Cyber Security

North Korean APT group and an unnamed affiliate have had significant exposure. For the last two years, hackers from these groups have been attacking a wide of cryptocurrency eco-system companies including cryptocurrency exchanges, play-to-earn cryptocurrency video games, cryptocurrency trading companies, individuals holding cryptocurrency, and even those holding non-fungible tokens (NFTs). As late as April this year, North Korean hacking teams were running campaigns to distribute phishing lures and targeted baits. In one such campaign intercepted by Sectrio’s Threat Research team, the documents were planted on temporary sites hosted on the platforms of well-known hosting service providers. An email was then sent to lure the victim to open these documents. Once opened, a malicious program would be triggered through remote injection leading to the exfiltration of data without the knowledge of the victim. Lazarus used the same method to target many victims including agencies and individuals linked to the South Korean government. According to a UN report, North Korean hackers could have siphoned off as much as US$ 400 mn and this money was deployed to fund the country’s missile development program. However, now with the crash in the value of cryptocurrencies, North Korea has directed its APT teams to fan out and target banks directly to steal foreign currency. This is something these hackers had done for a while in the last decade and had even managed to hoodwink at least 2 banks in the Asia Pacific region (including the Central Bank of Bangladesh).    Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF And now the bad news as the crypto market crashes In the last 48 hours, Sectrio’s banking sector-focused honeypots have reported many anomalous activities across the globe. The number of phishing emails intercepted has also risen significantly in the same period. All this means that the hackers have already started targeting financial institutions and they may scale up their operations in the days to come and this is certainly bad news for banks.   Going by past trends, we can expect phishing attacks to expand in sophistication and coverage in the days to come. Hackers could also use multi-malware loaders to deploy more malware and run more codes to increase their chances of success. Banks need to be on their guard from now on and secure their infrastructure and processes to ensure these cyberattacks don’t succeed. Sectrio is here to help the banking sector When targeting banks, adversarial entities could begin by identifying and targeting diverse points of entry across the digital environment. Using deception technology can help banks by leading cyber adversaries onto a parallel alley, a secure and isolated environment, where details such as assets of interest can be used by security teams to monitor their tactics, techniques, and procedures (TTP). The decoy infrastructure will appear real to a hacker but will not be running a live and active workload (honeypots) or it will deploy decoy objects in real workloads (honey tokens). At Sectrio, we work to reduce breaches and discover and prevent cyberattacks early with our solutions.  Also Read: Why IoT Security is important in today’s network? Sectrio’s deception technology incorporates a proven detection and engagement logic enabling security teams to stay well ahead of attackers and know what they are up to.  By representing itself as systems or services, an attacker is interested in, but is not actually used in any business processes, Sectrio’s Decoy and Deception solution can alert security teams at the start of a compromising activity without impacting the core digital assets, networks, and data. Benefits of Sectrio Decoy and Deception Works at three levels viz., perimeter, network, and endpoints to ensure all attacks are deflected The attacker wastes time on the decoy while you get to study them and their work securely. Increases the cost for the attacker while reducing that for the defender The TTPs identified can be used to plug security gaps and improve the overall security posture Decoys can be customized to make the lures more appealing and realistic for protection against targeted attacks Proof of value: a top-3 bank in the APAC region is using our solution to secure its infrastructure from sophisticated cyberattacks, cybercrime, and suspicious insider activity. Talk to us to set up a free demo and for a comprehensive threat and security posture assessment of your infrastructure. Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture. Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Ever since the Luna-Terra stable coin crisis surfaced, the global cryptocurrency market has been on a freefall. To give you an idea of the decline, the global crypto market cap has fallen below the $1 trillion mark and is currently resting at $970 billion. The market cap is expected to fall further as more investors exit. Crypto lost almost $30 Bn in just under 24 hours since Monday (it has lost almost 60 percent of its value so far this year). The crash has impacted many investors who have lost interest (many investors have simply not looked at their crypto portfolios since the crash began) in the crypto universe and the fallout of this event is still playing out as I put this blog post together. Connecting Bitcoins(Cryptocurrency) and cybersecurity Now coming to the title of this post, an analyst told me late last evening that anyone who has invested in bitcoins in the last 18 months would have lost some investment value in this crash. In addition