Information Security News 1-30-2023

Google Ads Increasingly Pointing to Malware

Article Link: https://www.helpnetsecurity.com/2023/01/18/google-ads-increasingly-pointing-to-malware/

• In addition to the FBI recently warning the public, numerous articles have come out relating to search engine ads on Google and Bing pushing malware disguised as legitimate software. The malicious ads often manage to be the first link users see when searching for software on Google and often point to typosquatted domains resembling the legitimate software users are looking for.
• Various software have been impersonated, including Audacity, Blender 3D, GIMP, Notepad++, Teams, Discord, OneNote, 7Zip, and OBS. This isn’t an all-inclusive list and any advertisement links suggested by a user’s search engine of choice should be avoided.
• While the ads on search engines could lead to a variety of threats, the most common threats tend to be malicious code downloads that lead to information stealing malware and ransomware.

CISA: Federal Agencies Hacked Using Legitimate Remote Desktop Tools

Article Link: https://www.bleepingcomputer.com/news/security/cisa-federal-agencies-hacked-using-legitimate-remote-desktop-tools/

• On January 25^th, CISA, the NSA, and MS-ISAC warned in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software as part of phishing campaigns.
• The RMM-pushing threats observed by CISA and other government entities are callback phishing attacks, where bad actors try to get victims to call a support number and eventually have them download software.
• Furthermore, CISA discovered malicious activity related to RMM software phishing campaigns against multiple federal civilian executive branch (FCEB) agencies dating back to at least June of 2022, with both personal and government email addresses being targeted.
• Although government personnel who have fallen victim to these attacks have primarily been directed to their bank accounts instead of used as a steppingstone to lateral movement, these incidents highlight the potentiality for bad actors with different motivations to do more damage.

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Article Link: https://thehackernews.com/2023/01/microsoft-urges-customers-to-secure-on.html

• Microsoft is urging customers to keep their on-prem Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads.
• Microsoft also emphasized that mitigations issued by the company are only a stopgap solution and that they can “become insufficient to protect against all variations of an attack,” necessitating that users install necessary security updates to secure the servers.

Peer-to-Peer Fraud Most Concerning Cyber Threat in 2023: CSI

Article Link: https://www.csoonline.com/article/3686033/p-to-p-fraud-most-concerning-cyber-threat-in-2023-csi.html

• According to a survey by Computer Systems Inc. (CSI), 29% of surveyed US financial institution industry respondents cited peer-to-peer and other digital fraud as the biggest cybersecurity concern in 2023, followed by data breaches (23%), ransomware (20%), and 3^rd party breaches (15%).
• Researchers attribute this concern to millions of dollars in fraudulent claims on P2P platforms, with the 4 largest banks in the US receiving $90 million in fraudulent claims since 2020.
• Despite these concerns, respondents expressed their readiness for cybersecurity incidents. Specifically, 80% of respondents said they know what to do in response to a cybersecurity incident in their organization, 77% said they clearly understand their organization’s cyber risk, 72% stated they have a reliable source of security news, and 68% said their security education program is effective.
• CSI’s Full Report: https://csi.foleon.com/bp-2023-doc/bp23/

7 Insights From a Ransomware Negotiator

Article Link: https://www.darkreading.com/attacks-breaches/7-insights-from-a-ransomware-negotiator

• Analysis of ransomware trends in 2022 shows that business was booming last year for extortionary cybercriminals, with the highest volume of ransomware attacks lobbed by sophisticated criminals that organize into groups that utilize very consistent tactics, techniques, and procedures (TTPs) amongst themselves, even if these organizations “retire” and then come back, rebranded.
• A Jan. 26 report from the GuidePoint Research and Intelligence Team (GRIT) showed that while at least one new ransomware group emerged every month last year, the majority of attacks were perpetrated by a relatively small group of entrenched players.
• The 7 insights highlighted in the article are: there’s a definite taxonomy to ransomware gangs, rapid rebranding of ransomware groups makes threat intelligence key, RaaS groups are wild cards when negotiating, ransom demands are increasing significantly, improved backup strategies are beneficial, double extortion is the norm, and there isn’t an honor among thieves but there is business sense.
• GuidePoint’s Full Report: https://www.guidepointsecurity.com/resources/grit-annual-ransomware-report-2022/

Is Once-Yearly Pen Testing Enough for Your Organization?

Article Link: https://thehackernews.com/2023/01/is-once-yearly-pen-testing-enough-for.html

• Organizations that handle sensitive data must be diligent in security efforts, including regular web app pen testing. Even a small data breach can result in significant damage to an organization’s reputation and bottom line. Likewise, pen testing is vital for enhancing security and maintaining compliance.
• While annual pen testing is important, it is no longer enough in today’s world. Depending on your organization’s needs, regular pen testing on a frequency more often than once a year is important.
• As the article discusses further, there are a variety of considerations to make in regard to increasing the frequency of pen testing. Several include if you have an agile or continuous release cycle, if your web apps are business-critical, if your web apps are customer-facing, if you’re in a high-risk industry, if you lack an internal security operations or pen testing team, if or you’re focused on acquisitions.

CISA Offers Advice, Cybersecurity Resources for K-12

Article Link: https://www.govtech.com/security/cisa-offers-advice-cybersecurity-resources-for-k-12

• As K-12 schools, districts, and the education sector struggle against cyberattacks, a new report and toolkit from CISA aim to provide practical advice for reducing their risks.
• Even small school districts with slim budgets are at risk, and it’s not just their own setups they need to worry about. Between 2016 and 2021, 55 percent of K-12 school data breaches “were carried out on schools’ vendors,” according to CISA’s report, which cited data from the K12 Security Information eXchange (K12 SIX).
• K-12 stakeholders often told CISA during roundtable and feedback sessions that they were overburdened with responsibilities they lacked the resources and time to meet, and that there was too much cyber information out there to easily sort through. The new report and toolkit seek to cut through the confusion.
• CISA’s resources offer information including basic security measure priorities, next-level security measures, information on how to find free resources or funding for paid resources, avenues for collaborating and sharing security information, and features to press vendors about.
• CISA’s Full Report (a PDF is linked above “Key Findings” as well): https://www.cisa.gov/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats
• CISA’s Online Toolkit: https://www.cisa.gov/partnering-safeguard-k-12-toolkit
• CISA’s Free Services (not limited to Education): https://www.cisa.gov/free-cybersecurity-services-and-tools