fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Warns of the Evolution of Six Iranian Hacking Groups

Microsoft Warns of the Evolution of Six Iranian Hacking Groups

The Microsoft Threat Intelligence Center (MSTIC) has presented an analysis of the evolution of several Iranian threat actors at the CyberWarCon 2021, and their findings show increasingly sophisticated attacks.

Since September 2020, Microsoft has been tracking six Iranian hacking groups deploying ransomware and exfiltrating data to cause disruption and destruction for victims.

Over time, these hacking groups have evolved into competent threat actors capable of conducting cyber-espionage, using multi-platform malware, disrupting operations with wipers and ransomware, carrying out phishing and password spraying attacks, and even setting up sophisticated supply chain operations.

Also Read: 10 Practical Benefits of Managed IT Services

Timeline of Iranian actors' activity
Timeline of Iranian actors’ activity
Source: Microsoft

All of these groups deploy ransomware to achieve their objectives and were deployed in waves, usually six to eight weeks apart.

This year, Microsoft observed the actors scanning for many vulnerabilities, including those targeting Fortinet FortiOS SSL VPN, Microsoft Exchange Servers vulnerable to ProxyShell, and more.

It is estimated that by scanning for unpatched Fortinet VPN systems alone, the actors obtained over 900 valid credentials in plain text form so far this year.

Patient credential harvesting

Another trend that has emerged this past year is an upgraded level of patience and persistence in social engineering campaigns, indicative of a sophisticated actor.

Previously, actors like Phosphorus (Charming Kitten) were sending unsolicited emails with malicious links and laced attachments, a bulk tactic that had limited success.

Now, Phosphorus follows the time-consuming path of “interview invitations,” a method ushered by the North Korean hacking group “Lazarus.”

During these attacks, Phosphorus actors call the targets and walk them through clicking on credential harvesting pages as part of the interview process.

Also Read: What is Pentest Report? Here’s A Walk-through

A new group that follows equally patient tactics is called “Curium,” and Microsoft’s analysts say this actor leverages an extensive network of fake social media accounts, usually masqueraded as attractive women.

They contact the targets and build rapport over some time, chatting daily and winning their trust.

Then, one day, they send a malicious document that looks similar to benign files sent previously, resulting in stealthy malware drops.

A similar tactic was used by the hacking group linked to Hamas, who created fake dating apps to lure Israel Defence Forces (IDF) into installing malware-laced mobile apps.

It is unclear if these two campaigns are linked.

Brute forcing a way in

Although some actors move more methodically, others prefer to use “brute force” attacks to obtain access to Office 365 accounts aggressively.

One such threat actor is DEV-0343, who was seen targeting US defense tech companies and running massive password spraying attacks last month.

Microsoft reports that DEV-0343 moves a lot quicker than the groups mentioned above, typically gaining access to the target accounts on the same day.

Also, the researchers have seen overlaps such as the simultaneous targeting of specific accounts by both DEV-0343 and ‘Europium’ operators, clear evidence of coordinated action.

Iranian hackers continue to evolve

Microsoft has been tracking Iranian actors since almost a decade ago, and the tech giant has had some success in taking parts of their infrastructure offline.

Despite these efforts, Phosphorus has managed to deliver significant blows, with a notable example being the hacking of high-ranking officials in October last year.

MSTIC’s most recent observations underline that Phosphorus is not only alive and well, but a shape-shifting threat backed by collaborators of unprecedented pluralism.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us