IBM: Cybercriminals Could Disrupt COVID-19 Vaccine Supply Chain

Risk IQ’s Cory Kennedy

…seem pointless, but many people reuse passwords for multiple systems,” he said. “This is well known by the attacker community and enables credential stuffing attacks.  The FBI warned about this attack type recently.”

Damage ranges from multiple account breaches to financial loss, Kennedy said.

“Organizations should be training faculty, students and staff about identifying and avoiding phishing attacks,” he said., “However, they should also have systems in place that can identify brand abuse that many threat actors employ to execute these phishing attacks.”

The frequency of brand attacks can overwhelm security teams, and providers have different approaches to solving this problem, Kennedy said.

“RiskIQ’s global network of virtual users use a combination of threat feeds and configured searches for brand keywords to encounter threats, including phishing, domain infringement, rogue mobile apps, social media impersonation and brand-lure malware, the same way that victims do,” he said. “Virtual users closely mimic human behavior in the way they navigate websites and use a broad range of geographic locations, OS and browser-types, and other characteristics to catch targeted attacks by threat actors trying to evade detection.”

RiskIQ says it will continue to research Shadow Academy and share findings.

Hacker-for-Hire Group DeathStalker Hits the Americas and Europe

Kaspersky researchers have spotted new malware activity in the wild from DeathStalker. The advanced persistent threat (APT) offers hacking-for-hire services targeting companies in the financial and legal sectors.

DeathStalker uses a new malware implant and delivery tactics involving a backdoor Kaspersky has dubbed PowerPepper.

The backdoor remotely takes control of victim devices. It leverages DNS over HTTPS as a communication channel to hide communications with the control server behind legitimate-looking traffic. PowerPepper also uses several evasion techniques.

DeathStalker doesn’t care about politics. And it isn’t seeking financial gain from the companies they target. Rather, they act as mercenaries, offering their hacking services for a price.

Kasperky’s Pierre Delcher

Pierre Delcher is a security expert at Kaspersky.

“DeathStalker is likely looking for business intelligence, i.e. content and data that are of interest in the framework of the missions and contracts it has been tasked for,” he said. “DeathStalker may be extracting large chunks of data first, and looking for the specifics offline then, so the associated specific interests are not revealed during investigations.”

The cybercriminals most likely access and copy sensitive, confidential and protected information, Delcher said.

“Such information could allow competitors to win contracts or lawsuits that they should not have, discover personal secrets, or carry activities on behalf of targeted organizations’ identity/brand,” he said. “The same malware intrusion chains and tactics could just as well be leveraged by other actors to disrupt activities or deploy ransomware.”

PowerPepper is typically spread via spear-phishing emails. Malicious files are delivered in the email body or within a malicious link. The group has exploited international events, carbon emission regulations, and even the pandemic to trick their victims into opening the malicious documents.

“SMBs are definitely a target for DeathStalker’s activities,” Delcher said. “We could identify law and finance consultancy firms to be frequent targets, and most of them were not big corporations.”

SMBs may not control their IT assets or dedicate enough resources to protect against cyberattacks, he said.

DeathStalker’s tools heavily rely on scripting languages such as Powershell and JavaScript. So Kaspersky recommends interpreters for these languages be disabled on user machines whenever possible. Also, it’s important to monitor associated Windows events.

“Beyond this, our main recommendation would be to make sure an up-to-date security product is set up on all smartphones, computers and servers, and that all employees are trained to detect, ignore and report spear-phishing or unsolicited emails and social network messages,” Delcher said.

NetEnrich Unleashes Intelligent SOC

NetEnrich‘s new Intelligent SOC (ISOC) service allows midmarket enterprises and MSPs to up-level security operations, add skilled experts and improve efficiencies.

ISOC removes the barriers and complexities associated with security operations by making it easier, effective and more cost-effective. Organizations can scale their operations by adding outcomes-focused services that combine AIOps with security analyst expertise.

Justin Crotty is senior vice president at NetEnrich.

“Intelligent SOC enables MSSPs, MSPs and VARs to expand their managed security services business by customizing programs to meet their customers’ (enterprises) needs,” he said. “Organizations can add specific entitlements…