header image

Cyber Intelligence Briefing: 9 April 2021

Billy Gouveia, Mona Damian 9 April 2021
9 April 2021    Billy Gouveia, Mona Damian

CHALLENGING INSECURITY: A ROADMAP TO CYBER CONFIDENCE

In our latest report, we demystify the drivers of insecurity among cyber security professionals, in so doing, mapping a path to cyber confidence.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.

 

OVERVIEW


SAP applications under attack

  • Attackers are exploiting mission-critical vulnerabilities in unpatched SAP applications. Affected companies are being slow to fix the critical issues, threatening exposure to data theft, financial fraud, and ransomware.
  • The timeframe for patching vulnerabilities is short. Attackers are weaponising exploits less than 72 hours after public disclosure — timely patching is vital.
  • SAP applications are an attractive target. More than 400,000 organisations and 77% of the world’s transactional revenue utilises an SAP system.

 SO WHAT?  Review the security configuration of your SAP environment, conduct a compromise assessment, and apply all available patches.


Facebook data breach

  • 533 million users affected in Facebook data leak. Adversaries ‘scraped’ personal data of half a billion users back in 2019 by taking advantage of a feature designed to help people easily find friends using contact lists.
  • The stolen data was posted on a hacker forum. Although the data did not include passwords or financial information, it did include phone numbers, birth dates, and email addresses.

 SO WHAT?  Threat actors can leverage exposed phone numbers to conduct voice phishing—vishing—attacks. Ensure your employee security awareness training covers vishing.


Hey teacher, leave those links alone

  • Educational institutions remain a prime target for ransomware operators. Recent incidents include a Conti attack on the Florida School District; Clop attacks targeting the universities of Colorado and Miami; attacks on several large universities in California; and two universities in Ireland by undisclosed actors.
  • The latest data from S-RM’s incident response team shows phishing or exploiting exposed remote access services remain the entry methods of choice for most ransomware attacks.

 SO WHAT?  Attacks can escalate from phishing to ransomware very quickly. Educational institutions should prioritise effective mail security solutions.


Social engineering round-up

  • Cybercriminals increasingly use a malicious document builder service called EtterSilent to distribute malware, by embedding harmful macros in Microsoft Office documents. The service costs around USD 9 to create a document containing a malicious macro that bypasses detection tools.
  • APT group ‘APT-C-23’ uses voice-changing software MorphVox to impersonate women during spear-phishing attacks. The group leverages the popular voice-changing tool to better coerce victims into installing malware onto their systems.

 SO WHAT?  Never enable macros when viewing documents originating from untrusted sources, especially from email attachments.


Magecart skimmers stow stolen data in .JPEG

  • Magecart e-skimming actors are leveraging .JPEG files to stow skimmed credit card data on their victim’s site. This new tactic allows the attackers to hide any stolen card data on the compromised website, in this case a Magento site, for future use.
  • New methods to evade detection key for survival of e-skimming. The various threat groups specialised in e-skimming, collectively known as Magecart, are continuously seeking novel ways to outwit their victims.

 SO WHAT?  Prevent initial online store compromise by ensuring patches for your e-commerce software are up to date.


Covid-19 fraud latest

  • Scammers are selling fake Covid-19 vaccination cards for USD 20 via Shopify-backed online stores. The cards enable the buyer to pretend they have received a vaccine, as lockdowns ease.
  • Around 13% of Americans say they will refuse a vaccine. By developing these cards, fraudsters are capitalising on anti-vaccine sentiment.

 SO WHAT?  As the pandemic evolves, we will continue to see fraudsters leveraging Covid-19 to make money in novel ways.

 

Cyber Threat Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Billy Gouveia
Billy gouveia Senior Managing Director Email Billy
Mona Damian
Mona damian Senior Analyst Email Mona

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report