there are now more than 1 billion malware programs circulating. This translates to four companies falling victim to ransomware attacks every minute. A Not-So-Common Cold: Malware…

Source…

Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security

February 8, 2023/in Internet Security

LOS ALTOS, Calif., Feb. 7, 2023 /PRNewswire/ — Contrast Security (Contrast), the code security platform built for developers and trusted by security, today released its Cyber Bank Heists report, an annual report that exposes the cybersecurity threats facing the financial sector.

Authored by Contrast’s Senior Vice President of Cyber Strategy Tom Kellermann, the report is a warning to global financial institutions (FIs) that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Financial sector security leaders from around the world – in a series of interviews – revealed specific trends when it comes to notable cyberattacks, e-fraud and cyber defense. Some of the most eye-opening results from the report include:

60% were victimized by destructive attacks

64% saw an increase in application attacks, while 50% experienced attacks against their APIs

48% experienced an increase in wire transfer fraud

50% have detected campaigns to steal non-public market information

54% of the banks were most concerned with the cyber threat posed by Russia

72% plan to invest more in application security in 2023

“The increase of online threats, phishing, ransomware attacks, account takeovers and business email compromises impacting the financial sector is growing every day and we can see in real-time the damage this is doing to the longevity of businesses and the impact it’s having on our economy,” said Derek Booth, Assistant to the Special-Agent-in-Charge, U.S. Secret Service and Head of the Mountain West Cyber Fraud Task Force. “I applaud Tom Kellermann for speaking with some of the most influential people within the sector to determine solutions that can better protect FIs against vulnerabilities in banks and methods of commerce through industry-wide transparency.”

“The complexity of securing financial digital systems and the need to develop new ways to guard against sophisticated cyberattacks has increased exponentially in the last year. In response, FIs are fighting to evolve and create more effective prevention, detection and response to these damaging attacks,” said…

Source…

https://spinsafe.com/wp-content/uploads/2021/12/og-image.jpg 342 342 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-02-08 00:00:062023-02-08 00:00:06Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security

Tag Archive for: Sophisticated