Silicon Valley Bank Phishing Scams Are In High Gear Says INKY

Posted in Commentary with tags on March 16, 2023 by itnerd

NKY has published an article detailing how cybercriminals are using the Silicon Valley Bank collapse in a credential harvesting phishing scheme. Which is something I’ve been predicting for a few days now.

This report details how the phisher is using a fake DocuSign email notifications requiring the unsuspecting customer to sign important documents.

You can read the report here.

OVHcloud purchases its first Quandela quantum computer

Posted in Commentary with tags on March 16, 2023 by itnerd

 OVHcloud, the European cloud leader, further confirms its ambitions and support of the growing quantum computing ecosystem with the purchase of its first quantum powered machine to kick-off new efforts in the fields of research and development. Designed by French company Quandela, the MosaiQ computer is powered by a photonic processor.  

Doubling down on its efforts in quantum computing, the Group’s goal is to provide its research and development department with the right tools to experiment with a Quantum Processing Unit (QPU) based machine for various use cases. This comes in addition to the announcement, last summer, of a plan to offer quantum-based calculation as-a-service through several emulators, including Perceval, the programming framework developed by Quandela.  

Staying true to its commitment towards open ecosystems, OVHcloud actively supports development efforts in the field of quantum computing via its France Quantum conference initiative, where OVHcloud is a co-founding member, and through its Startup Program. The latter provides technical assistance as well as credits elevating innovation in quantum computing with startups, active both in the hardware and software fields. Over the years, this commitment already led to significant breakthroughs with Quandela’s early proof of concept effectively using OVHcloud infrastructure and Quandela’s first customers being able to connect to their QPU through OVHcloud. Hosted in OVHcloud datacentres in France (GRA) and Canada (BHS), Quandela’s Perceval notebook is also available here for OVHcloud Public Cloud customers so that they can discover quantum emulation. 

Marking a significant milestone and paving the way for a quantum ready future, Quandela’s system is expected for delivery sometime this fall. It relies on an upgradeable platform thanks to the use of photonics. With a QPU that can be reconfigured, the system will prove to be upgradable through new modules to quickly ramp up the overall computing capabilities.  

Nuspire Introduces Managed Microsoft Defender Solution

Posted in Commentary with tags on March 16, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), has announced the launch of its Managed Microsoft Defender services for Endpoint, ID, O365 and Cloud App Security. The new service will help organizations realize the full value of Microsoft Defender through a seamless, expert-led managed solution.

Microsoft Defender offers robust protection against a wide range of threats, including malware, ransomware and other sophisticated attacks. However, configuring, tuning, maintaining and monitoring Microsoft Defender can be challenging, especially when it comes to technology and operating systems outside of the Windows environment. In addition, there is still a significant talent shortage in the security industry, and companies have fewer resources to manage security solutions like Defender and respond to threats.

To address these challenges, Nuspire’s Managed Microsoft Defender services leverage the expertise of seasoned security professionals to guide integration and implementation. Nuspire’s team will monitor, mitigate, respond to and remediate threats directly in a client’s environment. The service also provides 24×7 monitoring and SOC support to reduce false positives and alert fatigue.

For more information on Nuspire’s Managed Microsoft Defender services, please visit https://www.nuspire.com/services/managed-security/managed-microsoft-defender.  

HP Wolf Security report shows move to block macros by default is forcing threat actors to think outside the ‘box’

Posted in Commentary with tags on March 16, 2023 by itnerd

HP today issued its latest quarterly HP Wolf Security Threat Insights Report, showing cybercriminals are diversifying attack methods, including a surge in QR code phishing campaigns. By isolating threats on PCs that have evaded detection tools, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 25 billion email attachments, web pages, and downloaded files with no reported breaches. Further HP Wolf Security insights will be featured at the upcoming Amplify Partner Conference, March 28-30, McCormick Place Chicago.

From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data. Based on data from millions of endpoints running HP Wolf Security, the research found:

  • The rise of QR scan scams: Since October 2022, HP has seen almost daily QR code “scan scam” campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details. Examples in Q4 included phishing campaigns masquerading as parcel delivery companies seeking payment.
  • HP noted a 38% rise in malicious PDF attachments: Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorized access to systems, which are used as beachheads to deploy ransomware.
  • 42% of malware was delivered inside archive files like ZIP, RAR, and IMG: The popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads. This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint. 

In Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families – compared to just two similar campaigns in the previous year. The attacks rely on users clicking on search engine advertisements, which lead to malicious websites that look almost identical to the real websites. 

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior. 

