Tag Archive for: target

Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

/in


Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare

Malware

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia’s Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft.

The findings come from Mandiant, which said Midnight Blizzard (aka APT29, BlueBravo, or Cozy Bear) used the malware to target German political parties with phishing emails bearing a logo from the Christian Democratic Union (CDU) around February 26, 2024.

“This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the typical targeting of diplomatic missions,” researchers Luke Jenkins and Dan Black said.

Cybersecurity

WINELOADER was first disclosed by Zscaler ThreatLabz last month as part of a cyber espionage campaign that’s believed to have been ongoing since at least July 2023. It attributed the activity to a cluster dubbed SPIKEDWINE.

Attack chains leverage phishing emails with German-language lure content that purports to be an invite for a dinner reception to trick recipients into clicking on a phony link and downloading a rogue HTML Application (HTA) file, a first-stage dropper called ROOTSAW (aka EnvyScout) that acts as a conduit to deliver WINELOADER from a remote server.

“The German-language lure document contains a phishing link directing victims to a malicious ZIP file containing a ROOTSAW dropper hosted on an actor-controlled compromised website,” the researchers said. “ROOTSAW delivered a second-stage CDU-themed lure document and a next stage WINELOADER payload.”

WINELOADER, invoked via a technique called DLL side-loading using the legitimate sqldumper.exe, comes equipped with abilities to contact an actor-controlled server and fetch additional modules for execution on the compromised hosts.

It’s said to share similarities with known APT29 malware families like BURNTBATTER, MUSKYBEAT, and BEATDROP, suggesting the work of a common developer.

WINELOADER, per the Google Cloud subsidiary, has also been employed in an operation targeting diplomatic…

Source…

Ransomware cybercriminals continue to target manufacturers

/in


If your manufacturing clients are seeing cyber premiums increase, more ransomware incidents could be why.

Although many manufacturing businesses like this perfume factory were quick to digitalize, many also failed to invest in IoT security at the same time they were building out their technological capacity. (Credit: Lena Wurm/Adobe Stock)

According to a new report by industrial cybersecurity firm Dragos, out of 905 ransomware incidents Dragos tracked, 638, or 70%, affected the manufacturing sector.

Dragos noted about a 50% increase in ransomware attacks against industrial organizations between 2022 and 2023.

But what could be of more value than the knowledge of increased premium expectations is the reason why this sector is seeing so many ransomware attacks. If manufacturers are not willing to plug the holes in the dike, then they should prepare themselves for attack, as attackers will always pursue the most vulnerable risks.

Exploiting vulnerabilities

Lax defenses and the significant costs incurred by any impact to operations of industrial risks make them vulnerable to digital extortion. In looking at the manufacturing sector, the industry was quick to move into digital transformation and internet connectivity but did not invest in IoT security at the same time. Ransomware attacks not only impact operational efficiency but also lead to financial and reputational costs, and further still have trickle-down effects on downstream businesses and outputs.

As with many sectors, the manufacturing sector still struggles with segmenting networks like those that deal with human resources from operational technology networks that control operations. This gives a hacker broad access to the organization. Water and wastewater utilities moving into digitization are also vulnerable, with a need to secure entry to access points as they…

Source…

How Not to Become the Target of the Next Microsoft Hack

/in


COMMENTARY

The cybersecurity landscape, particularly within the Microsoft 365 ecosystem, constantly evolves. Recent incidents involving major tech companies and cybersecurity firms highlight a critical reality: Understanding security best practices for Microsoft 365 differs from implementing them effectively.

Kaspersky reports that 2023 saw a 53% increase in cyber threats targeting documents, including Microsoft Office documents, daily. Attackers tended to use riskier strategies, like breaking into systems covertly through backdoors. In one instance, a non-production test account lacking multifactor authentication (2FA/MFA) was exploited, while in another, a backdoor was added to a file, leading to a supply chain attack.

These incidents serve as stark reminders that even low-risk accounts and trusted updates within Microsoft 365 can become vectors for security breaches if they’re not adequately protected and monitored. Despite organizations’ deep expertise, those targeted organizations fell victim to advanced cyberattacks, emphasizing the crucial need for diligent application of security measures within the Microsoft 365 space.

The Role of AI in Governance

Artificial intelligence (AI) has grown tremendously over the past few years, and it can now be found in almost every facet of technology. In this transformative era of AI and large language models (LLMs), advanced AI models can be leveraged to enhance cloud security measures. AI is more than on its way to becoming standard practice, and organizations have no choice but to embrace it. By fine-tuning AI algorithms for expert domain knowledge, AI can provide organizations with actionable insights and predictive capabilities to proactively identify and address potential security threats before they become an issue. These kinds of proactive strategies empower organizations to safeguard their digital assets effectively.

On the other hand, AI also increases the need for heightened cloud security. Just as the good guys are using AI to advance technology practices, hackers also use AI to uncover new organizational vulnerabilities and develop more sophisticated attacks. Open source LLM models available on the Internet can be leveraged to…

Source…

Government facilities were third largest ransomware target in 2023, FBI says

/in


Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023, according to cybercrime statistics released Wednesday by the FBI.

The agency’s Internet Crime Complaint Center, or IC3, unveiled the findings in its annual report that unpacks complaints, financial losses and other metrics used to determine the severity of cybercrime activities reported to federal authorities.

Of the 1,193 complaints IC3 received from organizations belonging to U.S.-designated critical infrastructure sectors, government facilities came in third place with 156 complaints, while critical manufacturing and healthcare centers took the second and top spots, respectively.

“Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell to a ransomware attack in 2023,” the report adds.

LockBit, ALPHV/BlackCat, Akira, Royal and Black Basta were the top ransomware gangs tied to those critical infrastructure complaints, the report added. ALPHV, which recently claimed responsibility for its attack on Change Healthcare that has caused widespread logjams in the prescription drug market, reportedly staged a takedown after hauling away a $22 million ransom payment from the company.

Ransomware operatives targeted companies around the world last year, with the number of firms targeted reaching an all-time high compared to findings in previous years, according to a January Check Point analysis.

The U.S. has been working with international partners to take a firm stance against ransom payments, though experts have not agreed on a single policy.

“The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that an entity’s files will be recovered,” IC3 says.

The IC3 report also found $350 million were lost from scams in which hackers impersonated government officials attempting to collect money. Older adults are overwhelmingly targeted in such scams, according to the data.

A total of 14,190…

Source…