Fancy Bear At Work

The Ukraine Computer Emergency Response Team (CERT-UA) has just issued a new security warning after discovering a cyber attack campaign carried out by the APT28 threat group, also known as Fancy Bear. The Fancy Bear group is  associated to the Russian military intelligence operations. 

The CERT-UA warning, number CERT-UA11689, describes an ongoing investigation into a phishing campaign using emails that contain a database table, and a link that delivers what appears to be a Google reCAPTCHA bot-detection dialogue box.

The frequency of these anti-bot CAPTCHA tools has reduced considerably for most users, in no small part by the sheer number of browser extensions that help to defeat them and the likes of iOS using Apple’s server-based automatic verification system to bypass the need to complete them yourself. However, it’s not an unexpected event when one does appear and, something that the Fancy Bear threat group is relying upon, certainly not something that would arouse suspicion in the user. If anything, it’s the opposite: the use of such an anti-bot defence tends to suggest a trustworthy outcome rather than a dangerous one.

CERT-UA said that ticking the check-box asking for confirmation in response to the “I am not a robot” question will initiate a malicious PowerShell command instruction to the user’s clipboard.

As well as the latest AI developments creating a potential threat to cybersecurity, these are other common types of cyber attacks which you should be aware of to protect your business, including:

Malware

Malware is a program or code that is intended to harm a computer, network or server. This is considered one of the most common types of cyber attack, with an estimated 72% of businesses affected by malware attacks in 2023. There are many different types of malware attack including ransomware, trojans, viruses and bots.  The most common malware attacks you must protect against include:-

  • Ransomware: The victim’s data is encrypted and a decryption key is offered in exchange for a large payment. Sometimes, even when payment is made, the data is not retrieved. 
  • Trojans: Trojans are malware that leads to a legitimate looking software or free download often through bait websites.
  •  Adware: Spyware is used to monitor user’s activity online and produce ads that are relevant with the intention of encouraging them to click on the malicious ad.
  • Botnet: This is a network of computers that are infected with malware, controlled by a ‘bot herder’ – a person who operates the infrastructure to launch attacks.  

Denial of Service Attacks

Another common and potentially dangerous cyber attack is a DOS (Denial of Service) attack. This is where attacks target company networks with the intent of overloading or crashing them. Any data lost or stolen is hard to to recover as company systems can become completely unusable during the attack. These attacks work by launching an overwhelming amount of requests to the server in order for the network to crash or become unresponsive. If you are interested in finding out more about DOS attacks. 

Phishing

In 2022, 82% of businesses reported that they were subject to phishing attacks, making it the most commonly reported cyber attack. Phishing attacks occur when someone with malicious intent tries to trick users into performing a dangerous action, such as clicking a link that will download malware or entering a malicious website. These actions can be completed through several different methods such as text, email and social media. 

Spoofing

Criminals can pose online as a trusted source, commonly in one of the following three forms:

  • Domain Spoofing: This is where attackers impersonate a trusted business or individual with a fake website or email address to appear trustworthy. 
  • Email Spoofing: Email spoofing is where criminals target businesses with a fake email address that appears trustworthy. 
  • ARP Spoofing: This form of spoofing attack is used to intercept data between a device and the intended recipient. 

Identity Based Attacks

Identity based attacks are very hard to identify, meaning the time spent recovering stolen data is longer than most other cyber attacks. This is due to the attacker appearing as close to the legitimate user’s normal online behaviour. Examples of this attack are man-in-the-middle attacks, golden ticket attacks and credential harvesting. 

Code Injection Attacks

This is where attackers inject malicious code into vulnerable devices and networks to change its course of action. With the new AI threats, it is expected that this type of attack will rise in frequency over the next few years as malicious code can be produced a lot faster. 

Supply Chain Attacks

This type of cyber attack targets supply chains through trusted third-party vendors who offer services or software. Attacks inject harmful code into applications to infect users of a piece of software or compromise physical components in a hardware supply chain attack. 

Insider Threats

Insider threats relate to current and previous employees that have access to the company systems and any data the company owns. If they have been trained on the company processes, they could create a tailored attack that leaves the business exposed.

Protecting Your Business From Cyber Attacks

One of the best ways to prepare for and prevent cyber crime in your business is to train all employees and have policies in place for if an attack occurs. 

This can be through making sure only the appropriate members of staff have access to sensitive data, strong passwords including biometrics and having security software installed on all devices throughout the company. 

Ensure all devices and systems used within the organisation are up to date with the latest protective measures against the ever evolving cyber threats. 

CERT-UA   |    Google   |   Gov.UK   |   Forbes   |   Fortinet   |     NEBR Centre   |    Security Intelligence 

Image: 

You Might Also Read: 

Russian Hackers Exploit Mobile Browser Vulnerabilities:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Empowering Employees To Prevent Data Leaks
Network Pen Testing Is A Cybersecurity Secret Weapon »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) protects Singapore from external threats and safeguards its interests in areas related to terrorism, cyber security, other transnational threats, and geopolitics

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Neptune Shield

Neptune Shield

Neptune Shield's mission is to deliver cutting edge Maritime focused Cyber Security & Threat Protection through our Hampton Roads based Tech & Cyber Security Hub.