It’s been another busy week for cyber security incidents and with the holiday season rapidly approaching and the cost of living crisis cyber criminals will be seeking to take maximum advantage.

CTA-MDR-1

This week’s observations from our Incident Response Team

This week our incident response team has been researching authentication activity inside a customer environment. An organisation can determine suspicious activity by understanding its business requirements. Knowing the patterns of access enables an organization to set appropriate restrictions on user access such as restricting access from specified geographical locations based on IP addresses.

  • Organisations should take advantage of Cyber Awareness Month - “Cyber Awareness month is a great time to keep staff updated with cyber hygiene basics and ensure they are careful about where they enter credentials; such as after clicking a link in an email or message,” said Andrew Lam, Head of Integrity360’s Cyber SOC.
  • Basic Extortion is the name of the game“We have also noticed that the key focus of many cybercrime groups is basic extortion, so once a user’s account is compromised they will simply extract data from an organization and threaten to release it if they do not pay up. This theme is unlikely to go away until we truly get rid of passwords!”
  • Fortinet vulnerability CVE-2022040686 - Regarding the recently disclosed Fortinet vulnerability CVE-2022-40684, our Cyber Threat Response team have been seeing an increasing number of exploitations in the wild. As a result of this it is more important than ever to express that management portals for firewalls and other important security devices should NOT be publicly accessible from the Internet.

CTA-Incident-Response

DDoS attacks by pro-Russian hackers take down US airports websites

The war raging in Ukraine continues to impact the wider world after the pro-Russian hacktivist group called ‘KillNet’ claimed that it was responsible for launching a large DDoS attack against the websites of several major US airports.

The attacks overwhelmed the servers hosting the sites of airports such as Los Angeles, Chicago, Orlando and many more. The DDoS attacks did not impact flights but did cause harm and delays to support services.

With the war not going Putin’s way the likes of KillNet and other Russian hacking groups are likely to step up their attacks against nations who have sided with Ukraine. KillNet has already targeted the likes of Italy, Norway and Lithuania.

Microsoft’s October Patch Tuesday fixes Two Zero Days

Microsoft released its latest round of patches this week which address two Zero days and a multitude of other vulnerabilities.

All in all the latest fixes cover eighty four flaws with one of the zero days known to have been used in cyber attacks and out of the total, thirteen are classed as critical risks.

The actively exploited zero-day vulnerability fixed was tracked as 'CVE-2022-41033'- Windows COM+ Event System Service Elevation of Privilege Vulnerability and was could be used to gain system privileges.

“We would urge customers to apply the most recent Microsoft patches which address the 2 Zero days,” says Integrity 360’s Andrew Lam.

Warnings over new Phishing as a service toolkit

Cybercrime is big business and a new report this week released from cyber security researchers has shown that a new Phishing as a service (PhaaS) toolkit is being used. Called Caffeine, the previously unknown service provides criminals with features such as the ability to create customized phishing kits, dynamically generate URLs as well as provide analytics on the success of phishing campaigns.

What makes Caffeine standout is that its operators do not vet customers before activating subscriptions meaning that anyone with an email address can sign up to it.

In a further show that cybercrime is often run like a business, the service comes in a subscription model that charges $250 a month for a basic version, $450 for a three month ‘Professional’ version and a $850 six-month license ‘Enterprise’ version.

Read our guide on Phishing Here

CTA-Penetration-Testing-1Integrity360 has proven experience working with major financial institutions and banks, helping to ensure their customers and employees always stay protected.  

Get in touch to find out how you can protect your organisation itself from financial services most challenging cyber-threats. 

Contact Us