Rewterz – Threat Intelligence Report 2020
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Advanced Persistent Threats
THREAT RESEARCH Defending Against Advanced Persistent Threats Introduction As the name “Advanced” suggests, APT (advanced persistent threat) is one of the most sophisticated and organized forms of network attacks that keep cybersecurity professionals up at night. Unlike many hit & run traditional cyberattacks, an APT is carried out over a prolonged period of time by skilled threat actors who strategize multi-staged campaigns against their targets, employing clandestine tools & techniques such as Remote Administration Tools (RAT), Toolkits, Backdoor Trojans, Social Engineering, DNS Tunneling etc. These experienced cybercriminals are mostly backed & well-funded by nation states and corporation-backed organizations to specifi cally target high value organizations with the following objectives in mind: a Theft of Intellectual Property & classifi ed data i.e. Cyber Espionage a Access to critical & sensitive communications a Access to credentials of critical systems a Sabotage or exfi ltration of databases a Theft of Personal Identifi able Information (PII) a Access to critical infrastructure to perform internal reconnaissance To achieve the above goals, APT Groups use novel techniques to obfuscate their actions and easily bypass traditional security barriers that are not advancing at the same rate as the sophisticated attack patterns of cybercriminals. To understand the evolved behavioral pattern of APT Groups in the year 2020, a review of their latest activities revealed interesting developments and a few groundbreaking events¹: a Southeast Asia -
What Every CEO Needs to Know About Cybersecurity
What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges. -
Security News Digest July 25, 2017
Security News Digest July 25, 2017 Canada will remain where it is for a long time to come, but the Canada’s Security Scene Quiz will move to the Information Security Awareness previous quizzes page at the end of July. Watch this space for the August feature! August 1st is acknowledged across the globe as World Wide Web Day! World Wide Web Day, marks the birth of the Web in August 1990 at the Europe Laboratory for Particle Physics (CERN) in Switzerland. Tim Berners-Lee and Robert Cailliau developed a prototype Web browser and introduced Hypertext Markup Language, HTML. The first ever website was published on August 6, 1991 and served up a page explaining the World Wide Web project and giving information on how users could setup a web server and how to create their own websites and web pages, as well as how they could search the web for information. The URL for the first ever web page put up on the first ever website was http://info.cern.ch/hypertext/WWW/TheProject.html The World Wide Web ('WWW' or simply the 'Web') is a global information medium which users can read and write via computers connected to the Internet. The term [web] is often mistakenly used as a synonym for the Internet itself, but the Web is a service that operates over the Internet, just as e-mail also does. The history of the Internet dates back significantly further than that of the World Wide Web. On July 21st, the Google “Doodle” honoured Canadian Marshall McLuhan! [“the Medium is the Message”] Who is Marshall McLuhan? Meet the Canadian Media Theorist Who Predicted the Internet http://nationalpost.com/news/canada/who-is-marshall-mcluhan-how-a-canadian-media-theorist-predicted-the- internet/wcm/194cb7e2-e778-4780-9aba-6eb94831fcc5 Canadian professor Marshall McLuhan rose to prominence as a media theorist while teaching at the University of Toronto in the 1960s. -
13Th International Conference on Cyber Conflict: Going Viral 2021
2021 13th International Conference on Cyber Confict: Going Viral T. Jančárková, L. Lindström, G. Visky, P. Zotz (Eds.) 2021 13TH INTERNATIONAL CONFERENCE ON CYBER CONFLICT: GOING VIRAL Copyright © 2021 by NATO CCDCOE Publications. All rights reserved. IEEE Catalog Number: CFP2126N-PRT ISBN (print): 978-9916-9565-4-0 ISBN (pdf): 978-9916-9565-5-7 COPYRIGHT AND REPRINT PERMISSIONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-proft or non-commercial purposes, providing that copies bear this notice and a full citation on the frst page as follows: [Article author(s)], [full article title] 2021 13th International Conference on Cyber Confict: Going Viral T. Jančárková, L. Lindström, G. Visky, P. Zotz (Eds.) 2021 © NATO CCDCOE Publications NATO CCDCOE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily refect the policy or the opinion of NATO Phone: +372 717 6800 CCDCOE, NATO, or any agency or any government. NATO CCDCOE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: [email protected] contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication. -
View Final Report (PDF)
TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor. -
Kaspersky Security Bulletin 2020. Statistics Kaspersky Security Bulletin 2020
