Read: The Need for Digital Transformation in Finance

The June 2023 OptionOne Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity News

TeamTNT’s Cloud Credential Stealing Campaign Targets Azure and Google Cloud

A malicious actor called “TeamTNT” has been linked to a cloud credential stealing campaign, The Hacker News reported. In June, the notorious cryptojacking crew focused heavily on stealing credentials from Azure as well as Google Cloud Platform (GCP) services, indicating that the group is moving beyond targeting Amazon Web Services (AWS).

The findings came from SentinelOne and Permiso. However, the organizations said, “Attribution remains challenging with script-based tools.”

The attacks single out public-facing Docker instances, deploying a worm-like propagation module. As many as eight incremental versions of the harvesting script have been discovered between June 15th and July 11th, the report said.

The newer versions of the malware are designed to gather credentials from AWS, Azure, Google Cloud Platform, Censys, Docker, Filezilla, Git, Grafana, Kubernetes, Linux, Ngrok, PostgreSQL, Redis, S3QL, and SMB.

Brand Impersonation Scams See Massive Growth in Middle East & Africa

According to a report by DarkReading, brand impersonation scams saw a massive 135% increase in the Middle East and Africa over the past year. The most common targets were companies involved in finance, telecommunications, and logistics.

Brand impersonation scams have been going on since the dawn of the internet. They occur when a brand’s image or logo is appropriated to trick individuals into giving up funds or sensitive information.

Scammers are using domains and social media accounts to not only reach a larger number of potential victims but also to evade counteraction measures. The scam-as-a-service affiliate program Classiscam has seen notable growth in the region.

There has also been a notable increase in scam resources hosted on the .tk domain, which doesn’t charge to register websites. The “.tk” stands for Tokelau, a territory in New Zealand. The domain accounts for 38.8% of all scam resources examined by experts in the second half of 2022.

In total, such scams caused more than $55 billion in damages globally last year.

Ransomware Costs Financial Services Sector $32 Billion in 5 Years

Global financial services organizations have lost over $32bn in downtime since 2018 due to ransomware breaches, Infosecurity Magazine reported. According to an analysis of 225 confirmed attacks by UK security company Comparitech, the average organization loses two weeks in downtime due to each incident.

The firm determined the costs using a 2017 report that set downtime costs across 20 sectors at $8,662 per minute. However, some studies have put this figure much higher in some sectors. For example, one study set downtime costs at $9.3 million per hour in the banking sector.

Within the analyzed period, insurance companies reported the highest number of ransomware attacks.

Demands from ransomware attacks varied. Some firms demanded relatively small amounts, such as $180,000. Others demanded tens of millions of dollars.

Cybersecurity Updates

Industry Groups Call for Changes to EU Cyber Resiliency Act

Multiple IT and tech industry groups have issued a list of recommendations for improving the EU Cyber Resiliency Act (CRA), CSO Magazine reported. The legislation is currently being crafted by EU co-legislators—a process that started in 2021.

The groups have urged legislators “not to prioritize speed over quality in finalizing their positions to avoid unintended outcomes.”

The EU is attempting to set new cybersecurity requirements for products with digital components. The new legislation will bolster rules for hardware and software to protect both consumers and businesses from “inadequate security features.”

The recommendations from industry groups relate mostly to the clarity of the rules. The groups also believe “as-a-service” products involving software, platforms, and infrastructures should not be considered within the scope of the CRA.

Microsoft Patches 4 Zero-Days

Microsoft has patched more than 100 vulnerabilities in its software, according to a report by Naked Security by Sophos. The patches include fixes for four zero-day vulnerabilities and “finally take action against crimeware kernel drivers.”

The report recommends patching these issues as soon as possible, as “crooks are going to focus their attention on the stragglers against whom these now-patched attacks are still effective.”

The zero-day bugs would allow criminals to present users with booby-trapped web URLs in their browsers and malicious email content in Outlook without triggering warnings from Microsoft’s products. Since users have come to expect security warnings, bypassing them could lead to employees inadvertently installing malware or revealing sensitive data.

Cybersecurity Tips

CSO Magazine suggests that you must do more than secure your software—You must also pay close attention to patching your enterprise hardware and devices.

According to a study of 19 million real-world enterprise devices, some of the “riskiest” devices come from a variety of industries, including IT and healthcare. The risky devices include VPN gateways, security appliances, network attached storage (NAS) boxes, out-of-band management (OOBM) platforms, engineering workstations, remote terminal units (RTUs), and blood glucose monitors.

Overall, the study tracked more than 4,000 vulnerabilities across various enterprise devices. The majority of the vulnerabilities (78%) impacted IT devices such as computers and servers.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.




Subscribe to our Newsletter

* indicates required