Cybersecurity incidents have increased significantly; therefore, regulatory bodies are working religiously towards releasing patches on time. This week’s cyber news headlines cover some of the important developments that have taken place over the last week.
MedusaLocker Linked Servers Found
Cybersecurity experts recently found a host of Russian online servers linked to the MedusaLocker ransomware. These servers host multiple malicious exploit tools like Acunetix, Metasploit, Deimos, and Posh. Security researchers noted that there are commonalities between the data recovered from these servers and that of the MedusaLocker gang. MedusaLocker usually targets victims in the US states of Ohio, Virginia, New Jersey, California, and other countries like China, Taiwan, and the Netherlands.
MedusaLocker is infamous for attacking organizations in the healthcare industry. The recovered servers include information such as software fingerprints, certificates, and other factors used in breaching computers. Only recently, the US federal government issued warnings of the increasing number of MedusaLocker attacks.
Reportedly, threat actors use phishing emails to deliver ransomware to victim devices. Current investigations explore whether other ransomware groups are using the MedusaLocker-linked servers, but it has also been reported that some of these domains belong to the Karma ransomware group.
Chase Bank Clients Beware of Phishing Campaign
A new phishing campaign targeting Chase Bank customers is on the rise. In a typical phishing email, the attackers attach the link to a spoofed Chase login page, which is a phishing website designed to steal users’ account login credentials. Once users enter their credentials on this fake site, hackers have access to their funds and can also sell the stolen credentials for further gain.
The adversaries often use a combination of keywords in their domains, and the same technique was used to lure Chase customers. Therefore, cybersecurity experts advise verifying the authenticity of a link before clicking on it and visiting it. While anti-virus solutions are useful to a great extent, we can’t be sitting relying on them to do all the work.
As users, we must remain vigilant and beware of the credential harvesting attacks currently targeting the cyber world. It is interesting to note that out of an average of 94 anti-virus solutions, less than 12 are actually able to identify and block phishing attempts.
The Chase support team recently took to Twitter to ask users to forward suspicious emails to its handle – phishing[@]chase.com. Further, the bank requests that users refrain from responding to emails that look like phishing and delete them after forwarding them to the Chase email address.
Poor Training Leads to Incompetent Cyber Risk Management
A recent cybersecurity survey revealed that companies could not ensure security against different forms of cyber risk due to poor training facilities. Three-fourths of UK and US-based companies experienced cybersecurity threats in the past year. Poor internal communications and cybersecurity awareness are the major reasons for this incompetency.
A major factor contributing to this situation is that employees fail to realize their grave role in maintaining a company’s security online. While 45% of employees don’t know whom to report to when a cyberattack hits, another 30% undermine their own in ensuring cybersecurity.
Another interesting factor revealed was that while 85% of the employees receive cyber training, almost 64% don’t take it seriously. A disappointing 36% of employees consider cybersecurity training mundane and uninteresting. This is enhanced by another revelation that only in 39% of the cases do the security teams have a role to play in an employee’s onboarding process, thus showing the minimal say of security teams in employee engagement.
Federal Agencies Increase Efforts to Prevent Future Attacks
After the massive ransomware attacks on North American branches of JBS Foods and the Colonial Oil Pipeline in 2021, federal agencies are doubling their phishing attack prevention efforts. The increased number of attacks on the nation’s critical infrastructure has led CISA leaders to conclude that ransomware actors target large businesses, organizations, and smaller entities. CISA Executive Director Brandon Wales recently emphasized the need for organizations of all shapes and sizes to invest in bettering their cybersecurity and ransomware protection practices.
Wales opined that access to smaller companies could eventually lead attackers to the nation’s larger critical service providers. Therefore, smaller enterprises must take cybersecurity seriously, and the first step is patching all vulnerabilities at the earliest. Further, organizations must refrain from using end-of-life software products that no longer receive critical updates.
Some basic security steps, such as changing passwords and using 2FA, also go a long way in the battle against ransomware actors. Incident reporting to federal agencies like CISA is another important aspect of dealing with cyberattacks that organizations must seriously consider.
Supply Chain Attacks Increase, Reports IBM
IBM recently released its Cost of a Data Breach report, which mentioned that one in five attacks is caused by a supply chain breach at a business partner’s end. This increase in supply chain attacks causes much financial and business loss to organizations, particularly owing to the absence of zero trust strategies. The IBM report stated that the cost of supply chain attacks currently is $4.46 million. The increasing supply chain attacks suggest that organizations should have more cybersecurity controls to monitor third-party access.
Industrial, healthcare, transportation, and financial services companies are primary targets for such supply chain attacks, and zero trust is one of the most effective ways to protect against such attacks. This was substantiated with an example in the IBM report where it was mentioned that those organizations that implement zero trust security make an average cost saving of $1.5 million.
Microsoft Blocks Malicious Phishing Attachments; Hackers Find Alternative
After Microsoft Office blocked the adversaries’ tactic of spreading malware via malicious macros and phishing attachments, they found a new way to deploy malware through RAR, ISO, and Windows Shortcut (LNK) attachments. Hitherto, hackers were exploiting Microsoft Office’s VBA and XL4 Macros programs (used to automate repetitive tasks) to infect user devices with malicious Word documents. Recently, Microsoft announced that it would make blocking macros a default system feature.
The announcement alone was sufficient for attackers to find alternative attack vectors. There has been a 66% dip in the use of macros to deploy malware between October 2021 and June 2022. This is accompanied by an almost 175% increase in the use of container files like ZIPs, ISOs, and RARs. LNK files have also been used extensively since February 2022 by over ten threat actor groups.
This development brings bad news for all threat actors who rely on phishing emails. The advancement in email security solutions is yet another factor that makes cybersecurity against phishing more robust.