Project Hyphae
Search

Information Security News – 10/03/2022

Share This Post

Making a Business Case for Security in a World of Tightening Budgets

Article Link: https://www.helpnetsecurity.com/2022/09/27/making-a-business-case-for-security-in-a-world-of-tightening-budgets/

  • When justifying your business case needs to “sell security” to the management team, it’s all about building trust. A common mistake in building security business cases is the use of alarmism, but stoking fear doesn’t demonstrate the value of cybersecurity. Often, alarmism corners leadership.
  • Sooner or later, every business interrogates its spending with an eye on eliminating costs. Right now, security should be low on the list of line items where organizations choose to cut funding.
  • This article highlights the importance of including different business units in the planning phase of initiatives, connecting security to the overarching business strategy of your organization, including the right data points (as opposed to solely the most alarming data), and showing leadership how security contributes to the organization’s revenue.

Fake CISO Profiles on LinkedIn Target Fortune 500s

Article Link: https://krebsonsecurity.com/2022/09/fake-ciso-profiles-on-linkedin-target-fortune-500s/

  • Someone has recently created numerous fake LinkedIn profiles for CISOs at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. However, the fake accounts are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
  • In some instances, the top Google search results, and even some websites that track who the CISOs of large organizations are, state that the fake accounts are the legitimate CISOs of various organizations.
  • Adding to the confusion, the fake LinkedIn accounts build account details by copying and pasting account details from the LinkedIn accounts of CISOs outside of the industries that the account creators claim to work in.

Microsoft: Hackers are Using Open-Source Software and Fake Jobs in Phishing Attacks

Article Link: https://www.zdnet.com/article/microsoft-hackers-using-open-source-software-and-fake-jobs-in-phishing-attacks/

  • Microsoft is warning that North Korean hackers are using open-source software and fake social media accounts to dupe software engineers and IT support staff with fake job offers that lead to malware.
  • The Microsoft Threat Intelligence Center (MSTIC) has seen the group using PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer to gain initial access.
  • The hacking group has targeted employees in media, defense and aerospace, and IT services in the US, UK, India, and Russia. Likewise, the message are frequently tailored to the potential victims.

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Article Link: https://thehackernews.com/2022/09/researchers-uncover-covert-attack.html

  • A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines.
  • Infection chains begin with a phishing mail with a ZIP archive attachment containing a shortcut file that claims to be a PDF document about “Company & Benefits,” which is then used to retrieve a stager from a remote server. Following this, an 8-step process is kicked off as the malicious code is deployed.
  • Adding to the complexity, the malware contains significant obfuscation and depending on system settings, will disable network adapters, disable logging, and automatically alter other system settings.

Cybercriminals See Allure in BEC Attacks Over Ransomware

Article Link: https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware

  • According to Arctic Wolf, BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022.
  • Daniel Thanos of Arctic Wolf says that the surging state of BEC landscape is unsurprising because BEC attacks offer cybercriminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress.
  • To avoid being a victim, basic security measures can go a long way, Arctic Wolf found. In fact, many companies falling prey to BEC attacks did not have security controls that potentially could have prevented damage, Arctic Wolf stated in its analysis.

Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware

Article Link: https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html

  • APT28, a Russian state-sponsored threat actor, has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. While in “Presentation” mode, a PowerShell script downloads and executes a dropper from OneDrive. The dropper retrieves additional payloads and sets up C2 communications.
  • The development is a sign that APT28 continues to hone its technical tradecraft and evolve its methods for maximum impact as exploitation routes once deemed viable cease to be profitable.
  • Currently, potential targets include the European defense and government sectors; however, similar tactics can easily be deployed elsewhere.

Fired Admin Cripples Former Employer’s Network Using Old Credentials

Article Link: https://www.bleepingcomputer.com/news/security/fired-admin-cripples-former-employers-network-using-old-credentials/

  • After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back with a higher salary.
  • The former employee made numerous changes, including purposefully misdirecting web and email traffic to computers unaffiliated with the company. Additionally, he performed additional actions that essentially locked out the firm’s IT team from the website administration panel.
  • Disgruntled employees have a strong incentive to be vengeful. Apart from using access credentials themselves, they could also sell them on the dark web.

3 Types of Attack Paths in Microsoft Active Directory Environments

Article Link: https://www.helpnetsecurity.com/2022/09/28/3-types-attack-paths-microsoft-active-directory-environments/

  • From the perspective of a defender, there are three types of attack paths that malicious actors may take: Ones that can be fixed in minutes, ones that take days or weeks to resolve, and ones that can’t be fixed without significant structural changes or breaking critical software.
  • While many attack paths for AD, and any other system, can be fixed quickly, some paths require more time or must be accepted and have mitigating controls applied to them to limit threat exposure.
  • Looking at attack paths in these three categories helps defenders prioritize their work to get the most risk reduction for their time and be realistic about which remediations will be pursued and which ones may be mitigated through other means

Treasury Seeks Comment on How to Structure a Cyber Insurance Program

Article Link: https://www.nextgov.com/cybersecurity/2022/09/treasury-seeks-comment-how-structure-cyber-insurance-program/377793/

  • The U.S. Treasury Department’s Federal Insurance Office and CISA asked in a request for comment in the Federal Register “Should cybersecurity and/or cyber hygiene measures be required of policyholders under the [referenced] structure? If so, which measures should be required?”
  • The agencies also want answers to a host of other questions, such as whether insurers would be less likely to cover events that resulted in physical impacts and what amount of financial losses should be considered “catastrophic.”
  • Insurance is typically regulated at the state level, but this Request For Comment (RFC) is analyzing the merits and concerns surrounding the creation of federal cyber insurance, akin to the National Flood Insurance Program.
  • Official RFC Link: https://www.federalregister.gov/documents/2022/09/29/2022-21133/potential-federal-insurance-response-to-catastrophic-cyber-incidents


Reach out to our incident response team for help

More To Explore

Information Security News 4-15-2024

Roku Disclosed a Security Incident Impacting 576,000 Accounts Article Link: https://securityaffairs.com/161765/data-breach/roku-second-data-breach.html FBI Warns of Massive Wave of Road Toll SMS Phishing Attacks Article Link: https://www.bleepingcomputer.com/news/security/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks/

Shane Farmer April 15, 2024

Firewall Fiasco: CVE-2024-3400

Palo Alto Networks has issued a warning about a severe command injection flaw in their PAN-OS firewall software, currently under active exploitation. The vulnerability is

Kyle McCray April 12, 2024

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.