Gartner Top Security & Risk Management 2021

 

Establish Privacy Program using NIST Framework

 

Cyber Security AwarenessTips

 

Rise of Cyber Crime

 

How Does AI Work?

 

LinkedIn Fake Jobs for Spear Phishing

Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times. 

Hence, targeting such unsuspecting people to carry out Spear Phishing attacks on LinkedIn with fake job offers to infect them with a sophisticated BACKDOOR TROJAN - MORE_EGGS is the latest modus operendi. 

Crafting the fake job offer based on the the target’s job position from LinkedIn increases the odds that the recipient will successfully detonate the malware. To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.

For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the 'position' added to the end), cybersecurity firm eSentire's Threat Response Unit (TRU) said in an analysis. Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. It uses normal Windows processes to run so it is not going to typically be picked up by anti-virus and automated security solutions so it is quite stealthy. 

The below three elements make more_eggs, and the cybercriminals which use this backdoor very lethal -

Once installed, more_eggs maintains a stealthy profile by hijacking legitimate Windows processes while presenting the decoy "employment application" document to distract targets from ongoing background tasks triggered by the malware. Furthermore, it can act as a conduit to retrieve additional payloads from an attacker-controlled server, such as banking trojans, ransomware, credential stealers, and even use the backdoor as a foothold in the victim's network so as to exfiltrate data.

Reference links: 

https://www.linkedin.com/posts/nsji_cybersecurity-security-privacy-activity-6785417730028908544-rXOe/

https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html

The InfoSec Wheel

In the conventional realm of information security, there tend to be two main groups:

1) The Red Team, employees or contractors hired to be Attackers, ethical hackers that work for an Organization finding security holes that a malicious individual could exploit.

2) The Blue Team, the Organization’s Defenders, who are responsible for protective measures within an Organization.

While it is good to have people dedicated to secure an Organization through defense or attack methods, Organizations and their systems do not stay static. Additional processes, automations, products and being built constantly — with the potential attack surface area growing with each new change or integration.

Only having Red and Blue Security Teams is not enough. The people building what must be defended need to be included.

Red, Blue and Yellow are our Primary Colours. Combine two of them and you get Secondary Colors

Refer to the article here - https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700 

Automating threat actor tracking

As seen in recent sophisticated cyberattacks, especially human-operated campaigns, it’s critical to not only detect an attack as early as possible but also to rapidly determine the scope of the compromise and predict how it will progress. How an attack proceeds depends on the attacker’s goals and the set of tactics, techniques, and procedures (TTPs) that they utilize to achieve these goals. Hence, quickly associating observed behaviors and characteristics to threat actors provides important insights that can empower organizations to better respond to attacks.

Microsoft uses statistical methods to improve our ability to track specific threat actors and the TTPs associated with them. Threat actor tracking is a constant arms race: as defenders implement new detection and mitigation methods, attackers are quick to modify techniques and behaviors to evade detection or attribution. Manually mapping specific indicators like files, IP addresses, or known techniques to threat actors and keeping track of changes over time isn’t effective or scalable.

To tackle this challenge, Microsoft has built a probabilistic models that enable us to quickly predict the likely threat group responsible for an attack, as well as the likely next attack stages. With these models, security analysts can move from a manual method of investigating small sets of disparate signals to probabilistic determinations of likely threat groups based on all activity observed, comparing the activity against all known behaviors, both past and present, encoded in the model. These models help threat intelligence teams stay current on threat actor activity and help analysts quickly identify behaviors they need to analyze when investigating an attack.

The model enriches targeted attack notifications with additional context on the threat, the likely attacker and their motivation, the steps the said attacker is likely to make next, and the immediate action the customer can take to contain and remediate the attack. Below we discuss an incident in which automated threat actor tracking translated to real-world protection against a human-operated ransomware attack.

Read the full article by Microsoft 365 Defender Research Team - https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/

Cyber Security Post Covid

Security Awareness Infographich