Author name: Prayukth K V

North Korean APT group and an unnamed affiliate have had significant exposure. For the last two years, hackers from these groups have been attacking a wide of cryptocurrency eco-system companies including cryptocurrency exchanges, play-to-earn cryptocurrency video games, cryptocurrency trading companies, individuals holding cryptocurrency, and even those holding non-fungible tokens (NFTs). As late as April this year, North Korean hacking teams were running campaigns to distribute phishing lures and targeted baits. In one such campaign intercepted by Sectrio’s Threat Research team, the documents were planted on temporary sites hosted on the platforms of well-known hosting service providers. An email was then sent to lure the victim to open these documents. Once opened, a malicious program would be triggered through remote injection leading to the exfiltration of data without the knowledge of the victim. Lazarus used the same method to target many victims including agencies and individuals linked to the South Korean government. According to a UN report, North Korean hackers could have siphoned off as much as US$ 400 mn and this money was deployed to fund the country’s missile development program. However, now with the crash in the value of cryptocurrencies, North Korea has directed its APT teams to fan out and target banks directly to steal foreign currency. This is something these hackers had done for a while in the last decade and had even managed to hoodwink at least 2 banks in the Asia Pacific region (including the Central Bank of Bangladesh).    Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF And now the bad news as the crypto market crashes In the last 48 hours, Sectrio’s banking sector-focused honeypots have reported many anomalous activities across the globe. The number of phishing emails intercepted has also risen significantly in the same period. All this means that the hackers have already started targeting financial institutions and they may scale up their operations in the days to come and this is certainly bad news for banks.   Going by past trends, we can expect phishing attacks to expand in sophistication and coverage in the days to come. Hackers could also use multi-malware loaders to deploy more malware and run more codes to increase their chances of success. Banks need to be on their guard from now on and secure their infrastructure and processes to ensure these cyberattacks don’t succeed. Sectrio is here to help the banking sector When targeting banks, adversarial entities could begin by identifying and targeting diverse points of entry across the digital environment. Using deception technology can help banks by leading cyber adversaries onto a parallel alley, a secure and isolated environment, where details such as assets of interest can be used by security teams to monitor their tactics, techniques, and procedures (TTP). The decoy infrastructure will appear real to a hacker but will not be running a live and active workload (honeypots) or it will deploy decoy objects in real workloads (honey tokens). At Sectrio, we work to reduce breaches and discover and prevent cyberattacks early with our solutions.  Also Read: Why IoT Security is important in today’s network? Sectrio’s deception technology incorporates a proven detection and engagement logic enabling security teams to stay well ahead of attackers and know what they are up to.  By representing itself as systems or services, an attacker is interested in, but is not actually used in any business processes, Sectrio’s Decoy and Deception solution can alert security teams at the start of a compromising activity without impacting the core digital assets, networks, and data. Benefits of Sectrio Decoy and Deception Works at three levels viz., perimeter, network, and endpoints to ensure all attacks are deflected The attacker wastes time on the decoy while you get to study them and their work securely. Increases the cost for the attacker while reducing that for the defender The TTPs identified can be used to plug security gaps and improve the overall security posture Decoys can be customized to make the lures more appealing and realistic for protection against targeted attacks Proof of value: a top-3 bank in the APAC region is using our solution to secure its infrastructure from sophisticated cyberattacks, cybercrime, and suspicious insider activity. Talk to us to set up a free demo and for a comprehensive threat and security posture assessment of your infrastructure. Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture. Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Ever since the Luna-Terra stable coin crisis surfaced, the global cryptocurrency market has been on a freefall. To give you an idea of the decline, the global crypto market cap has fallen below the $1 trillion mark and is currently resting at $970 billion. The market cap is expected to fall further as more investors exit. Crypto lost almost $30 Bn in just under 24 hours since Monday (it has lost almost 60 percent of its value so far this year). The crash has impacted many investors who have lost interest (many investors have simply not looked at their crypto portfolios since the crash began) in the crypto universe and the fallout of this event is still playing out as I put this blog post together. Connecting Bitcoins(Cryptocurrency) and cybersecurity Now coming to the title of this post, an analyst told