The full report can be found here: https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2022/

Hackuity Partners With Appurity

Posted in Commentary with tags , on March 16, 2023 by itnerd

Hackuity, the risk-based vulnerability management company, today announced a new partnership with Appurity, a specialist in mobile and application security. Appurity will take Hackuity’s solution to market with enterprises in critical infrastructure, finance, pharma, and other sectors that recognize the pressing need to protect their entire estates against vulnerabilities. The goal is simple yet ambitious: provide a new level of control for reported security alerts and enable security departments to better prioritize them.

Hackuity has been growing its channel partners across Europe with a strategic focus on the UK. As Hackuity aims to solve vulnerability management issues within the enterprise workforce, the company will partner with providers which focus on creating a seamless, single point of view for internal security teams.

Appurity specializes in assessing security environments and delivering best-in-class mobile and application security solutions which adhere to the requirements of regulations and schemes such as Cyber Essentials and ISO’s Information Security Standards. Appurity works with companies to develop and implement impenetrable security strategies which utilize the latest technologies and security frameworks, including ZTNA, SSE, CASB, and MTD.

Find out more about Hackuity at https://www.hackuity.io and find out more about Appurity at https://appurity.co.uk/

New Vishing Attack Targets 160,000 End Users: Armorblox

Posted in Commentary with tags on March 16, 2023 by itnerd

As tax season approaches, cybercriminals are getting more creative in their attempts to steal sensitive information. Armorblox has released its newest research on the latest attack that impersonated one of the most trusted government entities in the US, the Social Security Administration, in an attempt to prey on the trust and uncertainty that many end-users experience during tax season.

These emails, targeting over 160,000 end users of a large educational institution, bypassed native email security.

How it Works: In this attack, end users were presented with an email, from what appeared to be the Social Security Administration, notifying them of suspicious activity that requires immediate action. For recipients who opened the attachment, they were welcomed with a blunt account suspension letter on what looks like official SSA letterhead. The end goal of this targeted vishing email attack was to get victims to open the email attachment, call the customer support number included, and render personal information.

You can read the research here.

New Cloud Storage Re-Up Email Attack Exploits Users via Social Engineering, URL Redirect to Steal CC Details

Posted in Commentary with tags on March 16, 2023 by itnerd

Jeremy Fuchs, Cybersecurity Researcher/Analyst at Avanan, A Check Point Software Company, will uncover how hackers are using the threat of deleting personal files to get money and credentials from end users. 

In this attack, hackers try to convince users to give over their credit card information to add more storage to their cloud storage account by sending a notice that the storage limit of cloud files has been reached; but if users act now, they’ll get 50GB for free. 

However, the link does not go to any cloud file storage site as it redirects a SendGrid URL to a malicious page. The only way to “validate” that it’s your account is to enter your credit card number, but of course, that won’t validate anything – it’ll just charge your card. 

You can read the report here.

New Previously Undiscovered TeamTNT Malware Payload Recently Surfaced During High Profile Attack

Posted in Commentary with tags on March 16, 2023 by itnerd

Cado Security have revealed a  previously undiscovered TeamTNT malware sample that Cado Labs encountered after Sysdig reported on a sophisticated cloud attack identified in a client environment. 

Without more information, it’s impossible to conclusively link the sample analyzed in this blog to the attack Sysdig reported. Still, it’s interesting that these files surfaced around the same time. 

The new report unearths a previously-undiscovered payload from a threat actor well-known to Cado researchers.

You can read the report here.

Countries Attacked Spike, Industry Specific Shifts, Victims Double: GuidePoint Security

Posted in Commentary with tags on March 16, 2023 by itnerd

GuidePoint Security has published its monthly GuidePoint Research and Intelligence Team’s (GRIT) Ransomware Report, which found that compared to January, February 2023 showed a heavy increase in ransomware activity in reported victims and the countries affected.

Key Findings Include:

  • The most notable change was the increase in victim count by Lockbit which more than doubled. 
  • The data also revealed some shifts in the industries targeted by ransomware groups, with significant increases seen across the Food and Beverage, Banking and Finance, and Engineering industry. 
  • Ransomware groups targeted victims in nearly 50 countries in February, a steep increase from those attacked in January.

You can read the report here.

If You Need Another Reason To Install Microsoft’s Latest Patch Tuesday Updates, The Canadian Government Can Help You With That

Posted in Commentary with tags on March 16, 2023 by itnerd

The Canadian Government is urging users of Microsoft operating systems to install all the patches that came out as part of Microsoft’s Patch Tuesday dump to fix a vulnerability where a malicious email can pwn you even before you open the email in question:

The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.

The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.

“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.

The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.

That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.

Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.

I’ve rarely seen a Patch Tuesday where there has been critical patch after critical patch that users are urged to install. My suggestion would be not to treat this batch of Patch Tuesday updates as trivial. Instead, I would get about patching all the things ASAP because it’s a safe bet that threat actors are going to exploit these vulnerabilities, if they haven’t already.