Fancy Bear At Work

Uploaded on 2024-11-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The Ukraine Computer Emergency Response Team (CERT-UA) has just issued a new security warning after discovering a cyber attack campaign carried out by the APT28 threat group, also known as Fancy Bear. The Fancy Bear group is  associated to the Russian military intelligence operations. 

The CERT-UA warning, number CERT-UA11689, describes an ongoing investigation into a phishing campaign using emails that contain a database table, and a link that delivers what appears to be a Google reCAPTCHA bot-detection dialogue box.

The frequency of these anti-bot CAPTCHA tools has reduced considerably for most users, in no small part by the sheer number of browser extensions that help to defeat them and the likes of iOS using Apple’s server-based automatic verification system to bypass the need to complete them yourself. However, it’s not an unexpected event when one does appear and, something that the Fancy Bear threat group is relying upon, certainly not something that would arouse suspicion in the user. If anything, it’s the opposite: the use of such an anti-bot defence tends to suggest a trustworthy outcome rather than a dangerous one.

CERT-UA said that ticking the check-box asking for confirmation in response to the “I am not a robot” question will initiate a malicious PowerShell command instruction to the user’s clipboard.

As well as the latest AI developments creating a potential threat to cybersecurity, these are other common types of cyber attacks which you should be aware of to protect your business, including:

Malware

Malware is a program or code that is intended to harm a computer, network or server. This is considered one of the most common types of cyber attack, with an estimated 72% of businesses affected by malware attacks in 2023. There are many different types of malware attack including ransomware, trojans, viruses and bots.  The most common malware attacks you must protect against include:-

  • Ransomware: The victim’s data is encrypted and a decryption key is offered in exchange for a large payment. Sometimes, even when payment is made, the data is not retrieved. 
  • Trojans: Trojans are malware that leads to a legitimate looking software or free download often through bait websites.
  •  Adware: Spyware is used to monitor user’s activity online and produce ads that are relevant with the intention of encouraging them to click on the malicious ad.
  • Botnet: This is a network of computers that are infected with malware, controlled by a ‘bot herder’ – a person who operates the infrastructure to launch attacks.  

Denial of Service Attacks

Another common and potentially dangerous cyber attack is a DOS (Denial of Service) attack. This is where attacks target company networks with the intent of overloading or crashing them. Any data lost or stolen is hard to to recover as company systems can become completely unusable during the attack. These attacks work by launching an overwhelming amount of requests to the server in order for the network to crash or become unresponsive. If you are interested in finding out more about DOS attacks. 

Phishing

In 2022, 82% of businesses reported that they were subject to phishing attacks, making it the most commonly reported cyber attack. Phishing attacks occur when someone with malicious intent tries to trick users into performing a dangerous action, such as clicking a link that will download malware or entering a malicious website. These actions can be completed through several different methods such as text, email and social media. 

Spoofing

Criminals can pose online as a trusted source, commonly in one of the following three forms:

  • Domain Spoofing: This is where attackers impersonate a trusted business or individual with a fake website or email address to appear trustworthy. 
  • Email Spoofing: Email spoofing is where criminals target businesses with a fake email address that appears trustworthy. 
  • ARP Spoofing: This form of spoofing attack is used to intercept data between a device and the intended recipient. 

Identity Based Attacks

Identity based attacks are very hard to identify, meaning the time spent recovering stolen data is longer than most other cyber attacks. This is due to the attacker appearing as close to the legitimate user’s normal online behaviour. Examples of this attack are man-in-the-middle attacks, golden ticket attacks and credential harvesting. 

Code Injection Attacks

This is where attackers inject malicious code into vulnerable devices and networks to change its course of action. With the new AI threats, it is expected that this type of attack will rise in frequency over the next few years as malicious code can be produced a lot faster. 

Supply Chain Attacks

This type of cyber attack targets supply chains through trusted third-party vendors who offer services or software. Attacks inject harmful code into applications to infect users of a piece of software or compromise physical components in a hardware supply chain attack. 

Insider Threats

Insider threats relate to current and previous employees that have access to the company systems and any data the company owns. If they have been trained on the company processes, they could create a tailored attack that leaves the business exposed.

Protecting Your Business From Cyber Attacks

One of the best ways to prepare for and prevent cyber crime in your business is to train all employees and have policies in place for if an attack occurs. 

This can be through making sure only the appropriate members of staff have access to sensitive data, strong passwords including biometrics and having security software installed on all devices throughout the company. 

Ensure all devices and systems used within the organisation are up to date with the latest protective measures against the ever evolving cyber threats. 

CERT-UA   |    Google   |   Gov.UK   |   Forbes   |   Fortinet   |     NEBR Centre   |    Security Intelligence 

Image: 

You Might Also Read: 

Russian Hackers Exploit Mobile Browser Vulnerabilities:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Empowering Employees To Prevent Data Leaks
Network Pen Testing Is A Cybersecurity Secret Weapon »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

CyberTee

CyberTee

CyberTee is an Alliance designed for and by independent cybersecurity professionals to address the talent shortage.

Maze

Maze

At Maze, we’re dedicated to changing how security teams understand and act on vulnerabilities — especially in cloud and application environments.