to legitimate investors, Bitcoin was also a favorite investment ground for criminals of all hues including cybercriminals and even APT groups that pumped in almost 300 million USD in the last 3 months of 2021 alone. Also Read: Why IoT Security is important in today’s network? So how does the crash impact cybersecurity you ask? With their ill-gotten wealth parked in crypto investments, many hackers, script kiddies and APT-backed players were taking it easy. They were taking turns attacking targets across geographies. The motivation was two-pronged. One – they shouldn’t be caught due to greed and two, they wanted to also bring in new players into the game who would share their ransom revenues with them by giving them access to their tools and stolen credentials. Some of the hackers had even retired from the game drawing from their Bitcoin investments periodically to finance their lavish lifestyles including yachts and extended sunny vacations. But with the crypto crash, the bubble has burst and the money has disappeared (almost vaporized into thin air without even a trace). This crash couldn’t have come at a worse time for these hackers as many are based in countries that are reeling from high inflation and a cost of living crisis. Many hackers are now waking up to the reality that a big chunk of their wealth has simply eroded away and that the lifestyle that they were used to is no longer feasible or even affordable. Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF So the logical next step will be to restart hacking operations, get back into the ransom game and scale up to make up for the lost money. Going by the experience of 2008 when the number of phishing attacks rose significantly in the months following the recession, we could be staring at a steep rise in cyberattacks in the months to come. This could also mean that more stolen data, especially credentials could change hands as hackers start looking for vulnerabilities to exploit, and July and August will be months to watch for cyber defenders.   Many APT groups in China, Russia, and especially North Korea are already under orders from their state handlers to ramp up their activities. Sectio’s team has already reported an increase in the footprint of North Korean APT groups in the financial services sector. So there you have it. Sectrio advises all businesses, especially those running IoT and OT devices to be vigilant over the next few months. Get a demo today: Request a demo Get in touch with us now to learn more about our threat assessment offering. Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture. Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

When it comes to drawing up a proactive plan to secure infrastructure, a threat assessment drive can go a long way. In addition to helping understand the sources and gravity of individual threats, it can also sensitize all stakeholders on various security aspects and help organizations understand and address specific and generic threats. However, due to some inherent deficiencies, the full value of an institutional cyber threat assessment program is not realized by many enterprises who chose to conduct such an assessment program. What are these deficiencies and how can they be addressed, read on to find out. Deficiency one:  wrong or outdated cyber threat assessment model   In our interactions with CISOs across manufacturing, utilities, maritime, oil and gas, and financial services sectors, we found that many businesses were relying on models that were primate and not suited to the emergent threats that are now dominating the threat landscape. These models were often borrowed from their peers in the industry and have been passed down from one generation of cybersecurity leaders to another across decades in some instances. Remedy: work with a vendor or internal security operations team to prepare a model that is specific to your business.  Deficiency two: lack of unit-level assessment Even today, many businesses conduct threat assessment at an infrastructure/enterprise level rather than go a few notches lower to assess threats at an equipment or transaction level. Based on the family of devices, communication protocols, supply chain characteristics, device profile, digital footprint, and many other parameters, each device could face a multitude of threats. Further, networks face a series of threats that could be unique to various network characteristics. Without taking these into account, an IoT, IT, or OT threat assessment exercise will not present sufficient actionable data that can reduce your risk exposure. Remedy: prepare an inventory of all devices and networks before embarking on a threat assessment exercise. This is especially true for OT-based infrastructures where device inventories are often outdated or do not exist. Also Read: Why IoT Security is important in today’s network? Deficiency three: low frequency of assessment In IoT and OT environments connected with critical infrastructure, threat assessments should be conducted at least once a month to identify and track new risks and threats and plug any vulnerabilities or security posture-related gaps that may arise. Remedy: calendarize and conduct threat assessments as frequently as possible. Deficiency four: compliance-driven threat assessment agenda Often businesses conduct threat assessment drives due to external factors such as audits, compliance needs, or pressure from the board or senior leadership. Sometimes threat assessments are conducted as a knee-jerk reaction to an advisory from a regulator as well. This leads to the threat assessment exercise being treated as an ad-hoc effort with no long-term view or focus. Remedy: conduct threat assessments as a calendarized activity. The agenda should be specific to the risk exposure management needs of the business that is conducting it. Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF Deficiency five: lack of skilled cybersecurity threat assessment experts As threat assessment is often not seen as a core activity, the work is assigned to team members who have to learn on the job. No additional training is imparted and such team members are often made to handle threat assessments along with their other responsibilities. Remedy: allocate specific threat assessment responsibilities to team members and train them to do it professionally with diligence. Such members should also be made to undergo threat assessment certifications and act independently while making honest threat assessment recommendations. Deficiency six: lack of integration (or synergy) with the overall cybersecurity roadmap Since most businesses conduct a threat assessment exercise in an ad hoc manner, its findings or frequency, or even the objectives are not synchronized with the institutional risk management priorities. This leaves a wide gap in implementing the findings of the threat assessment exercise which are sometimes not even implemented. Remedy: integrate the threat assessment exercise with the overall risk management program using incremental steps. Never conduct a threat assessment exercise in isolation as that will simply erode the benefits that your institution could gain from such an effort Wish to know how to turbocharge your threat assessment programs to improve your institutional threat hunting and cyber risk management efforts?  Talk to Sectrio. We have assisted businesses across verticals such as manufacturing, oil and gas, maritime, banking, supply chain, and pharmaceutical manufacturing to evolve and run comprehensive and beneficial threat assessment programs. Talk to us now. Wish to talk to our threat assessment specialists for more information? Share your details here. Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Attacks on supply chains are growing in numbers and complexity. In the last two months since the initiation of the Russia-Ukraine war, inbound attacks from APT groups targeted at shipping, surface transport, retail warehouses, pharma APT supply entities, oil and gas, and coal mining sectors have risen significantly. Spillover attacks on several other enterprises which depend on these entities have also grown. The attacks are coming from known APT groups in South East Asia and Russia and seem to be oriented towards creating a large-scale disruption. Also Read: Why IoT Security is important in today’s network? It is therefore no surprise that the National Institute of Standards and Technology (NIST) has updated its foundational cybersecurity supply chain risk management (C-SCRM) guidance to enable enterprises to improve their security measures as they go about acquiring and adding more technology products and services to their infrastructure. NIST has issued a revised publication called Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1). This publication, according to NIST, offers guidance and inputs on identifying, assessing, and responding to all types of cybersecurity risks spread across all supply chain levels of an organization. The document acknowledges the challenges in securing supply chains arising from an information asymmetry that exists between acquiring enterprises and their suppliers and service providers. It goes on to say “that acquirers often lack visibility and understanding of how acquired technology is developed, integrated, and deployed and how the services that they acquire are delivered” Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF Here are the highlights of NIST’s new revision: The publication outlines key steps that organizations can adopt to manage supply chain risks Organizations are encouraged to view vulnerabilities associated with the whole production process of a finished product and its components. This covers the entire development footprint covering the journey these components took individually Specific attention is drawn to the possibility of malware ingress or cyberattack from different points across the chain The practices and controls described for Cybersecurity Supply Chain Risk Management (C-SCRM) apply to both information technology (IT) and operational technology (OT) environments and is inclusive of IoT  Recommends integration of supply chain risk management into the overall enterprise risk management process. The enterprise risk management as part of a continuous and iterative process should include: Frame risk. Establish the context for risk-based decisions and the current state of the enterprise’s information and communications technology and services and the associated supply chain. Assess risk. Review and interpret criticality, threat, vulnerability, likelihood, impact, and related information. Respond to risk. Select, tailor, and implement mitigation controls based on risk assessment findings. Monitor risk. Monitor risk exposure and the effectiveness of mitigating risk on an ongoing basis, including tracking changes to an information system or supply chain using effective enterprise communications and a feedback loop for continuous improvement Enterprises need to aim to infuse perspectives from multiple disciplines and processes (e.g., information security, procurement, enterprise risk