[Bob says: Hey Russia!! It’s great to have a friend like China!! Have fun! Hahaha. Hey America! Wake up and smell the green tea! China is not our friend either.]
In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia by western countries. These sanctions have put enormous pressure on the Russian economy, and specifically on organizations in multiple Russian industries.
Original release date: May 17, 2022
The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory (CSA) on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise networks. While these poor practices may be common, organizations can apply basic practices, such as the following, to help protect their systems:
- Control access.
- Harden credentials.
- Establish centralized log management.
- Use antivirus solutions.
- Employ detection tools.
- Operate services exposed on internet-accessible hosts with secure configurations.
- Keep software updated.
CISA encourages organizations to review Weak Security Controls and Practices Routinely Exploited for Initial Access and apply the recommended mitigations.
CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint for future attacks.
Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example. More…
Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.
t turns out that the iPhone’s Bluetooth chip — which is key to making features like Find My work — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off. […]
The research is the first — or at least among the first — to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.
The research is fascinating, but the attack isn’t really feasible. It requires a jailbroken phone, which is hard to pull off in an adversarial setting.
Whoa Nellie, that’s getting to be real money here. This is the kind of thing that starts cutting into your whole IT budget.
The WSJ said: “Many U.S. cyber insurers dramatically increased their rates during 2021, alarmed by a rash of cyberattacks that struck companies around the world and drew the attention of national governments. Data from regulatory filings and collated by ratings agencies shows that among the largest insurers, direct written premiums rose a whopping 92%, while direct loss ratios fell slightly.
Blog post with link to WSJ article. Great budget ammo:
Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the internet and use this to craft targeted attacks.
“Some scammers will use all available and seemingly harmless data about you to their advantage, watching your every move online, typically on social media, in order to eventually exploit your digital footprint,” Lameiras says.
“Unless you’re careful, the more you interact online, the higher the odds that they’ll know a lot about you – ultimately, they may have an easier time duping you.”
Blog post with links: https://blog.knowbe4.com/why-people-fall-for-scams