Kaspersky Security Bulletin 2020. Statistics Kaspersky Security Bulletin 2020. Statistics Contents Figures of the year 3 Financial threats 4 Number of users attacked by banking malware 4 Attack geography 5 Top 10 financial malware families 6 Ransomware programs 7 Number of users attacked by ransomware Trojans 7 Attack geography 8 Miners 10 Number of users attacked by miners 10 Attack geography 11 Vulnerable applications used by cybercriminals during cyber attacks 12 Attacks on macOS 14 Threat geography 15 IoT attacks 17 IoT threat statistics 17 Threats loaded into traps 19 Attacks via web resources 20 Countries that are sources of web-based attacks: 20 Countries where users faced the greatest risk of online infection 21 Top 20 malicious programs most actively used in online attacks 22 Local threats 24 Top 20 malicious objects detected on user computers 24 Countries where users faced the highest risk of local infection 25 2 Kaspersky Security Bulletin 2020. Statistics Figures of the year • During the year, 10.18% of Internet user computers worldwide experienced at least one Malware-class attack. • Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world. • 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus. • Our Web Anti-Virus blocked 33,412,568 unique malicious objects. • Ransomware attacks were defeated on the computers of 549,301 unique users. • During the reporting period, miners attacked 1,523,148 unique users. • Attempted infections by malware designed to steal money via online access to bank accounts were logged on the devices of 668,619 users. -
Regional Advanced Threat Report Europe, Middle East and Africa — 2H2015
REGIONAL ADVANCED THREAT REPORT EUROPE, MIDDLE EAST AND AFRICA — 2H2015 SPECIAL REPORT CONTENTS Executive Summary 3 Definitions 5 Advanced Targeted Threat Detection 6 Country Analysis 6 Targeted Malware Families 7 Vertical Analysis 9 Cyber Crime Analysis 11 Dominant Exploit Kits 11 Increased Use of Macros 11 Expanded Use of Ransomware 12 Point-of-Sale Malware 14 Conclusion and Recommendations 15 SPECIAL REPORT / REGIONAL ADVANCED THREAT REPORT 2 EXECUTIVE SUMMARY INTRODUCTION This report provides you with unique insights into Europe, Middle East and Africa’s (EMEA’s) threat landscape for the second half of 2015. For years, over 95% of businesses have unknowingly hosted compromised PCs within their corporate networks, and that has not changed. During our assessment, we identified all types of threat actors compromising our customers’ networks, including suspected nation-state-backed actors looking to conduct cyber espionage, cybercriminals and hacktivists looking to make a statement. This Regional Advanced Threat Report for EMEA provides an overview of the advanced targeted threats against computer networks that FireEye discovered during the second half of 2015. It is a follow-up to the Advanced Threat Report for EMEA 1H2015. SPECIAL REPORT / REGIONAL ADVANCED THREAT REPORT 3 Turkey, Spain, Israel, Luxembourg and Germany are the countries most targeted with advanced attacks. Motivated by many objectives, threat actors’ capabilities are evolving to be able to steal personal data and business strategies, gain a competitive advantage or degrade operational reliability. This report summarizes 2H2015 data gleaned from the FireEye Dynamic Threat Intelligence (DTI) cloud. The threat landscape has undergone dramatic changes between the first and second half of 2015. -
Retaliation by Iranian Attack Groups
Security Brief In the Aftermath of the Assassination: Fear of Cyber- Retaliation by Iranian Attack Groups The Radiflow Cyber-research team (C) 2019 Radiflow LTD. All Rights Reserved. IN THE AFTERMATH OF THE ASSASSINATION: FEAR OF CYBER-RETALIATION BY IRANIAN ATTACK GROUPS TARGETING OT AND IT NETWORKS CYBER ATTACKS ARE LIKELY – AND THEY’RE NOT LIMITED TO IT NETWORKS One of the likely consequences of the recent tension in the Middle East is retaliatory cyber attacks against US and Western interests, possibly by Iranian-nexus groups well-known to cyber-security community – APT33, Oilrig and others. These groups are able to leverage their presence and foothold in victims’ networks to carry out disruptive cyber attacks in the form of data manipulation, disk drive wiping and such; alternately, threat actors may well attack newly-identified targets. (See also timeline of disk-drive wiping attacks, below.) Other scenarios include leaking sensitive and personal data, as in the case of Iranian- attributed cyber-espionage groups such as APT39, or DDoS attacks against government institutions, financial and other national critical systems, similar to the 2013 “Operation Ababil” attacks against US financial institutions. HACKER GROUPS (IRANIAN AND OTHER) ARE SHIFTING FROM IT TO OT While most warnings focus on attacks against IT networks, there have been clear indications that Iranian threat actors have crossed over into OT production & automation systems, including the infamous “Shamoon” attacks against Saudi and other Gulf states infrastructures (IBM X-Force has also detected a new destructive wiper called ZeroCleare, which bears similarity to the Shamoon malware, and is suspected to have been used by another Iran-based group to target national energy and industrial Middle East.) OT (ICS/SCADA/IIoT) networks are by and large much less protected and much more exposed to attacks than IT networks, especially networks with devices that hadn’t been designed with security in mind. -