me late last evening that anyone who has invested in bitcoins in the last 18 months would have lost some investment value in this crash. In addition to legitimate investors, Bitcoin was also a favorite investment ground for criminals of all hues including cybercriminals and even APT groups that pumped in almost 300 million USD in the last 3 months of 2021 alone. Also Read: Why IoT Security is important in today’s network? So how does the crash impact cybersecurity you ask? With their ill-gotten wealth parked in crypto investments, many hackers, script kiddies and APT-backed players were taking it easy. They were taking turns attacking targets across geographies. The motivation was two-pronged. One – they shouldn’t be caught due to greed and two, they wanted to also bring in new players into the game who would share their ransom revenues with them by giving them access to their tools and stolen credentials. Some of the hackers had even retired from the game drawing from their Bitcoin investments periodically to finance their lavish lifestyles including yachts and extended sunny vacations. But with the crypto crash, the bubble has burst and the money has disappeared (almost vaporized into thin air without even a trace). This crash couldn’t have come at a worse time for these hackers as many are based in countries that are reeling from high inflation and a cost of living crisis. Many hackers are now waking up to the reality that a big chunk of their wealth has simply eroded away and that the lifestyle that they were used to is no longer feasible or even affordable. Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF So the logical next step will be to restart hacking operations, get back into the ransom game and scale up to make up for the lost money. Going by the experience of 2008 when the number of phishing attacks rose significantly in the months following the recession, we could be staring at a steep rise in cyberattacks in the months to come. This could also mean that more stolen data, especially credentials could change hands as hackers start looking for vulnerabilities to exploit, and July and August will be months to watch for cyber defenders.   Many APT groups in China, Russia, and especially North Korea are already under orders from their state handlers to ramp up their activities. Sectio’s team has already reported an increase in the footprint of North Korean APT groups in the financial services sector. So there you have it. Sectrio advises all businesses, especially those running IoT and OT devices to be vigilant over the next few months. Get a demo today: Request a demo Get in touch with us now to learn more about our threat assessment offering. Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture. Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Attacks on supply chains are growing in numbers and complexity. In the last two months since the initiation of the Russia-Ukraine war, inbound attacks from APT groups targeted at shipping, surface transport, retail warehouses, pharma APT supply entities, oil and gas, and coal mining sectors have risen significantly. Spillover attacks on several other enterprises which depend on these entities have also grown. The attacks are coming from known APT groups in South East Asia and Russia and seem to be oriented towards creating a large-scale disruption. Also Read: Why IoT Security is important in today’s network? It is therefore no surprise that the National Institute of Standards and Technology (NIST) has updated its foundational cybersecurity supply chain risk management (C-SCRM) guidance to enable enterprises to improve their security measures as they go about acquiring and adding more technology products and services to their infrastructure. NIST has issued a revised publication called Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1). This publication, according to NIST, offers guidance and inputs on identifying, assessing, and responding to all types of cybersecurity risks spread across all supply chain levels of an organization. The document acknowledges the challenges in securing supply chains arising from an information asymmetry that exists between acquiring enterprises and their suppliers and service providers. It goes on to say “that acquirers often lack visibility and understanding of how acquired technology is developed, integrated, and deployed and how the services that they acquire are delivered” Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF Here are the highlights of NIST’s new revision: The publication outlines key steps that organizations can adopt to manage supply chain risks Organizations are encouraged to view vulnerabilities associated with the whole production process of a finished product and its components. This covers the entire development footprint covering the journey these components took individually Specific attention is drawn to the possibility of malware ingress or cyberattack from different points across the chain The practices and controls described for Cybersecurity Supply Chain Risk Management (C-SCRM) apply to both information technology (IT) and operational technology (OT) environments and is inclusive of IoT  Recommends integration of supply chain risk management into the overall enterprise risk management process. The enterprise risk management as part of a continuous and iterative process should include: Frame risk. Establish the context for risk-based