management, engineering, software development, IT, legal, HR, etc.) Interestingly the document recommends that enterprises should look at managing risks rather than eliminating them as risks are essential for the pursuit of value Talks about various models for managing supply chain risks such as centralized, decentralized, hybrid Outlines critical success factors Lays emphasis on putting in place multidisciplinary foundational supply chain risk management practices to engage successfully with system integrators Recommends establishment of explicit collaborative and discipline-specific roles, accountabilities, structures, and processes for supply chain, cybersecurity, product security, physical security, and other relevant processes The annexure contains various controls that various types of enterprises (manufacturers, suppliers, users) can use to improve their supply chain security practices Talk to our cybersecurity experts and find out how Sectrio can help you in securing your supply chain. Contact us Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

What’s keeping CISOs awake at night in 2022? That’s the question we asked CISOs at the start of the CISO Peer Survey in the first week of April. 2021 was a stressful year for CISOs and we wanted to learn from them about how they are getting ready for the uncertain times that lay ahead with geopolitical conflicts and the threat of a recession shaping the narrative. The CISO Peer Survey was an attempt to amplify the voice of the CISO, document their opinions, challenges, and ideas, and share them with decision-makers and enterprises in general. CISOs responded to the call with plenty of enthusiasm. Within less than a month, we got 300 responses and not even a single question was left unanswered. The CISO survey has captured responses around these topics: The Sectrio CISO Peer Survey 2022 has become the most comprehensive and detailed survey of the security landscape across industries. Not only has the survey brought out many aspects of the security management strategies and tactics adopted by organizations, but it has also outlined CISO apprehensions as well as key intervention areas from a tool, skillset, budget and senior leadership awareness perspective.    The survey report will offer CISOs insights into how their peers are managing their security requirements. CISOs can also use this report to build a case for enhancing OT and IoT security investments, adding more sources of threat intelligence, dealing with insider threats, and securing vulnerabilities.   The CISO survey will be kept open till this Friday (May the 27th) and will be closed for responses after that. We will begin compiling the survey report from midnight GMT, May the 28th. All results will be published as-is and Sectrio will not be modifying any part of the responses. We will also be announcing the 3 winners of the survey contest shortly.  All survey participants will get a copy of the report emailed to them well before the official release. All of us at team Sectrio are thankful to all CISOs and cybersecurity leaders who participated in this survey and shared their inputs. We can’t wait to share the final report with you to hear your thoughts on the findings.    Your last chance to participate in the CISO survey. In case you wish to participate in the survey, you can do so here: CISO Peer Survey 2022 Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Tracking the wrong KPIs is as good as not tracking the effectiveness of your cybersecurity measures at all. As far as KPIs go, businesses fall into these categories: A majority of the respondents in our CISO survey thus far have indicated that they have a challenge with tracking the right KPIs. This is more so in the instance of large and very large enterprises and small businesses. Those in between are doing fairly well but there is certainly some room for improvement there as well. So how do businesses end up tracking the wrong KPIs? So how do businesses end up tracking the wrong KPIs? The answer to this lies in the way security programs were designed years ago. When it comes to large manufacturing entities, security programs were conceptualized and implemented to secure infrastructure without hampering operations. In case where operational priorities were deemed too important, security took a back seat and this approach has left its mark on the KPIs that such organizations are tracking. In the case of some utility companies, all teams were already burdened with tracking multiple KPIs already. This meant that only those KPIs that were absolutely necessary were tracked. In some instances, even KPIs linked to systems that were only partially functional were tracked leading to wastage of bandwidth.  In the case of maritime companies and those connected with renewable energy projects, few KPIs were tracked as there wasn’t enough bandwidth or cybersecurity solutions deployed to track more KPIs. Also read: Why IoT Security is Important for Today’s Networks? Why is it important to track the right cybersecurity KPIs? Before we understand how the right KPIs can help, here are a few facts that our research team discovered during their interactions with security teams from across verticals: With the shrinking malware development and launch cycles, the threat environment is rapidly deteriorating. It is therefore important to have a tried and tested strategy to track and monitor the right KPIs. Not only do the right KPIs strengthen a cybersecurity program, but they can also keep threats at bay and reduce the burden on the SecOps team and security analysts. Tracking the right KPIs also helps your security team evolve faster and execute a more mature and consistent security program that is better aligned to the cyber realities of the digital space that we operate in.  