Security News > 2022 > June

Other state-backed threat actors have started exploiting it, but now one of the most active Qbot malware affiliates has also been spotted leveraging Follina. Archive contains an IMG with a Word doc, shortcut file, and DLL. The LNK will execute the DLL to start Qbot.

"Attackers consider larger organizations to be more valuable, so they are more motivated to get in, get what they want and get out. Smaller organizations have less perceived 'value,' so attackers can afford to lurk around the network in the background for a longer period. It's also possible these attackers were less experienced and needed more time to figure out what to do once they were inside the network. Lastly, smaller organizations typically have less visibility along the attack chain to detect and eject attackers, prolonging their presence," said Shier. "With opportunities from unpatched ProxyLogon and ProxyShell vulnerabilities and the uprise of IABs, we're seeing more evidence of multiple attackers in a single target. If it's crowded within a network, attackers will want to move fast to beat out their competition."

The shift to cloud native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex. Adversaries, motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, are stepping up attacks against software build and distribution environments.

State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "Establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers. The advisory states that network devices are the target of this campaign and lists 16 flaws - some dating back to 2017 and none more recent than April 2021 - that the three agencies rate as the most frequently exploited.

A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. "There'll never be a time when we don't defend ourselves - especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal.

The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "One of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator. The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.

Financially motivated cybercriminals are taking advantage of schools' need for uptime, their scarcity of cybersecurity defense resources, and lack of expertise compared to other potential targets. During 2021 in the U.S. alone over 1,000 schools suffered from a ransomware attack, according to Emsisoft research.

I recently had the opportunity to meet and speak with several luminaries of the global security ecosystem: Roger Hale - Chief Security Officer; BigID, Sounil Yu - CISO and Head of Research at JupiterOne; Debbie Taylor Moore - VP and Senior Partner Global Cybersecurity at IBM Consulting; and Jay Leek, Managing Partner and Co-founder of SYN Ventures. As the aftershocks of 2021 begin to clear, I was interested in getting CISOs' take on ensuing challenges and upcoming hurdles that require the attention of all security and business stakeholders.

Global research commissioned by ReversingLabs and conducted by Dimensional Research, revealed that software development teams are increasingly concerned about supply chain attacks and tampering, but barely a third said they can effectively vet the security of developed and published code for tampering. 98 percent of respondents reported that third party software use including open-source software increases security risks.

The Identity Theft Resource Center and LexisNexis Risk Solutions have released the Pandemic-Related Identity Fraud Crime Victim Impacts Report, which shows how individuals and government agencies have been impacted since 2020 by an unprecedented wave of government benefits identity fraud. "We speak with identity crime victims every day at the ITRC," said Eva Velasquez, President and CEO of the Identity Theft Resource Center.