12 digital gangs have targeted Egypt since beginning of pandemic: Kaspersky

Kaspersky researchers monitored persistent threats (APT) in Egypt, and prepared 38 investigative reports related to 12 digital gangs targeting the country since the beginning of Coronavirus.

The reports included information on threats and investigations related to digital gangs targeting Egypt, which ranks third in the number of reports issued by all Middle Eastern countries, making it one of the most targeted countries in the region.

Kaspersky found that these gangs primarily target government institutions and diplomatic agencies as well as educational institutions and telecommunications companies in the country.

Other target audiences include financial institutions, IT companies, healthcare institutions, law firms, and military and defense agencies.

Some of the notorious digital gangs behind APTs investigated in Egypt included Lazarus, MuddyWater, Zeboracy, StrongPity, and SideCopy.

The research team found that exploitation of public applications, valid accounts, and phishing were the most common attack vectors targeting infrastructure in Egypt.

The Lazarus gang, for example, is notorious for conducting targeted phishing campaigns and “water hole” attacks that monitor highly frequented websites and inflate them with malware. The MuddyWater Middle Eastern espionage gang targeted government agencies, telecom companies and oil with the aim of extracting information using the hacked accounts to send phishing emails with attachments directed at specific targets. 

There is the Zeboracy Trojan, which is employed in digital espionage campaigns to collect raw data from compromised systems.

The StrongPity gang is responsible for spying campaigns that use “zero-day” attacks, social engineering tricks, and Trojan installers to deliver malware to their victims.

In turn, the SideCopy gang carries out malware attack campaigns targeting various entities for espionage purposes.

Abdelsabour Arous, a security researcher in Kaspersky’s Global Research and Analysis Team, emphasized that threats are becoming more and more complex every day, saying that investigating and reporting on the activity of these digital gangs…


AV-Comparatives Tested Consumer and Enterprise Internet Security Solutions for Protection against Advanced and Targeted Attacks

INNSBRUCK, Austria, Nov. 23, 2021 /CNW/ — AV-Comparatives has released the results of its 2021 Advanced Threat Protection Tests. Eight consumer-antivirus products and eight enterprise endpoint-security programs for Windows were put through their paces.

AV-Comparatives state that malware authors continue to write new malicious programs (PRNewsfoto/AV-Comparatives)

AV-Comparatives state that malware authors continue to write new malicious programs (PRNewsfoto/AV-Comparatives)

AV-Comparatives’ Advanced Threat Protection Test uses a variety of different attack scenarios, which the tested programs have to defend against. Targeted attacks employ various different techniques to avoid detection by security software. These include fileless attacks, code obfuscation, and the use of legitimate operating-system tools. Disguising malicious code also makes it hard for a security program to recognise. The misuse of legitimate system programs for malicious purposes also makes it easier for cybercriminals to stay under the radar of security measures.

In the Advanced Threat Protection Tests, AV-Comparatives use hacking and penetration techniques that allow attackers to access internal computer systems. These attacks can be broken down into Lockheed Martin’s Cybersecurity Kill Chain, and seven distinct phases – each with unique IOCs (Indicators of Compromise) for the victims. All our tests use a subset of the TTP (Tactics, Techniques, Procedures) listed in the MITRE ATT&CK(TM) framework. A false alarm test is also included in the reports.

Tested Enterprise Endpoint Security Products include: Acronis Cyber Protect Cloud with Advanced Security Pack; Avast Business Antivirus Pro Plus; Bitdefender Gravity Zone Elite; CrowdStrike Falcon Pro; ESET PROTECT Entry with ESET PROTECT Cloud; G Data Endpoint Protection Business; Kaspersky Endpoint Security for Business – Select with KSC; VIPRE Endpoint Cloud.

All the enterprise products listed above blocked at least eight out of fifteen advanced attacks, and so received AV-Comparatives’ ATP Enterprise Certification.

Link to report:

Tested consumer security programs includes: Avast Free Antivirus; AVG…


Blacklisted Iranian airline targeted by cyber attack, hackers identified

Iran’s Mahan Air was reportedly hit by a cyberattack on Sunday morning, making it the latest in the series of hacking attempts that it has been targetted by. Notably, Mahan is the second-largest airline operating in the country and has been accused of “providing financial, material, or technological support to the IRGC-QF.” IRGC-QF, which stands for Islamic Revolutionary Gaurd Corps- Quds Force has been sanctioned by the US since 2011 for aiding terrorists. 

In the aftermath of the attack, Mahan issued a statement stating, “Mahan Air’s computer system has suffered a new attack. It has already been the target on several occasions due to its important position in the country’s aviation industry.”

Further, in its statement, the company claimed to have successfully thwarted the attack, however, a report in the Jerusalem Post stated that the group which claimed responsibility was successful in obtaining certain documents regarding IRGC. The same was confirmed by hacker group Hoosyarane Vatan, which in a Telegram Post, stated that people “deserved to know the truth behind money spent by IRGC abroad.” The group even went further to state that even after detecting the attack, the airlines were “never managed to drive us out of there, and our access to their network was never damaged.”

“We believe the public deserves to know the truth behind this cooperation and the money wasted on IRGC activities abroad while Iranian people suffer at home,” Hooshyarane-Vatan said in a statement. 

Iran targetted by multiple cyber attacks 

Late last month, a cyberattack targeted gas stations across Iran, leaving the motorists stranded in long queues for several hours as the government-issued electronic cards became non-operational. While it remains unclear what caused the major compromise and breach of security at the pumps that deliver subsidised fuel to the Iranians, the state media reported that the incident was aimed at directly challenging Iran’s Supreme Leader Ayatollah Ali Khamenei. 

The agency stated that the government-issued card punched in to buy fuel through the machines on Tuesday flashed back an error code with a message: “Cyberattack 64411.”…


M&A Activity Targeted by Ransomware Groups – The National Law Review

M&A Activity Targeted by Ransomware Groups  The National Law Review