The cyber domain never sleeps, and this week’s headlines cover the latest cybersecurity measures adopted by organizations to keep threat actors at bay. Read on to learn more about these globally significant updates.

Imperva Helps a Job Listing Site Mitigate an Automated Bot Attack

Imperva recently reported that their cybersecurity researchers could successfully stop what is probably the most significant bot attack in history. The botnet used 400,000 compromised IP addresses and generated over 400 million requests, meaning an average of 10 requests per IP address per hour.

Imperva’s mitigation service detected the 30-fold surge in traffic volume in the affected website – a job listings site functioning in six countries. The attack was launched to conduct web scraping, a pervasive form of automated attack targeting organizations. Scraping leads to skewed marketing analytics, lower conversion rates, decreased SEO ranking, downtime, website latency, etc. Imperva’s cybersecurity team has been working proactively to mitigate web scraping attacks launched using botnets and advises organizations to take cybersecurity seriously because automated bot attacks have long-lasting impacts on their organizational infrastructure.

 

FBI Warns Organizations Of Increasing BEC Attacks

The US Federal Bureau of Investigation (FBI) recently released a notification mentioning the increase in BEC scams witnessed between 2019 and 2021. It noted that the BEC scams frequently reported all made use of a couple of common tactics like virtual meeting platforms as a way of tricking organizations and employees into making money transfers to attacker-owned accounts.

BEC scams are extremely difficult to detect and account for the majority of the cybercrime-related losses in the US in the last five years. The FBI reported that over $1.8 billion had been lost to BEC scams in 2020 alone. The bureau believes that the pandemic-induced increase in the shift to an online working space has increased the frequency of BEC attacks and presents three scenarios where virtual meeting tools are commonly used to conduct these attacks.

FBI’s warning comes at a time when employees are pushing employers to extend remote working provisions beyond the COVID-19 pandemic. While WFH may seem convenient at an individual level, it implies a prolonged dependence on virtual meeting platforms and hence more significant cybersecurity threats for the organization. In light of these employee demands and the consequent change in organizations’ decisions, the FBI notification mentions a few recommendations for corporate system administrators. These include the use of MFA or secondary channels of verifying account information change requests, verifying URLs and identities of senders making such claims for changes in account information, etc.

 

Google Drive – A Popular Means to Spread Malware

A recent report by Netskope reports that most malicious documents containing malware are spread using Google Drive. Netskope said that 50% of all malicious Office documents sent in 2021 were spread via Google Drive. The report further mentions that 37% of all malware downloads are office documents. Till 2020, Microsoft OneDrive was the primary platform to spread malicious office documents, but in 2021, Google Drive took the spot, and currently, OneDrive is the second most frequently used platform to distribute malicious office documents. The Netskope report mentions that Sharepoint bags the third position in this list with a share of 15% (meaning 15% of malicious documents downloaded by victims were on Sharepoint).

Ever since organizations have shifted to cloud services, adversaries have been using these services to create free accounts and spread malicious files. All they need to do then is wait for an unsuspecting user to open the file for the devices to be infected. It is advised that internet users take necessary cybersecurity measures and refrain from opening documents from unknown or suspicious sources.

 

Beware of Phishing Emails From LinkedIn

A recent report from the cybersecurity firm Egress states that phishing attacks using impersonating emails from LinkedIn have grown by 232% since the beginning of February 2022. In a typical attack, the adversaries use stylized HTML templates, the LinkedIn logo, brand colors, and spoof display names to send phishing links to victims on Outlook 365. The fake emails resemble the LinkedIn notification emails that come with prompts like “Your profile matches this job,” “You have one new message,” , “10 high-paying jobs” or “You appeared in 4 searches this week.” In reality, however, these are fake emails sent with similar subject lines and aimed at stealing user credentials.

The email body would usually mention other popular companies like CVS Carepoint or American Express and claim that they are looking for ideal candidates for a particular position. LinkedIn recommends users visit the Help Center to verify if a message is genuine or phished. The adversaries are aware that many people across the globe are looking for new jobs at the moment, and they have exploited this urgency among people to give shape to their malicious objectives. LinkedIn encourages users to report suspicious messages and enable 2FA to ensure malicious actors are not able to get their hands on their information assets. Further, users are advised to hover over links before clicking on them and verify the relevance of any email received by going to LinkedIn’s official application.

 

CISA Notifies of an Apple WebKit REC Bug

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new flaw (dubbed CVE-2022-22620) to its catalog of vulnerabilities being exploited in the wild. CVE-2022-22620 is an Apple WebKit remote code execution bug mainly targeting Macs, iPhones, and iPads. The new binding operational directive (BOD 22-01) issued by CISA in November mandates federal agencies to patch their systems against flaws affecting macOS, iOS, and iPadOS devices.

In its notification, CISA mentioned that all Federal Civilian Executive Branch Agencies (FCEB) agencies need to patch the vulnerability before 25th February 2022. While BOD 22-01 applies to FCEB agencies alone, CISA recommends all organizations fix catalog vulnerabilities at the earliest and make it a part of their long-term vulnerability management practice to ensure a robust cybersecurity posture.

CVE-2022-22620 marks the third zero-day vulnerability patched by Apple in 2022. Reportedly, successful exploitation of this vulnerability allows adversaries to execute arbitrary code on Macs, iPhones, and iPads by opening malicious web pages on Safari. However, open-source engines in all Apple browsers make users vulnerable to the flaw irrespective of their use of Safari, Mozilla Firefox, Google Chrome, or other web browsers. Fortunately, Apple fixed the vulnerability in the macOS Monterey 12.2.1, iOS 15.3.1, and iPadOS 15.3.1 versions. Affected devices include all Macs running macOS Monterey, iPhone models from 6s onwards, and multiple iPad models.

 

Spanish Police Arrests Eight Members Of SIM Swapping Attack Gang

The Spanish National Police recently arrested eight members of a cybercrime group launching SIM swapping attacks and stealing money from victims’ bank accounts. Reportedly, the adversaries gathered victims’ bank and personal details by sending malicious messages impersonating their banks. Using these compromised victim details, the adversaries could procure duplicate SIM cards and bypass 2FA security commonly used to protect financial accounts.

The eight arrested attackers are based in Catalonia and were conducting SIM swapping attacks throughout Spain. The first attack launched by this gang was detected in March 2021 when the Spanish police received two complaints of suspicious transactions. The FBI reported that US citizens had lost over $68 million to SIM swapping attacks in 2021, and this figure has increased by five times since 2018. The Spanish National Police did its part by arresting these threat actors, the risk from SIM swapping attacks remains, and therefore it is recommended for individuals and mobile carriers to take necessary ransomware protection measures.

Pin It on Pinterest

Share This