You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – Emotet Most Active Malware of Q1 2022

The infamous Emotet malware was the most common type of malware observed in the first quarter of 2022, according to analytics from the HP Wolf Security threat research team. The researchers found a 28-fold increase in detections resulting from Emotet malicious spam campaigns compared to the fourth quarter of 2021. Emotet represents 9 percent of all malware analyzed by the researchers. The Cybersecurity and Infrastructure Security Agency (CISA) described Emotet as one of the most destructive and costly malware to remediate.

Cyber Threat Actors are Creatures of Habit

From known and routinely exploited vulnerabilities to routinely exploited controls and practices, cyber threat actors often stick with what works and take the path of least resistance. While there are sophisticated threat groups that research vulnerabilities and develop new exploits and attack behaviors, many repeatedly use the same tactics over and over. Essentially, bad guys keep using the same methods, because the same methods keep working when organizations are slow to bolster their cybersecurity postures with recommended practices such as patching and credential hardening efforts.

FBI FLASH - Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code

The FBI has published a TLP:WHITE FLASH warning that cyber actors are scraping credit card data from U.S. business’ online checkout page and maintaining persistence on victims’ devices by injecting malicious php code. The FLASH indicates that since January of this year, unknown threat actors have stolen credit card data from an online U.S. business and sent the scraped data to an adversary-controlled server that spoofed a legitimate card processing server.

Establishing an Insider Threat Program

Insider threats are becoming a greater challenge for companies to deal with and yet many companies still do not have established programs for monitoring and responding to potential insider threats. According to the cybersecurity firm Tessian, insider threat incidents increased by 47 percent between 2018 and 2020 and insiders are responsible for around 22 percent of all security incidents. Therefore, as the threat grows, companies can help mitigate against potential incidents by establishing insider threat programs.

Ransomware Resilience – Identifying Precursor Activity to Stave Off a Ransomware Attack

To stay ahead of ransomware, organizations benefit by detecting other malicious activities that often precede the final deployment of a ransomware attack. More often than not, adversaries spend weeks to months on victims’ networks before the actual ransomware encryption code is executed. Therefore, when organizations prioritize proactive detection of malicious behaviors, the chance of succumbing to a ransomware attack will likely decrease.

Pages

Subscribe to Cybersecurity