decisions and the current state of the enterprise’s information and communications technology and services and the associated supply chain. Assess risk. Review and interpret criticality, threat, vulnerability, likelihood, impact, and related information. Respond to risk. Select, tailor, and implement mitigation controls based on risk assessment findings. Monitor risk. Monitor risk exposure and the effectiveness of mitigating risk on an ongoing basis, including tracking changes to an information system or supply chain using effective enterprise communications and a feedback loop for continuous improvement Enterprises need to aim to infuse perspectives from multiple disciplines and processes (e.g., information security, procurement, enterprise risk management, engineering, software development, IT, legal, HR, etc.) Interestingly the document recommends that enterprises should look at managing risks rather than eliminating them as risks are essential for the pursuit of value Talks about various models for managing supply chain risks such as centralized, decentralized, hybrid Outlines critical success factors Lays emphasis on putting in place multidisciplinary foundational supply chain risk management practices to engage successfully with system integrators Recommends establishment of explicit collaborative and discipline-specific roles, accountabilities, structures, and processes for supply chain, cybersecurity, product security, physical security, and other relevant processes The annexure contains various controls that various types of enterprises (manufacturers, suppliers, users) can use to improve their supply chain security practices Talk to our cybersecurity experts and find out how Sectrio can help you in securing your supply chain. Contact us Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

What’s keeping CISOs awake at night in 2022? That’s the question we asked CISOs at the start of the CISO Peer Survey in the first week of April. 2021 was a stressful year for CISOs and we wanted to learn from them about how they are getting ready for the uncertain times that lay ahead with geopolitical conflicts and the threat of a recession shaping the narrative. The CISO Peer Survey was an attempt to amplify the voice of the CISO, document their opinions, challenges, and ideas, and share them with decision-makers and enterprises in general. CISOs responded to the call with plenty of enthusiasm. Within less than a month, we got 300 responses and not even a single question was left unanswered. The CISO survey has captured responses around these topics: The Sectrio CISO Peer Survey 2022 has become the most comprehensive and detailed survey of the security landscape across industries. Not only has the survey brought out many aspects of the security management strategies and tactics adopted by organizations, but it has also outlined CISO apprehensions as well as key intervention areas from a tool, skillset, budget and senior leadership awareness perspective.    The survey report will offer CISOs insights into how their peers are managing their security requirements. CISOs can also use this report to build a case for enhancing OT and IoT security investments, adding more sources of threat intelligence, dealing with insider threats, and securing vulnerabilities.   The CISO survey will be kept open till this Friday (May the 27th) and will be closed for responses after that. We will begin compiling the survey report from midnight GMT, May the 28th. All results will be published as-is and Sectrio will not be modifying any part of the responses. We will also be announcing the 3 winners of the survey contest shortly.  All survey participants will get a copy of the report emailed to them well before the official release. All of us at team Sectrio are thankful to all CISOs and cybersecurity leaders who participated in this survey and shared their inputs. We can’t wait to share the final report with you to hear your thoughts on the findings.    Your last chance to participate in the CISO survey. In case you wish to participate in the survey, you can do so here: CISO Peer Survey 2022 Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Tracking the wrong KPIs is as good as not tracking the effectiveness of your cybersecurity measures at all. As far as KPIs go, businesses fall into these categories: A majority of the respondents in our CISO survey thus far have indicated that they have a challenge with tracking the right KPIs. This is more so in the instance of large and very large enterprises and small businesses. Those in between are doing fairly well but there is certainly some room for improvement there as well. So how do businesses end up tracking the wrong KPIs? So how do businesses end up tracking the wrong KPIs? The answer to this lies in the way security programs were designed years ago. When it comes to large manufacturing entities, security programs were conceptualized and implemented to secure infrastructure without hampering operations. In case where operational priorities were deemed too important, security took a back seat and this approach has left its mark on the KPIs that such organizations are tracking. In the case of some utility companies, all teams were already burdened with tracking multiple KPIs already. This meant that only those KPIs that were absolutely necessary were tracked. In some instances, even KPIs linked to systems that were only partially functional were tracked leading to wastage of bandwidth.  