This Week in Cyber 12th August

Zeppelin Ransomware

Ransomware is continuing to be a large issue within the UK and worldwide, with only 43% of ransomware attacks in the UK being blocked. While this is higher than the average of 35%, more than half of all victims are faced with paying a ransom or risk having their data encrypted permanently. The Zeppelin Ransomware as a Service (RaaS) is a derivate of Vega and is being used to target a wide range of businesses and CNI organisations worldwide. Access is typically obtained via RDP exploits, unpatched SonicWall vulnerabilities and phishing campaigns. The CISA and FBI released a joint advisory this week as part of their #StopRansomware campaign to raise awareness, TTPs and IOCs to help protect organisations. Telesoft’s Managed Detection & Response service incorporates our vCerne IDS platform which gives our Cyber Analysts visibility of ransomware as it traverses a network allowing for rapid alerting and response to minimise the impact.

Microsoft Release August 2022 Security Updates

Microsoft released 121 patches during their August update, some of which addressed vulnerabilities allowing attackers to take control of affected systems. The rapid patching of vulnerable systems is critical, the time from a vulnerability being disclosed to the point its being scanned for and exploited internet wide is decreasing all the time. Telesoft offers a continuous vulnerability management service covering on-premise, virtual and cloud hosted systems/applications. We can detect vulnerabilities, provide remediation advice and confirmation that patches have been applied.

Smishing Attack Led to Major Twilio Breach

Smishing is a form of phishing where an attacker uses a text message to trick the recipient into clicking a link with the aim to obtain corporate credentials. Malicious use of credentials obtained via phishing/smishing continues to be an extremely effective initial infection vector. Of the 39% of businesses who identified an attack, 83% was phishing. (UK Government statistics March 2022). While its more difficult to detect smishing, using our 90 day Microsoft Azure Logging capability, our Cyber Analysts are able to detect anomalous account access typically associated with attacks of this nature and actively block it to contain potential damage.

Emotet Tops List of Most Widely Used Malware

Malware poses a large threat to businesses and by using the very latest threat intelligence we are able to help protect our MDR customers by detecting C2 and network traffic associated with malware in real time. Emotet is a Trojan that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emails received often contain familiar branding designed to look like a legitimate email. Contact Telesoft today at sales@telesoft-technologies.com to see how our cyber security solutions can help businesses protect themselves against unauthorised access, malware, ransomware, phishing and exposed vulnerable services.