18th January | Become Cybersafe With Neuways – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats Update, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

Cyber attacks: Spear-phishing campaigns targeting businesses and their employees

In an ongoing cyber threat, the Russian FSB cyber actor Star Blizzard, formerly known as SEABORGIUM, continues to conduct worldwide spear-phishing campaigns, focusing on organisations and individuals in the UK and other strategically significant regions.

The UK National Cyber Security Centre (NCSC) and various international agencies, including the US FBI and NSA, assess that Star Blizzard is likely linked to the Russian Federal Security Service (FSB) Centre 18.

Since 2019, Star Blizzard has targeted diverse sectors, including academia, defence, governmental organisations, NGOs, think tanks, and politicians. While the UK and US have been primary targets, activity has also been observed against entities in other NATO countries and Russia’s neighbouring nations. In 2022, the group expanded its targets to include defence-industrial sectors and US Department of Energy facilities.

The group’s spear-phishing campaigns involve meticulous research and preparation. Star Blizzard utilises open-source resources, including social media, to gather information about targets and create convincing lures. They impersonate known contacts using fake email accounts, social media profiles, and malicious domains resembling legitimate organisations. The actors prefer targeting personal email addresses to evade corporate network security controls.

Building trust is a crucial part of their approach, with Star Blizzard engaging in benign communication on topics of interest to the target. Once trust is established, they deliver a malicious link, often using phishing tradecraft, leading to an actor-controlled server. The group employs the EvilGinx framework to harvest credentials, bypassing two-factor authentication.

Star Blizzard accesses the target’s email account upon compromising credentials and stealing emails and attachments from the inbox. They also set up mail-forwarding rules for ongoing visibility of victim correspondence. The stolen data is then used for follow-on targeting, including further phishing activities.

The advisory emphasises the persistence and evolution of Star Blizzard’s spear-phishing techniques, urging individuals and organisations from previously targeted sectors to remain vigilant and invest in cyber security. The report provides information on effective defence strategies against spear-phishing, and in the UK suspicious activity can be reported to the NCSC..

London Internet Exchange threatened by cyber attack

The hacktivist group known as Anonymous Sudan, allegedly associated with Russia and recognised for its diverse membership, has declared responsibility for a cyber attack on the London Internet Exchange (LINX), one of the world’s most prominent exchange points.

The group, which claims the attack is a response to Britain’s support for Israel and its air strikes on Yemen, has further indicated a looming significant cyber attack on the UK.

LINX, a mutually governed Internet exchange point in London, is crucial in facilitating peering services and representing public policies for network operators in the UK and beyond. The cyber attack was announced on the group’s Telegram channel on January 12, 2024. However, the authenticity of this claim still needs to be verified, as LINX’s website reportedly remained operational, raising doubts about the accuracy of the group’s statements.

This reported cyberattack coincides with air strikes conducted by the UK and the USA against Houthi military targets in Yemen. In response to Houthi attacks on international maritime vessels in the Red Sea, the UK targeted 30 Houthi military sites, gaining approval for military action from UK Prime Minister Rishi Sunak. Simultaneously, US officials launched over 80 Tomahawk cruise missiles and deployed 22 jets from the USS Eisenhower aircraft carrier.

Anonymous Sudan, recognised for its large-scale Distributed Denial of Service (DDoS) attacks, frequently targets both anti-Russian and anti-Muslim entities. Recent attacks have occurred nearly every week, impacting various sectors such as airlines, governments, banks, large enterprises, airports, and telecommunication companies. In November 2023, the group claimed responsibility for DDoS attacks on ChatGPT, causing service disruptions. Their involvement in cyber attacks on Microsoft’s flagship office suite and Azure cloud computing platform in June 2023 was also acknowledged.

Employees need to be more vigilant when using design software

Security researchers have alerted to a surge in phishing emails featuring Adobe InDesign links as attackers focus on specific organisations and users. Since October, there has been a nearly 30-fold increase in malicious emails containing Adobe InDesign prompts. Many of the phishing links identified have the top-level domain “.ru” and are hosted behind a content delivery network (CDN), acting as a proxy for the source site. This approach obscures the content source, making it challenging for security technologies to detect and block the attacks.

The study’s researchers noted that these phishing emails often carry legitimate brand logos, likely obtained from other content or scraped from websites by the attackers. The logos are chosen for their familiarity and trustworthiness to the targets, indicating that attackers invest time and resources in crafting convincing messages. The attacks utilising Adobe InDesign employ various tactics to avoid detection and deceive targets. These tactics include leveraging a known and trusted domain that is not commonly blacklisted, using a publishing program for convincing social engineering attacks, and redirecting recipients to another web page after clicking the link to eliminate known malicious URLs in the message body.

Phishing attacks remain a prevalent cyber threat, with the State of Phishing Report 2023 reporting a 1265 percent increase in malicious phishing emails since Q4 2022. According to the report, the rise is partly attributed to the growth of generative AI, such as ChatGPT, which allows cyber criminals to create sophisticated ‘business email compromise attacks’ and therefore, improves malware. The study also found an average of 31,000 daily phishing attacks, with 68 percent identified as text-based BEC and a significant 967 percent increase in credential phishing driven by ransomware groups seeking access to companies for financial gain.

Your employees, especially if they are using this type of software, need to be extra vigilant. Designers need to be aware of the pitfalls of using software and clicking on links from supposed companies. Always get them to double check their emails and lean on their or phishing awareness training they could be letting cyber criminals gain access to your confidential data that is part of the business network.

—————————————————————————————————————————–

Contact Neuways for Network Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today.