In the case of maritime companies and those connected with renewable energy projects, few KPIs were tracked as there wasn’t enough bandwidth or cybersecurity solutions deployed to track more KPIs. Also read: Why IoT Security is Important for Today’s Networks? Why is it important to track the right cybersecurity KPIs? Before we understand how the right KPIs can help, here are a few facts that our research team discovered during their interactions with security teams from across verticals: With the shrinking malware development and launch cycles, the threat environment is rapidly deteriorating. It is therefore important to have a tried and tested strategy to track and monitor the right KPIs. Not only do the right KPIs strengthen a cybersecurity program, but they can also keep threats at bay and reduce the burden on the SecOps team and security analysts. Tracking the right KPIs also helps your security team evolve faster and execute a more mature and consistent security program that is better aligned to the cyber realities of the digital space that we operate in.  In order to track the right KPIs, the following steps will have to be followed: Confused about where to start your IoT and OT cybersecurity KPI journey? Download this exclusive paper on building and tracking cybersecurity KPIs to reduce the learning curve. Talk to our cybersecurity KPI specialists to learn how you can launch a KPI program in just 14 days or if you wish to validate your existing KPIs: Contact Us  We have entered the last phase of the Sectrio CISO Peer Survey 2022. The survey will be closed for responses in the next two weeks so make sure you participate in this effort to gain insights into the strategies and tactics your peers are using to defend their digital transformation journey. Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

In the first half of 2022, we have seen at least one major ransomware that was rewired or built on the code bed of existing malware. Such transformations are now occurring regularly enough to cause alarm among cybersecurity teams and vendors. In the past, Sectrio’s researchers have come across over 17 major malware families that remained potent due to the reengineering and development of variants.     So why are malware developers relying on variants rather than developing entirely new families of malware? The recent instance of Bazarloader transforming into Bumblebee ransomware offers a distinct clue. Bumblebee appeared on the horizon in March and was pushed across cyberspace through unique campaigns by 4 groups. The campaigns involved passing ISO files, Zip, and other archive attachments with malicious .DLL files and execution shortcuts. Some of which were hosted using known public cloud service providers.    Also read: Why IoT Security is Important for Today’s Networks? The appearance of Bumblebee coincided with the disappearance and fading away of Bazarloader malware. It was then revealed that the Conti group had acquired the operations of the botnet gang that developed Bazarloader.  Other than code similarities, Sectrio’s researchers were also able to correlate and see similar patterns of malware promotion campaigns and there was even a 1-1 replacement of conversations involving Bazarloader with Bumblebee on various malware exchange forums.   So why are malware developers and promotors increasingly relying on variants or acquired malware to target businesses than developing new ones? Here are a few reasons:  At any given point in time, there are many malware developers ready to sell the source codes of their malware for adequate monetary consideration. The payment terms are flexible and attractive. The malware code buyer doesn’t even have to acquire the group as it can pay a ‘royalty’ to the developer for using their code or building on it as the case may be.   Developing a variant enables malware groups to pump in relatively new malware much faster thereby keeping security teams on alert at all times. This also leads to SOC and detection fatigue which allows bad actors to bring in their malware into the target networks undetected   It is much cheaper to develop a variant than build a malware ground up. Building an OT or IoT focused malware is a costly proposition as it involves plenty of planning and innovation to by-pass defenses and non-target networks not to mention avoiding detection   By changing malware codes, the actor can confuse security analysts trying to figure out the origin of the malware   Newer variants ensure the longevity of bad actors as they continue to remain relevant beyond a few malware development cycles   We have also seen instances where the source code was picked from a group that was disbanded or based on codes stolen from APT groups or academic labs  Hackers are becoming more organized   Overall the whole proposition of getting malware ready quickly is very appealing and incentivizes malware groups to go for variants than building fresh malware.    For security teams, the main challenge with malware variants is that they pop up soon and sometimes become difficult to detect because of the new lines of code added. But a bigger challenge is the rapid development and release of these variants which means that in a single calendar year, there could potentially be more attacks and more losses.   So what are the implications of this shrinking malware development trend?  