Tag Archive for: fatigue

India Braces Against Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation for Security Operations

/in


Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasizing the role of Artificial Intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain. Key findings from India include:

 

Current Security Challenges: Threats and Team Readiness

 

  • Most Common Cyber Threats: Phishing and Insider threats are the most predominant cyber threat in India, with Approximately 50% of organizations ranking them as their top concerns. The top five threats include phishing, insider threats, ransomware, unpatched vulnerabilities, and identity theft.

 

  • Ransomware Surge: Ransomware incidents have doubled across India, with 70% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.

 

  • Insider Threats and Remote Work: 88% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity.

 

  • Resourcing IT Security Teams: Only 44% of businesses have dedicated IT resources for security teams. This augments the challenges faced by organizations in strengthening their security measures.

 

  • Impact of Emerging Technologies: Hybrid work, AI, and IT/OT system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organizational vulnerability to cyber threats.

 

SecOps SOS: Struggles with Alert Fatigue and Threat Containment

 

  • Threat Containment and Preparedness: Approximately one out of three…

Source…

Russian influence and cyber operations adapt for long haul and exploit war fatigue

/in


Since July 2023, Russia-aligned influence actors have tricked celebrities into providing video messages that were then used in pro-Russian propaganda. These videos were then manipulated to falsely paint Ukrainian President Volodymyr Zelensky as a drug addict. This is one of the insights in the latest biannual report on Russian digital threats from the Microsoft Threat Analysis Center: “Russian Threat Actors Dig In, Prepare to Seize on War Fatigue”

As described in more detail in the report, this campaign aligns with the Russian government’s broader strategic efforts during the period from March to October 2023, across cyber and influence operations (IO), to stall Ukrainian military advances and diminish support for Kyiv.

Video messages from American celebrities are used in Russian propaganda

Unwitting American actors and others appear to have been asked, likely via video message platforms such as Cameo, to send a message to someone called “Vladimir”, pleading with him to seek help for substance abuse. The videos were then modified to include emojis, links and sometimes the logos of media outlets and circulated through social media channels to advance longstanding false Russian claims that the Ukrainian leader struggles with substance abuse. The Microsoft Threat Analysis Center has observed seven such videos since late July 2023, featuring personalities such as Priscilla Presley, musician Shavo Odadjian and actors Elijah Wood, Dean Norris, Kate Flannery, and John McGinley.

a gallery of celebrity videos used in Russian propaganda

Samples of the videos promoting pro-Russian propaganda aiming to malign Ukrainian President Volodymyr Zelensky that feature different celebrities

Prigozhin’s death has not slowed Russia’s influence operations

The August 2023 death of Russian businessman Yevgeny Prigozhin, who owned the Wagner Group and the infamous Internet Research Agency troll farm, led many to question the future of Russia’s influence and propaganda capabilities. However, since then, Microsoft has observed widespread influence operations by Russian actors that are not linked to Prigozhin, indicating that Russia has the capacity to continue prolific and sophisticated malign influence operations without him.

Russia’s…

Source…

Infostealer Malware Market Booms, as MFA Fatigue Sets In

/in


Malicious actors are finding success deploying information stealer (infostealer) malware, combining stolen credentials and social engineering to carry out high-profile breaches and leveraging multifactor authentication (MFA) fatigue attacks.

These were among the findings of a report from Accenture’s Cyber Threat Intelligence team (ACTI) surveying the infostealer malware landscape in 2022, which also noted a spike in the number of Dark Web advertisements for variety of new infostealer malware variants.

The marketplace for compromised credentials is also growing, according to the report, which takes an in-depth look at a Russian market site used by malicious groups RedLine, Raccoon Stealer, Vidar, Taurus, and AZORult to obtain credentials for sale.

Paul Mansfield, cyber-threat intelligence analyst at Accenture, explains the most important point to understand about the rise of the rise of infostealer malware is the threat to corporate networks.

“There are many examples throughout 2022 of infostealer malware being used to harvest the credentials which serve as an entry point for further attacks,” he says.

For Mansfield, the most concerning finding from the report was the damage that can be done at such little cost to the threat actor.

“The malware generally costs around $200 for one month plus a few other minor additional costs,” he notes. “During that time, they can steal a high volume of credentials from around the globe, pick out the most valuable for targeted attacks — of which there have been several high-profile examples in 2022 — and sell the rest in bulk to marketplaces for others to do the same.”

Ricardo Villadiego, co-founder and CEO of Lumu, says the rise of infostealer malware is a consequence of the ransomware-as-a-service business (RaaS) model boom.

“There are as many variants of infostealers as people willing to pay for the code,” he explains. “The people behind infostealer malware attacks range from individuals with low technical skills to groups allegedly sponsored by governments.”

He adds that what those groups of people have in common is the interest in gathering sensitive data (personal data from their computers, including login credentials, bank account details,…

Source…

Multi-Factor Authentication Fatigue Key Factor in Uber Breach

/in


Earlier this week, Uber disclosed that the recent breach it suffered was made possible through a multi-factor fatigue (MFA) attack where the attacker disguised themselves as Uber IT.

MFA attacks are a form of social engineering consisting in spamming a target with repeated MFA requests until they eventually authorize access. This kind of attacks is possible when the threat actor has gained access to corporate login credentials but cannot access the account due to multi-factor authentication.

According to Uber,

It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device had been infected with malware.

To make sense of the likeliness of an MFA fatigue attack to succeed, security researcher Kevin Beaumont recalled on Twitter this is the same technique used in the recent LAPSUS$ attacks, about which the attacker allegedly explained: “call the employee 100 times at 1AM while he is trying to sleep and he will more than likely accept it”.

In Uber’s case, the approach was different, though. As reported by Lawrence Abrams for Bleeping Computer, security researcher Corben Leo got in touch with the hacker behind the breach and learned they contacted the targeted contractor on WhatsApp claiming they were from Uber IT and that the only way to get rid of the unstopping notifications was to accept one.

Once the attacker got their device authorized for access to Uber intranet, they began scanning the corporate network until they found a PowerShell script with admin credentials for the platform Uber uses to manage its login secrets, including DA, DUO, Onelogin, AWS, and Gsuite. This allowed them to grab source code and, more worryingly, to get access to Uber’s HackerOne bug bounty program. This in turn gave the attacker information about vulnerability reports that have not been fixed yet.

In conversation with InfoQ, Cerby’s chief trust officer Matt Chiodi stated that “if what’s being reported is true, this would be an unprecedented level of access, even when compared to SolarWinds”. One way to mitigate the impact of such incidents, according to Chiodi, is applying a Zero Trust strategy,…

Source…