ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover:
- Adam and the team discuss more SolarWinds updates – what’s the latest?
- Kim talks CISA security advisory – trends in recent attacks and cyber hygiene
- Dylan dives into new ransomware attack on IObit – how threat actors spread the malware to its members
CISA issues guidance for defense against cloud-based attacks
On 13 Jan 2021, CISA published an analysis report that provided guidance for strengthening security configurations to defend against cloud service attacks. The report warned that threat actors are using phishing to exploit poor cyberhygiene practices and harvest credentials for cloud service accounts. To defend against such attacks, CISA provided 24 recommendations that would provide a robust security posture for organizations using cloud hosting services.
FBI warns of vishing attacks targeting corporate VPN credentials
On 14 Jan 2021, the FBI issued a Private Industry Notification (PIN) alert, warning that cybercriminals are focusing on targeting corporate employees in vishing attacks. Potential victims are scouted through cloud-based payroll services and chatrooms. During the most recent campaign, attackers tricked the targeted employees into logging in to a phishing webpage they controlled―usually a fake VPN2 login page, to harvest VPN usernames and passwords. It is realistically possible that similar campaigns will be observed in the short-term future.
New Ursnif version phishing furiously for Italian victims
On 12 Jan 2021, security researchers reported that the banking trojan “Ursnif” (aka Gozi) has been observed continuously targeting Italy over the past year. Researchers detected a phishing campaign that was spreading a new version of Ursnif via macro-loaded Microsoft Word attachments. The phishing email was written in Italian and masqueraded as a payment reminder, luring victims into opening the file attachments. Once Ursnif had a foothold on a victim’s device, it collected sensitive information, such as usernames and passwords. Ursnif campaigns will likely continue to be observed in the short-term future.
For more details, read the full Weekly Intelligence Summary here: