The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- SAP applications under attack: Adversaries are exploiting critical vulnerabilities in SAP software.
- Facebook data breach: Personal details of 533 million Facebook users posted on a hacker forum.
- Hey teacher, leave those links alone: Educational institutions continue to be targeted in a surge of ransomware incidents.
- Social engineering round-up: Actors continue to find new ways to exploit and extort victims.
- Credit card hide-out: Magecart skimmers stow stolen data in .JPEG files.
- Covid fraud latest: Scammers sell fake Covid vaccination cards.
SAP applications under attack
- Attackers are exploiting mission-critical vulnerabilities in unpatched SAP applications. Affected companies are being slow to fix the critical issues, threatening exposure to data theft, financial fraud, and ransomware.
- The timeframe for patching vulnerabilities is short. Attackers are weaponising exploits less than 72 hours after public disclosure — timely patching is vital.
- SAP applications are an attractive target. More than 400,000 organisations and 77% of the world’s transactional revenue utilises an SAP system.
SO WHAT? Review the security configuration of your SAP environment, conduct a compromise assessment, and apply all available patches.
Facebook data breach
- 533 million users affected in Facebook data leak. Adversaries ‘scraped’ personal data of half a billion users back in 2019 by taking advantage of a feature designed to help people easily find friends using contact lists.
- The stolen data was posted on a hacker forum. Although the data did not include passwords or financial information, it did include phone numbers, birth dates, and email addresses.
SO WHAT? Threat actors can leverage exposed phone numbers to conduct voice phishing—vishing—attacks. Ensure your employee security awareness training covers vishing.
Hey teacher, leave those links alone
- Educational institutions remain a prime target for ransomware operators. Recent incidents include a Conti attack on the Florida School District; Clop attacks targeting the universities of Colorado and Miami; attacks on several large universities in California; and two universities in Ireland by undisclosed actors.
- The latest data from S-RM’s incident response team shows phishing or exploiting exposed remote access services remain the entry methods of choice for most ransomware attacks.
SO WHAT? Attacks can escalate from phishing to ransomware very quickly. Educational institutions should prioritise effective mail security solutions.
Social engineering round-up
- Cybercriminals increasingly use a malicious document builder service called EtterSilent to distribute malware, by embedding harmful macros in Microsoft Office documents. The service costs around USD 9 to create a document containing a malicious macro that bypasses detection tools.
- APT group ‘APT-C-23’ uses voice-changing software MorphVox to impersonate women during spear-phishing attacks. The group leverages the popular voice-changing tool to better coerce victims into installing malware onto their systems.
SO WHAT? Never enable macros when viewing documents originating from untrusted sources, especially from email attachments.
Magecart skimmers stow stolen data in .JPEG
- Magecart e-skimming actors are leveraging .JPEG files to stow skimmed credit card data on their victim’s site. This new tactic allows the attackers to hide any stolen card data on the compromised website, in this case a Magento site, for future use.
- New methods to evade detection key for survival of e-skimming. The various threat groups specialised in e-skimming, collectively known as Magecart, are continuously seeking novel ways to outwit their victims.
SO WHAT? Prevent initial online store compromise by ensuring patches for your e-commerce software are up to date.
Covid-19 fraud latest
- Scammers are selling fake Covid-19 vaccination cards for USD 20 via Shopify-backed online stores. The cards enable the buyer to pretend they have received a vaccine, as lockdowns ease.
- Around 13% of Americans say they will refuse a vaccine. By developing these cards, fraudsters are capitalising on anti-vaccine sentiment.
SO WHAT? As the pandemic evolves, we will continue to see fraudsters leveraging Covid-19 to make money in novel ways.