Fancy Bear At Work

Uploaded on 2024-11-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The Ukraine Computer Emergency Response Team (CERT-UA) has just issued a new security warning after discovering a cyber attack campaign carried out by the APT28 threat group, also known as Fancy Bear. The Fancy Bear group is  associated to the Russian military intelligence operations. 

The CERT-UA warning, number CERT-UA11689, describes an ongoing investigation into a phishing campaign using emails that contain a database table, and a link that delivers what appears to be a Google reCAPTCHA bot-detection dialogue box.

The frequency of these anti-bot CAPTCHA tools has reduced considerably for most users, in no small part by the sheer number of browser extensions that help to defeat them and the likes of iOS using Apple’s server-based automatic verification system to bypass the need to complete them yourself. However, it’s not an unexpected event when one does appear and, something that the Fancy Bear threat group is relying upon, certainly not something that would arouse suspicion in the user. If anything, it’s the opposite: the use of such an anti-bot defence tends to suggest a trustworthy outcome rather than a dangerous one.

CERT-UA said that ticking the check-box asking for confirmation in response to the “I am not a robot” question will initiate a malicious PowerShell command instruction to the user’s clipboard.

As well as the latest AI developments creating a potential threat to cybersecurity, these are other common types of cyber attacks which you should be aware of to protect your business, including:

Malware

Malware is a program or code that is intended to harm a computer, network or server. This is considered one of the most common types of cyber attack, with an estimated 72% of businesses affected by malware attacks in 2023. There are many different types of malware attack including ransomware, trojans, viruses and bots.  The most common malware attacks you must protect against include:-

  • Ransomware: The victim’s data is encrypted and a decryption key is offered in exchange for a large payment. Sometimes, even when payment is made, the data is not retrieved. 
  • Trojans: Trojans are malware that leads to a legitimate looking software or free download often through bait websites.
  •  Adware: Spyware is used to monitor user’s activity online and produce ads that are relevant with the intention of encouraging them to click on the malicious ad.
  • Botnet: This is a network of computers that are infected with malware, controlled by a ‘bot herder’ – a person who operates the infrastructure to launch attacks.  

Denial of Service Attacks

Another common and potentially dangerous cyber attack is a DOS (Denial of Service) attack. This is where attacks target company networks with the intent of overloading or crashing them. Any data lost or stolen is hard to to recover as company systems can become completely unusable during the attack. These attacks work by launching an overwhelming amount of requests to the server in order for the network to crash or become unresponsive. If you are interested in finding out more about DOS attacks. 

Phishing

In 2022, 82% of businesses reported that they were subject to phishing attacks, making it the most commonly reported cyber attack. Phishing attacks occur when someone with malicious intent tries to trick users into performing a dangerous action, such as clicking a link that will download malware or entering a malicious website. These actions can be completed through several different methods such as text, email and social media. 

Spoofing

Criminals can pose online as a trusted source, commonly in one of the following three forms:

  • Domain Spoofing: This is where attackers impersonate a trusted business or individual with a fake website or email address to appear trustworthy. 
  • Email Spoofing: Email spoofing is where criminals target businesses with a fake email address that appears trustworthy. 
  • ARP Spoofing: This form of spoofing attack is used to intercept data between a device and the intended recipient. 

Identity Based Attacks

Identity based attacks are very hard to identify, meaning the time spent recovering stolen data is longer than most other cyber attacks. This is due to the attacker appearing as close to the legitimate user’s normal online behaviour. Examples of this attack are man-in-the-middle attacks, golden ticket attacks and credential harvesting. 

Code Injection Attacks

This is where attackers inject malicious code into vulnerable devices and networks to change its course of action. With the new AI threats, it is expected that this type of attack will rise in frequency over the next few years as malicious code can be produced a lot faster. 

Supply Chain Attacks

This type of cyber attack targets supply chains through trusted third-party vendors who offer services or software. Attacks inject harmful code into applications to infect users of a piece of software or compromise physical components in a hardware supply chain attack. 

Insider Threats

Insider threats relate to current and previous employees that have access to the company systems and any data the company owns. If they have been trained on the company processes, they could create a tailored attack that leaves the business exposed.

Protecting Your Business From Cyber Attacks

One of the best ways to prepare for and prevent cyber crime in your business is to train all employees and have policies in place for if an attack occurs. 

This can be through making sure only the appropriate members of staff have access to sensitive data, strong passwords including biometrics and having security software installed on all devices throughout the company. 

Ensure all devices and systems used within the organisation are up to date with the latest protective measures against the ever evolving cyber threats. 

CERT-UA   |    Google   |   Gov.UK   |   Forbes   |   Fortinet   |     NEBR Centre   |    Security Intelligence 

Image: 

You Might Also Read: 

Russian Hackers Exploit Mobile Browser Vulnerabilities:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Empowering Employees To Prevent Data Leaks
Network Pen Testing Is A Cybersecurity Secret Weapon »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.