The World Cup has kicked off and as predicted the surge in tournament related phishing campaigns has appeared. You may also have noticed a rise in the number of scam emails and texts relating to the Black Friday and Cyber Monday sales too.
This week’s observations from our Incident Response Team
After more incidents being reported in the media of hacking groups continuing to exploit the Log4Shell and Log4J vulnerabilities we highly suggest that businesses and organisations ensure that they have patched their applications and servers. A fix for the Log4Shell vulnerability has been available since December last year as has a patch for Log4J.
Threat actors seek out weaknesses and vulnerabilities in their targets and often unpatched vulnerabilities are the cause of successful cyber attacks and rely on organisations to fail to patch and fix them.
Proper DMZ segregation is also an absolute must for organisations that host external web servers. It also goes without saying that your backend database should not be on the same server as your website front end, let alone the same network!
If you need assistance with handle vulnerabilities check out how our Vulnerability Management Services can help you.
Security researchers from Trellix discovered that the number of attackers attempting to leverage the World Cup for their nefarious ends soared in the run up to the start of the tournament and that football based phishing campaigns have increased dramatically in Arab counties. The volume of malicious emails in Arab nations was observed to have increased by 100% in October with that number expected to be even higher throughout the tournament.
Trellix solutions identified several malware families being used to target Arab countries, but the five most used malware families are Qakbot (40%), Emotet (26%), Formbook (26%), Remcos (4%) and QuadAgent (4%).
AirAsia Hackers say they won’t attack it again due to its ‘sloppy security’
After AirAsia had the personal data of five million of its passengers stolen by hackers earlier this month the hacking group responsible delivered a further blow by announcing that it wouldn’t attack the company again due to how bad its cyber security is.
In a statement released on DataBreaches.net the Daixin Team said: “The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack. The group refused to pick through the garbage for a long time. As our pentester said, ‘Let the newcomers sort this trash, they have a lot of time.’ The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator ‘built his shed next to the old building.’ At the same time, the network protection was very, very weak.”
European Parliament hit by Cyber Attack after Russia Vote
In another example of the cyber war raging as a result of Russia’s invasion of Ukraine the European Parliament was hit by a cyber attack by Russian affiliated hackers after MEPs voted in favour of designating Russia as a terrorist state.
The DDoS attack impacted the European Parliament website and disrupted several services. Some observers commented that the attack was the ‘most sophisticated’ that they had seen so far. The group responsible is thought to be the Russian affiliated Killnet.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager.
Get in touch to find out how you can protect your organisation.