Fancy Bear At Work

Uploaded on 2024-11-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The Ukraine Computer Emergency Response Team (CERT-UA) has just issued a new security warning after discovering a cyber attack campaign carried out by the APT28 threat group, also known as Fancy Bear. The Fancy Bear group is  associated to the Russian military intelligence operations. 

The CERT-UA warning, number CERT-UA11689, describes an ongoing investigation into a phishing campaign using emails that contain a database table, and a link that delivers what appears to be a Google reCAPTCHA bot-detection dialogue box.

The frequency of these anti-bot CAPTCHA tools has reduced considerably for most users, in no small part by the sheer number of browser extensions that help to defeat them and the likes of iOS using Apple’s server-based automatic verification system to bypass the need to complete them yourself. However, it’s not an unexpected event when one does appear and, something that the Fancy Bear threat group is relying upon, certainly not something that would arouse suspicion in the user. If anything, it’s the opposite: the use of such an anti-bot defence tends to suggest a trustworthy outcome rather than a dangerous one.

CERT-UA said that ticking the check-box asking for confirmation in response to the “I am not a robot” question will initiate a malicious PowerShell command instruction to the user’s clipboard.

As well as the latest AI developments creating a potential threat to cybersecurity, these are other common types of cyber attacks which you should be aware of to protect your business, including:

Malware

Malware is a program or code that is intended to harm a computer, network or server. This is considered one of the most common types of cyber attack, with an estimated 72% of businesses affected by malware attacks in 2023. There are many different types of malware attack including ransomware, trojans, viruses and bots.  The most common malware attacks you must protect against include:-

  • Ransomware: The victim’s data is encrypted and a decryption key is offered in exchange for a large payment. Sometimes, even when payment is made, the data is not retrieved. 
  • Trojans: Trojans are malware that leads to a legitimate looking software or free download often through bait websites.
  •  Adware: Spyware is used to monitor user’s activity online and produce ads that are relevant with the intention of encouraging them to click on the malicious ad.
  • Botnet: This is a network of computers that are infected with malware, controlled by a ‘bot herder’ – a person who operates the infrastructure to launch attacks.  

Denial of Service Attacks

Another common and potentially dangerous cyber attack is a DOS (Denial of Service) attack. This is where attacks target company networks with the intent of overloading or crashing them. Any data lost or stolen is hard to to recover as company systems can become completely unusable during the attack. These attacks work by launching an overwhelming amount of requests to the server in order for the network to crash or become unresponsive. If you are interested in finding out more about DOS attacks. 

Phishing

In 2022, 82% of businesses reported that they were subject to phishing attacks, making it the most commonly reported cyber attack. Phishing attacks occur when someone with malicious intent tries to trick users into performing a dangerous action, such as clicking a link that will download malware or entering a malicious website. These actions can be completed through several different methods such as text, email and social media. 

Spoofing

Criminals can pose online as a trusted source, commonly in one of the following three forms:

  • Domain Spoofing: This is where attackers impersonate a trusted business or individual with a fake website or email address to appear trustworthy. 
  • Email Spoofing: Email spoofing is where criminals target businesses with a fake email address that appears trustworthy. 
  • ARP Spoofing: This form of spoofing attack is used to intercept data between a device and the intended recipient. 

Identity Based Attacks

Identity based attacks are very hard to identify, meaning the time spent recovering stolen data is longer than most other cyber attacks. This is due to the attacker appearing as close to the legitimate user’s normal online behaviour. Examples of this attack are man-in-the-middle attacks, golden ticket attacks and credential harvesting. 

Code Injection Attacks

This is where attackers inject malicious code into vulnerable devices and networks to change its course of action. With the new AI threats, it is expected that this type of attack will rise in frequency over the next few years as malicious code can be produced a lot faster. 

Supply Chain Attacks

This type of cyber attack targets supply chains through trusted third-party vendors who offer services or software. Attacks inject harmful code into applications to infect users of a piece of software or compromise physical components in a hardware supply chain attack. 

Insider Threats

Insider threats relate to current and previous employees that have access to the company systems and any data the company owns. If they have been trained on the company processes, they could create a tailored attack that leaves the business exposed.

Protecting Your Business From Cyber Attacks

One of the best ways to prepare for and prevent cyber crime in your business is to train all employees and have policies in place for if an attack occurs. 

This can be through making sure only the appropriate members of staff have access to sensitive data, strong passwords including biometrics and having security software installed on all devices throughout the company. 

Ensure all devices and systems used within the organisation are up to date with the latest protective measures against the ever evolving cyber threats. 

CERT-UA   |    Google   |   Gov.UK   |   Forbes   |   Fortinet   |     NEBR Centre   |    Security Intelligence 

Image: 

You Might Also Read: 

Russian Hackers Exploit Mobile Browser Vulnerabilities:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Empowering Employees To Prevent Data Leaks
Network Pen Testing Is A Cybersecurity Secret Weapon »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.

Bytium

Bytium

Bytium provides top-tier IT services and solutions designed to empower everyone, from individuals to global corporations. Specializing in cybersecurity and proactive IT management.