Faster evolution of more potent malware  SOC fatigue   Enterprise risk management efforts will come under added strain   If this leads to more successful breaches and more ransom payments, cybercrime will pick up and grow rapidly   Kinetic thresholds could be breached more often and lives threatened at large facilities such as those run by oil and gas and large manufacturing companies   More data leaks    There are security implications of this trend for enterprises. Thus, we need to continue our investments in keeping cyber threats at bay and preventing them from being successful. Every failed breach is a waste of time, effort, and possibly money as well for the hackers involved. Thus, by increasing the cost of operations, at least some of the hacker groups can be relegated to the fringes or even eased out of the game by cybersecurity teams. This will lead to a reduction in the number of codes available to be passed around for the development of new variants and break the cycle of deceit.   We have entered the last phase of the Sectrio CISO Peer Survey 2022. The survey will be closed for responses in the next two weeks so make sure you participate in this effort to gain insights into the strategies and tactics your peers are using to defend their digital transformation journey.  Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Every 2nd breach in 3 involves some form of failure involving an employee. This is a reality that has been accepted by CISOs and senior management of businesses. Without employee engagement and involvement, there is no way that a cybersecurity program can succeed. With digital transformation and large-scale automation, the stakes are now higher than ever. Is there a way in which businesses can secure digital transformation efforts across the organization by letting employees lead the way? Read on to find out. What is broken? As digital transformation efforts involve multiple stakeholders, teams, and objectives, the security aspects often get neglected or are willingly ignored in favor of outcomes that may appeal more to the board and other important stakeholders. Other than this, here are some aspects that are currently in various states of disrepair when it comes to digital transformation cybersecurity: These are just some of the challenges that we came across during our interactions with industry leaders. There are many more out there. The impact What kind of impacts do such issues lead to? Here are a few outcomes: So what can be done to empower employees to turn them into cybersecurity champions and defenders of digital transformation gains? Digital transformation security on your mind? Talk to our cybersecurity experts about Sectrio’s easy-to-deploy 5-step approach to securing your digital transformation gains. Have you tried our threat intelligence feeds yet? Find out what your digital transformation project is missing, now: Sign up for FREE 15 days feeds of our threat intelligence feeds. Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

The latest to join the list of unique malware loaders is a loader called Bumblebee. It is ostensibly a new offering from the development house of the Conti malware syndicate and a replacement for the BazarLoader backdoor which seems to have outlived its utility. The rising preference for Bumblebee stands in sharp contrast to the dipping fortunes of BazarLoader which is no longer the preferred loader for sophisticated ransomware deployment operations.   Also read: What’s keeping CISOs awake at night this year? In the last few weeks, Bumblebee has been pushed widely by at least 4 groups through multi-phase campaigns involving passing ISO files, Zip, and other archive attachments with malicious. DLL files and execution shortcuts. Some of which are hosted using known public cloud service providers.   Some of the phishing campaigns intercepted by Sectrio contain some highly convincing content including LinkedIn invites and a site where you can sign up to support Ukraine. While many of the campaigns started in the week Russia invaded Ukraine, as of now there is little to no evidence to suggest that the two events were linked. Though it is possible that the Conti group could be using Bumblebee to create a new wave of confusion and distraction while it works on new and more potent malware. The shrinking development cycle for new malware loaders is another cause for concern.    Here are some of the features of Bumblebee The Conti group is working with at least one APT group to gain access to a wider set of network assets to target. The switch from Bazarloader to Bumblebee was sudden and abrupt. Two threat actors that were actively pumping Bazarloader suddenly switched over to Bumblebee. Such a rapid switch indicates high level of confidence in the loader as also a need to move away rapidly from old loaders that could no longer be as potent or useful as enterprises could have started deploying countermeasures. Also read: Why IoT Security is important for today’s networks? With rising threats in cyberspace, you need to ensure that you stay in the game by evading hackers and bad actors. Talk to Sectrio’s IoT and OT cybersecurity experts today to learn about the latest in threat detection and neutralization and you also get to try out our IoT and OT focused threat intelligence feeds for free. Don’t wait up, reach out to Sectrio now.   Explore our malware reports here: Malware Reports  Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days