perm_phone_msgUNDER ATTACK? S.O.S. LINE 0114 354 0054

Top Categories

Spotlight

today03/12/2021

Cyber security TechRepublic

How well do you know your APIs? Not well enough, says Cisco

Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco’s Vijoy Pandey has tools and tips to help businesses get visibility into their APIs. Image: Shutterstock/Den Rise There’s a slight problem in the world of app development, and it’s one that’s pretty fundamental [...]

Top Voted
Sorry, there is nothing for the moment.

Iranian hacking groups are evolving, warns Microsoft

Cyber security ITPro. today17/11/2021

Background
share close

Microsoft have outlined six cyber espionage groups in Iran behind a spate of ransomware attacks occurring roughly every six weeks since September last year.

In a blog post, researchers at the Microsoft Threat Intelligence Center (MSTIC) said that an analysis of several threat actors based in Iran revealed that the hackers have become increasingly sophisticated in the use of tools, techniques, and procedures.

The tech giant said that three noticeable trends have emerged. First, these Iranian cyber espionage groups are increasingly utilizing ransomware to either collect funds or disrupt their targets. Second, they are more patient and persistent while engaging with their targets.

Thirdly, while Iranian operators are more patient and persistent with their social engineering campaigns, they continue to employ aggressive brute force attacks on their targets.

Microsoft said that since September 2020, it had observed six Iranian threat groups deploying ransomware to achieve their strategic objectives. These ransomware deployments were launched in waves every six to eight weeks on average. One of the tracked groups, called Phosphorus, was seen targeting vulnerable security products.

“In one observed campaign, Phosphorus targeted the Fortinet FortiOS SSL VPN and unpatched on-premises Exchange Servers globally with the intent of deploying ransomware on vulnerable networks,” said researchers.

Related Resource

Busting the myths about SSO

Why SSO capability is critical to the success of IAM

Pixelated black and white image with whitepaper title above on white backgroundPixelated black and white image with whitepaper title above on white backgroundFree download

Researchers said that this group collected credentials from over 900 Fortinet VPN servers in the US, Europe, and Israel so far this year. The group then shifted to scanning for unpatched on-premises Exchange Servers vulnerable to ProxyShell.

The same group also used BitLocker to encrypt data and ransom victims at several targeted organizations.

“After compromising the initial server (through vulnerable VPN or Exchange Server), the actors moved laterally to a different system on the victim network to gain access to higher value resources. From there, they deployed a script to encrypt the drives on multiple systems. Victims were instructed to reach out to a specific Telegram page to pay for the decryption key,” the researchers said.

The hackers also stole credentials by sending “interview requests” to target individuals through emails that contain tracking links to confirm whether the user has opened the file. If a victim responds, they then send a link to a fake Google Meeting, which leads to a credential harvesting page.

Another group mentioned in the report was Curium that instead of using phishing emails, uses a network of fictitious social media accounts to build trust with targets and deliver malware.

Featured Resources

Why faster refresh cycles and modern infrastructure management are critical to business success

The connection between modern server infrastructure and business agility

Free download

Four traits of leaders at connected companies

Creating more meaningful work experiences for employees

Download now

Modernise the data stack to transform the data experience

Next generation business intelligence and analytics

Free Download

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Free download

See the original article here: ITPro

Written by: ITPro.

Rate it
Previous post

Designed by Cloud Boffins