Last week saw several reports released, including Check Point’s global threat index for December 2022. Dragos revealed that its ICS/OT Cybersecurity Year in Review will be available soon. Logpoint Research also took a look at the Royal ransomware group. Microsoft published a blog that looked at the identity priorities for 2023. Other news included appointments by Check Point Software and Infoblox.
Check Point Software
Check Point Software Technologies Ltd announced Ms Tzipi Ozer-Armon had joined the company’s Board of Directors following her appointment at the 2022 Annual General Meeting. Gil Shwed, Founder and CEO of Check Point Software Technologies, commented, “Ms Ozer-Armon’s cross-industry expertise and track record of success is an asset to Check Point and all of our constituents. With the addition of Ms Ozer-Armon, we continue to focus on expanding our cyber security leadership and driving value creation for all our stakeholders.”
Check Point published its global threat index for December 2022. It saw Glupteba Malware, an ambitious blockchain-enabled Trojan botnet, return to the top ten list for the first time since July 2022, moving into eighth place. Qbot, a sophisticated Trojan that steals banking credentials and keystrokes, overtook Emotet as the most prevalent malware after its return last month, impacting 7% of organizations worldwide. Meanwhile, Android malware, Hiddad, made a comeback, and education continued to be the most impacted industry worldwide.
In December, Hiddad also made the top three mobile malware list for the first time in 2022. Hiddad is an ad-distributing malware targeting Android devices. It repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.
CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability. It impacted 46% of organizations globally. Close behind was “Web Servers Malicious URL Directory Traversal”, with 44% of organizations impacted worldwide. “Command Injection Over HTTP” is the third most used vulnerability, with a global impact of 43%.
Maya Horowitz, VP of Research at Check Point Software, commented, “The overwhelming theme from our latest research is how malware often masquerades as legitimate software to give hackers backdoor access to devices without raising suspicion. That is why it is important to do your due diligence when downloading any software and applications or clicking on links, regardless of how genuine they look.”
Dragos will publish its ICS/OT Cybersecurity Year in Review soon and has opened up registration for a copy. The report provides a comprehensive look back at the cyber events that dominated news headlines in the past year. It also has a forward-looking approach to the industrial controls systems (ICS) and operational technology (OT) threat landscape. This includes access to deep threat research and analysis, lessons learned from real incidents and threat hunts in the field, and first-party data not available anywhere else.
It also quickly reviewed its 2021 report, reminding organisations of the three new threat groups it discovered: Kostovite, Petrovite and Erythrite. It also highlighted three other findings:
- A 37% Increase in external network connections to the Internet from 2020
- Ransomware was the number one attack vector in the industrial sector in2021
- The trends in ICS/OT vulnerability classification saw more errors, though 45% of CVEs were less severe
Law enforcement and judicial authorities from Bulgaria, Cyprus, Germany and Serbia, supported by Europol and Eurojust, have teamed up against organised crime groups involved in online investment fraud. This criminal network, comprising several different criminal actors, operated through call centres. They lured victims into investing large amounts of money in fake cryptocurrency schemes.
On January 11th, it took action making 15 arrests, 14 in Serbia and one in Germany. Twenty-two locations were searched, and a number of seizures took place. It included 3 hardware wallets with about USD 1 million in cryptocurrencies and about EUR 50,000 in cash, 3 vehicles, electronic equipment, data back-ups, and documents.
Infoblox has appointed Scott Harrell as its new CEO following the retirement of Jesper Andersen. Before joining Infoblox, Harrell was the Senior Vice President and General Manager for Cisco’s $20 billion Intent Based Networking business unit. He oversaw the entire portfolio and engineering teams across the enterprise, IoT and data centre markets.
Harrell commented, “Infoblox is an innovative company with an incredibly talented team that consistently executes at extremely high levels. I am thankful for all Jesper has done for the company and the incredible culture that has been built under his leadership.
“Infoblox’s solutions are critical to the ongoing operations, availability, and security of enterprises across the world. I’m thrilled to join a company that embraces an innovation mindset anchored by its technology and its people, and I look forward to further accelerating Infoblox’s growth and market-leading solutions.”
Logpoint research took a look at Royal ransomware attacks. The research team found that the Royal ransomware group has leaked data of more than 60 victims since November 2022.
Doron Davidson, VP of Logpoint Global Services, noted, “Royal stands out as a ransomware provider because it doesn’t have affiliates. The ransomware uses various tactics and techniques to reach its goal, like redirecting users using Google ads, sending phishing emails, and personal interactions based on callback phishing. Despite the many ways to gain initial access, the ransomware deploys in later stages, providing organizations with an opportunity to detect it before it wreaks havoc.”
Logpoint recommends three actions to mitigate the risks of Royal ransomware:
- Monitoring the infrastructure for stopped services and killed processes
- Monitoring for the creation of scheduled tasks and related events using the schtasks binary
- Monitoring for access to multiple share folders in a short span from the same user and hosts
Davison added, “It’s important that organizations have the right cybersecurity resources in place. Leveraging the technology advancements in cybersecurity can accelerate threat detection, investigation, and response. For example, automatic incident detection and response can improve cyber intelligence and reduce cyber risk. Investing in advance in Penetration Testing and similar cybersecurity services will reduce the need to pay for Royal’s Pentesting services.”
In a blog, Joy Chik, President, Identity & Network Access, Microsoft, identifies 5 identity priorities for 2023.
- Protect against identity compromise using a “Defense in Depth” approach
- Modernize identity security to do more with less
- Protect access holistically by configuring identity and network access solutions to work together
- Simplify and automate identity governance
- Verify remote users in a cheaper, faster, more trustworthy way
NTT Corporation announced it is now a member of the Joint Cyber Defense Collaborative (JCDC) to further strengthen the US government’s focus on cybersecurity and boost resilience internationally. Akira Shimada, NTT’s President & CEO, commented, “Based on our existing collaborative and trusted relationship with CISA and the U.S. government, we are honored to join the JCDC bringing a unique perspective from Asia and sharing NTT’s global experience and deep expertise in leadership and security.
“While the global cybersecurity environment will remain uncertain for the foreseeable future, collaboration among cybersecurity industry leaders and government leaders is needed not only in the U.S. but also internationally to protect against cyberattacks that threaten the critical infrastructure systems upon which our daily lives depend.”