Tag Archive for: shifts

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

/in


Mar 24, 2024NewsroomArtificial Intelligence / Cyber Espionage

Compiled HTML Help Files

The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data.

Kimsuky, active since at least 2012, is known to target entities located in South Korea as well as North America, Asia, and Europe.

According to Rapid7, attack chains have leveraged weaponized Microsoft Office documents, ISO files, and Windows shortcut (LNK) files, with the group also employing CHM files to deploy malware on compromised hosts.

The cybersecurity firm has attributed the activity to Kimsuky with moderate confidence, citing similar tradecraft observed in the past.

Cybersecurity

“While originally designed for help documentation, CHM files have also been exploited for malicious purposes, such as distributing malware, because they can execute JavaScript when opened,” the company said.

The CHM file is propagated within an ISO, VHD, ZIP, or RAR file, opening which executes a Visual Basic Script (VBScript) to set up persistence and reach out to a remote server to fetch a next-stage payload responsible for gathering and exfiltrating sensitive data.

Rapid7 described the attacks as ongoing and evolving, targeting organizations based in South Korea. It also identified an alternate infection sequence that employs a CHM file as a starting point to drop batch files tasked with harvesting the information and a PowerShell script to connect to the C2 server and transfer the data.

“The modus operandi and reusing of code and tools are showing that the threat actor is actively using and refining/reshaping its techniques and tactics to gather intelligence from victims,” it said.

The development comes as Broadcom-owned Symantec revealed that the Kimsuky actors are distributing malware impersonating an application from a legitimate Korean public entity.

“Once compromised, the dropper installs an Endoor backdoor malware,” Symantec said. “This threat enables attackers to collect sensitive information from the victim or install additional malware.”

It’s worth noting that the Golang-based Endoor,…

Source…

Delinea Research Reveals that Ransomware Is Back on the Rise As Cybercriminals’ Motivation Shifts to Data Exfiltration

/in


PRESS RELEASE

SAN FRANCISCO, Jan. 30, 2024 /PRNewswire/ — Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today published its annual “State of Ransomware” report which shows that ransomware attacks are increasing again and reveals a change in strategy among cybercriminals. The familiar tactics of crippling a company and holding it hostage have been replaced by new strategies that use stealth to exfiltrate private and sensitive data. Cybercriminals then frequently threaten to sell it to the highest bidder on the darknet or leverage it to reap a handsome cyber insurance payment.

Titled, “State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,” the report analyzed data from a Censuswide survey of over 300 US IT and Security decision-makers to identify significant changes compared to data from the previous year’s report and uncover new possible trends. First and foremost, ransomware is back on the rise. Although not back at the levels of 2021, the number of organizations claiming to have been a victim of ransomware in the past 12 months more than doubled since last year, from 25% to 53%. Mid-sized companies appeared to be in cybercriminals’ crosshairs the most, with 65% stating they’ve been a ransomware victim over the past 12 months. Organizations are also paying ransoms more frequently, up to 76% from 68% the prior year.

More striking, however, are the emerging trends in motivations, strategies, and tactics that the survey revealed. Data exfiltration registered a surge of 39% (reported by 64% of respondents, up from 46%) and became a preferred goal for the attackers, who are now gaining control of a company’s network to download sensitive data to sell on the darknet. This trend is also evidenced by the significant downturn of traditional money grabs as the main motivation (34%, down from 69% the year before).

“Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout,” said Rick Hanson, President at Delinea. “Even as organizations are investing more in safety nets like cyber insurance which often have ransomware payouts included in…

Source…

2024 cybersecurity shifts to be driven by AI & APIs

/in


In an era where technology permeates every aspect of life, Karl Mattson, Field CISO at Noname Security, places the spotlight on the trending topics he predicts will shape the cybersecurity landscape in 2024. Mattson’s projections span geopolitical conflict, artificial intelligence (AI), the AI industry, and API regulation, drawing on a year characterised by “seismic” change in cybersecurity, accelerated by AI adoption and geopolitical complexities.

Significant is the convergence of real and digital battlefields, where cyber warfare stands as a prominent aspect of a nation’s strategies in large scale conflicts. Mattson foresees a surge in cyber risks and the evolution of more sophisticated countermeasures, instigated by the broadening application of cyberattacks targeting critical infrastructure with an aim to impede a nation’s operation on the ground. This escalation in cyber threats reinforces the urgency for fortified security measures and comprehensive global cooperation, to ensure risks are mitigated effectively.

Artificial Intelligence (AI) is set to immensely disrupt the cybersecurity sphere, as demonstrated by the pioneering ChatGPT’s launch, which extended AI’s appeal and functionality from niche markets to the public sphere. However, as AI tools become increasingly accessible, they equip malevolent actors with enhanced capabilities to supplement their cyberattacks. Mattson predicts, “AI will likely enable an increase in the sophistication and scalability of attacks,” underscoring the dual nature of this technology.

Moreover, Mattson stipulates that the reality of AI technology development and its surrounding industry will possibly witness their most tumultuous year in 2024. This will primarily transpire due to an evident divide between the public and private sectors. Government regulations are progressively circumscribing and scrutinising AI technologies due to their burgeoning potential, leading to the establishment of policies and safety summits. This has created a chasm between government-regulated and unregulated entities, necessitating different companies to align their own policies on AI technologies.

Regulation in 2024 will also shape the world of…

Source…

Shifts in security focus in the Philippines

/in


Alynna Carlos – Philstar.com

October 21, 2023 | 8:04am

Developments within the Philippine security landscape are continuously shaped by evolving security challenges, encompassing both personal and national levels and moving beyond geographical limitations. The shift in security focus is not only apparent in the Philippines.

Neighboring states are also confronted with the same risks, and these risks present an opportunity for collaboration. This is most apparent in the publication of Indo-Pacific strategies, the intensification of diplomatic visits for the alignment of national interests, and the frequency of military exercises aimed at boosting interoperability. 

Future risks will continue to evolve, as will security policies and strategies. The proliferation of new security risks and the uncertainty they bring signal a shift in security focus in the Philippines, prompting a more attuned approach and signaling the need to upgrade capabilities.

Considering current trends and developments, maritime security and cybersecurity emerge as areas where personal and national security are heavily intertwined.  

On a daily basis, people have become more exposed to cyber risks as they connect to the Internet and perform online transactions. Online scams and hacking incidents have been prevalent. Furthermore, as more information is shared in the digital space, the world has become apprehensive of disinformation and misinformation tactics that shape narratives and propaganda. 

On matters of maritime security, coastal communities worry about their livelihood as more Filipino fishermen are embroiled in territorial disagreements, particularly in the West Philippine Sea. There are also concerns about marine environment damage and loss of marine life in various areas. 

On a national level, the National Security Policy 2023-2028 underscores the vision of “a free, resilient, peaceful, and prosperous maritime and archipelagic nation.” With an emphasis on the country’s maritime and archipelagic nature, the Marcos Jr. administration sets its eye on elevating naval capabilities. Included in the agenda are maritime security as well as cyber, information, and cognitive security. 

Public awareness…

Source…