Tactics and Techniques
Cookie Stealing: The New Perimeter Bypass
Impacted Industries: All
What You Need To Know:
Sophos recently detailed how threat actors steal cookies to bypass multi-factor authentication (MFA) solutions to access active or recent web sessions.
Threat Actors
New Iranian APT Data Extraction Tool
Impacted Industries: Utilities; Professional, Scientific, and Technical Services; and Information
What You Need To Know:
Google’s Threat Analysis Group discovered a threat actor using a new tool downloaded and ran from the threat actors machine to log in and exfiltrate emails from Gmail, Yahoo!, and Microsoft Outlook accounts.
Threat Actors
APT41 World Tour 2021 On A Tight Schedule
Impacted Industries: Public Administration, Manufacturing, Healthcare, Logistics, Hospitality, Finance, Education, Telecommunications, Consulting, Sports, Media, Transportation, and Travel
What You Need To Know:
Group-IB details a Chinese state-sponsored threat actor’s campaigns conducted in 2021 in a recent threat report published on their blog.
Threat Landscape
Extortion Economics Ransomware’s New Business Model
Impacted Industries: All
What You Need To Know:
Microsoft recently published the second edition of Cyber Signals; this edition highlights the latest security trends and insights revolving around data extortion, the evolving RaaS business model, and what you need to do to protect your organization.
Malware
Examining Less-Common WordPress Credit Card Skimmers
Impacted Industries: Retail Trade
What You Need To Know:
A recent report from Securi details four methods threat actors use to inject skimmer malware into websites. Furthermore, according to Securi’s data, nearly 60% of all skimmers targeted WordPress CMS this year.
Malware
AgentTesla Is Threatening Businesses Around The World With A New Campaign
Impacted Industries: Unknown
What You Need To Know:
Avast has released an overview of a spyware campaign delivered through phishing emails from spoofed email addresses with malicious attachments to businesses across South America and Europe that started on Friday, August 12, 2022. To date, the adversaries have sent more than 26,000 emails.
Exploited Vulnerabilities
Recent Exploits Observed In The Wild Include Remote Code Execution, Cross-Site Scripting And More
Impacted Industries: All
What You Need To Know:
Palo Alto’s Unit 42 recently summarized key trends from February to April 2022, identifying vulnerabilities and applications exploited by threat actors.
Exploited Vulnerabilities
CISA Adds 8 Vulnerabilities To Its Known Exploited Vulnerabilities Catalog
Impacted Industries: All
What You Need To Know:
Based on evidence of active exploitation, CISA has added eight vulnerabilities to its Known Exploited Vulnerabilities Catalog. The software affected include Apple iOS and macOS, Google Chrome, Microsoft Active Directory and Windows, Palo Alto PAN-OS, and multiple products from SAP.
What We Mean When We Say
Estimates of Likelihood
We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.
Confidence in Assessments
Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:
- High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
- Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
- Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.
Share