The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT Groups, Data Breach, Mobile Malware, Router Vulnerabilities, Remote Access Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Group-IB: New Financially Motivated Attacks in Western Europe Traced to Russian-Speaking Threat Actors
(published: March 27, 2020)
Group-IB researchers have identified successful attacks against Western Europe from January 2020. Attributed to Silence and TA505, the attacks targeted pharmaceutical and manufacturing industries. TA505 have targeted banks, medical retailers, with banks and finance being the targets of Silence. With an apparent connection between the groups, the malware Silence.ProxyBot and Silent.MainModule have been used in this attack, along with Meterpreter stager TinyMet and executables that exploit “CVE-2019-1405” and “CVE-2019-1322”. The current estimated amount of funds stolen by Silence is $4.2 million.Recommendation: This APT is using legitimate methods to access networks and steal information. Campaigns like this are difficult to detect because they may not be using any malware to achieve their hands-on-objectives. Organisations can use behavioural monitoring capabilities to better detect anomalous behaviour if a malicious actor is using legitimate accounts. Behavioural monitoring capabilities include detecting when files and data are accessed that are outside the normal working hours or job specification of the account holder. Defense-in-depth is the best way to ensure safety from APTs. Defense-in-Depth involves the layering of defence ..
Support the originator by clicking the read the rest link below.