Advanced Cyber Security Techniques (PGDCS-08)
Post-Graduate Diploma in Cyber Security Advanced Cyber Security Techniques (PGDCS-08) Title Advanced Cyber Security Techniques Advisors Mr. R. Thyagarajan, Head, Admn. & Finance and Acting Director, CEMCA Dr. Manas Ranjan Panigrahi, Program Officer (Education), CEMCA Prof. Durgesh Pant, Director-SCS&IT, UOU Editor Mr. Manish Koranga, Senior Consultant, Wipro Technologies, Bangalore Authors Block I> Unit I, Unit II, Unit III & Unit Mr. Ashutosh Bahuguna, Scientist- Indian IV Computer Emergency Response Team (CERT-In), Department of Electronics & IT, Ministry of Communication & IT, Government of India Block II> Unit I, Unit II, Unit III & Unit Mr. Sani Abhilash, Scientist- Indian IV Computer Emergency Response Team Block III> Unit I, Unit II, Unit III & Unit (CERT-In), Department of Electronics & IT, IV Ministry of Communication & IT, Government of India ISBN: 978-93-84813-95-6 Acknowledgement The University acknowledges with thanks the expertise and financial support provided by Commonwealth Educational Media Centre for Asia (CEMCA), New Delhi, for the preparation of this study material. Uttarakhand Open University, 2016 © Uttarakhand Open University, 2016. Advanced Cyber Security Techniques is made available under a Creative Commons Attribution Share-Alike 4.0 Licence (international): http://creativecommons.org/licenses/by-sa/4.0/ It is attributed to the sources marked in the References, Article Sources and Contributors section. Published by: Uttarakhand Open University, Haldwani Expert Panel S. No. Name 1 Dr. Jeetendra Pande, School of Computer Science & IT, Uttarakhand Open University, Haldwani 2 Prof. Ashok Panjwani, Professor, MDI, Gurgoan 3 Group Captain Ashok Katariya, Ministry of Defense, New Delhi 4 Mr. Ashutosh Bahuguna, Scientist-CERT-In, Department of Electronics & Information Technology, Government of India 5 Mr. -
Bilan Cert-IST 2013
Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes -
CYBERSECURITY: the Greatest Hurdle of the 2016 Olympic Games INTRODUCTION
CYBERSECURITY: The Greatest Hurdle of the 2016 Olympic Games INTRODUCTION 1 Every two years, the world turns its collective attention to an event that has come to epitomize “International Olympic Committee Marketing Report: London 2012,” a rare moment in international co-existence. Underneath jerseys and face paint indicating Olympic Committee, 2012. Link national allegiance is an appreciation for talent and hard work, regardless of state origin. Amid the fiercest competition in the world emerges a sense of humanistic unity in both athletics and beyond. For seventeen days this August, Olympic fervor will begin all over again. Preparing for an event that attracts 7.5 million ticketed spectators and 3.5 billion television viewers1 is no small feat for any city, even for highly industrialized hosts such as London and Beijing. As the first South American country to host an Olympic Games, Brazil carries the reputation of an entire region on its shoulders. Amid this pressure, Brazil is also faced with a host of internal issues. Rampant corruption, economic collapse, and the Zika virus threaten to launch Brazil into utter chaos. Amid these immediate and pressing challenges, however, lies a more covert concern. Brazil’s insufficient cybersecurity infrastructure, coupled with the world’s attention, make the 2016 Rio de Janeiro Olympic Games a perfect target for cybercriminals. graquantum.com infograquantum.com This paper explores Brazil’s existing cyber landscape, including its status both regionally and globally. It will begin by examining the history of cybercrime in Brazil and its existing Internet infrastructure. It will then contextualize Brazil’s unique cyber landscape in the context of the Olympic Games, including comparisons with previous and future host countries, and efforts to secure Brazil’s cyber architecture specific to the games. -
Iranian Cyber-Activities in the Context of Regional Rivalries and International Tensions
CSS CYBER DEFENSE PROJECT Hotspot Analysis: Iranian cyber-activities in the context of regional rivalries and international tensions Zürich, May 2019 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Iranian cyber-activities in the context of regional rivalries and international tensions Authors: Marie Baezner © 2019 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group Myriam Dunn Cavelty, Deputy Head for Research and Teaching, Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie (2019): Hotspot Analysis: Iranian cyber-activities in context of regional rivalries and international tensions, May 2019, Center for Security Studies (CSS), ETH Zürich. 1 Iranian cyber-activities in the context of regional rivalries and international tensions Table of Contents 1 Introduction 4 2 Background and chronology 5 3 Description 9 3.1 Attribution and actors 9 Iranian APTs 9 Iranian patriotic hackers 11 Western actors 12 3.2 Targets 12 Iranian domestic targets 12 Middle East 12 Other targets 13 3.3 Tools and techniques 13 Distributed Denial of Service (DDoS) attacks 13 Fake personas, social engineering and spear phishing 13