Fancy Bear At Work

The Ukraine Computer Emergency Response Team (CERT-UA) has just issued a new security warning after discovering a cyber attack campaign carried out by the APT28 threat group, also known as Fancy Bear. The Fancy Bear group is  associated to the Russian military intelligence operations. 

The CERT-UA warning, number CERT-UA11689, describes an ongoing investigation into a phishing campaign using emails that contain a database table, and a link that delivers what appears to be a Google reCAPTCHA bot-detection dialogue box.

The frequency of these anti-bot CAPTCHA tools has reduced considerably for most users, in no small part by the sheer number of browser extensions that help to defeat them and the likes of iOS using Apple’s server-based automatic verification system to bypass the need to complete them yourself. However, it’s not an unexpected event when one does appear and, something that the Fancy Bear threat group is relying upon, certainly not something that would arouse suspicion in the user. If anything, it’s the opposite: the use of such an anti-bot defence tends to suggest a trustworthy outcome rather than a dangerous one.

CERT-UA said that ticking the check-box asking for confirmation in response to the “I am not a robot” question will initiate a malicious PowerShell command instruction to the user’s clipboard.

As well as the latest AI developments creating a potential threat to cybersecurity, these are other common types of cyber attacks which you should be aware of to protect your business, including:

Malware

Malware is a program or code that is intended to harm a computer, network or server. This is considered one of the most common types of cyber attack, with an estimated 72% of businesses affected by malware attacks in 2023. There are many different types of malware attack including ransomware, trojans, viruses and bots.  The most common malware attacks you must protect against include:-

  • Ransomware: The victim’s data is encrypted and a decryption key is offered in exchange for a large payment. Sometimes, even when payment is made, the data is not retrieved. 
  • Trojans: Trojans are malware that leads to a legitimate looking software or free download often through bait websites.
  •  Adware: Spyware is used to monitor user’s activity online and produce ads that are relevant with the intention of encouraging them to click on the malicious ad.
  • Botnet: This is a network of computers that are infected with malware, controlled by a ‘bot herder’ – a person who operates the infrastructure to launch attacks.  

Denial of Service Attacks

Another common and potentially dangerous cyber attack is a DOS (Denial of Service) attack. This is where attacks target company networks with the intent of overloading or crashing them. Any data lost or stolen is hard to to recover as company systems can become completely unusable during the attack. These attacks work by launching an overwhelming amount of requests to the server in order for the network to crash or become unresponsive. If you are interested in finding out more about DOS attacks. 

Phishing

In 2022, 82% of businesses reported that they were subject to phishing attacks, making it the most commonly reported cyber attack. Phishing attacks occur when someone with malicious intent tries to trick users into performing a dangerous action, such as clicking a link that will download malware or entering a malicious website. These actions can be completed through several different methods such as text, email and social media. 

Spoofing

Criminals can pose online as a trusted source, commonly in one of the following three forms:

  • Domain Spoofing: This is where attackers impersonate a trusted business or individual with a fake website or email address to appear trustworthy. 
  • Email Spoofing: Email spoofing is where criminals target businesses with a fake email address that appears trustworthy. 
  • ARP Spoofing: This form of spoofing attack is used to intercept data between a device and the intended recipient. 

Identity Based Attacks

Identity based attacks are very hard to identify, meaning the time spent recovering stolen data is longer than most other cyber attacks. This is due to the attacker appearing as close to the legitimate user’s normal online behaviour. Examples of this attack are man-in-the-middle attacks, golden ticket attacks and credential harvesting. 

Code Injection Attacks

This is where attackers inject malicious code into vulnerable devices and networks to change its course of action. With the new AI threats, it is expected that this type of attack will rise in frequency over the next few years as malicious code can be produced a lot faster. 

Supply Chain Attacks

This type of cyber attack targets supply chains through trusted third-party vendors who offer services or software. Attacks inject harmful code into applications to infect users of a piece of software or compromise physical components in a hardware supply chain attack. 

Insider Threats

Insider threats relate to current and previous employees that have access to the company systems and any data the company owns. If they have been trained on the company processes, they could create a tailored attack that leaves the business exposed.

Protecting Your Business From Cyber Attacks

One of the best ways to prepare for and prevent cyber crime in your business is to train all employees and have policies in place for if an attack occurs. 

This can be through making sure only the appropriate members of staff have access to sensitive data, strong passwords including biometrics and having security software installed on all devices throughout the company. 

Ensure all devices and systems used within the organisation are up to date with the latest protective measures against the ever evolving cyber threats. 

CERT-UA   |    Google   |   Gov.UK   |   Forbes   |   Fortinet   |     NEBR Centre   |    Security Intelligence 

Image: 

You Might Also Read: 

Russian Hackers Exploit Mobile Browser Vulnerabilities:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Empowering Employees To Prevent Data Leaks
Network Pen Testing Is A Cybersecurity Secret Weapon »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.