In order to track the right KPIs, the following steps will have to be followed: Confused about where to start your IoT and OT cybersecurity KPI journey? Download this exclusive paper on building and tracking cybersecurity KPIs to reduce the learning curve. Talk to our cybersecurity KPI specialists to learn how you can launch a KPI program in just 14 days or if you wish to validate your existing KPIs: Contact Us  We have entered the last phase of the Sectrio CISO Peer Survey 2022. The survey will be closed for responses in the next two weeks so make sure you participate in this effort to gain insights into the strategies and tactics your peers are using to defend their digital transformation journey. Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

In the first half of 2022, we have seen at least one major ransomware that was rewired or built on the code bed of existing malware. Such transformations are now occurring regularly enough to cause alarm among cybersecurity teams and vendors. In the past, Sectrio’s researchers have come across over 17 major malware families that remained potent due to the reengineering and development of variants.     So why are malware developers relying on variants rather than developing entirely new families of malware? The recent instance of Bazarloader transforming into Bumblebee ransomware offers a distinct clue. Bumblebee appeared on the horizon in March and was pushed across cyberspace through unique campaigns by 4 groups. The campaigns involved passing ISO files, Zip, and other archive attachments with malicious .DLL files and execution shortcuts. Some of which were hosted using known public cloud service providers.    Also read: Why IoT Security is Important for Today’s Networks? The appearance of Bumblebee coincided with the disappearance and fading away of Bazarloader malware. It was then revealed that the Conti group had acquired the operations of the botnet gang that developed Bazarloader.  Other than code similarities, Sectrio’s researchers were also able to correlate and see similar patterns of malware promotion campaigns and there was even a 1-1 replacement of conversations involving Bazarloader with Bumblebee on various malware exchange forums.   So why are malware developers and promotors increasingly relying on variants or acquired malware to target businesses than developing new ones? Here are a few reasons:  At any given point in time, there are many malware developers ready to sell the source codes of their malware for adequate monetary consideration. The payment terms are flexible and attractive. The malware code buyer doesn’t even have to acquire the group as it can pay a ‘royalty’ to the developer for using their code or building on it as the case may be.   Developing a variant enables malware groups to pump in relatively new malware much faster thereby keeping security teams on alert at all times. This also leads to SOC and detection fatigue which allows bad actors to bring in their malware into the target networks undetected   It is much cheaper to develop a variant than build a malware ground up. Building an OT or IoT focused malware is a costly proposition as it involves plenty of planning and innovation to by-pass defenses and non-target networks not to mention avoiding detection   By changing malware codes, the actor can confuse security analysts trying to figure out the origin of the malware   Newer variants ensure the longevity of bad actors as they continue to remain relevant beyond a few malware development cycles   We have also seen instances where the source code was picked from a group that was disbanded or based on codes stolen from APT groups or academic labs  Hackers are becoming more organized   Overall the whole proposition of getting malware ready quickly is very appealing and incentivizes malware groups to go for variants than building fresh malware.    For security teams, the main challenge with malware variants is that they pop up soon and sometimes become difficult to detect because of the new lines of code added. But a bigger challenge is the rapid development and release of these variants which means that in a single calendar year, there could potentially be more attacks and more losses.   So what are the implications of this shrinking malware development trend?  Faster evolution of more potent malware  SOC fatigue   Enterprise risk management efforts will come under added strain   If this leads to more successful breaches and more ransom payments, cybercrime will pick up and grow rapidly   Kinetic thresholds could be breached more often and lives threatened at large facilities such as those run by oil and gas and large manufacturing companies   More data leaks    There are security implications of this trend for enterprises. Thus, we need to continue our investments in keeping cyber threats at bay and preventing them from being successful. Every failed breach is a waste of time, effort, and possibly money as well for the hackers involved. Thus, by increasing the cost of operations, at least some of the hacker groups can be relegated to the fringes or even eased out of the game by cybersecurity teams. This will lead to a reduction in the number of codes available to be passed around for the development of new variants and break the cycle of deceit.   We have entered the last phase of the Sectrio CISO Peer Survey 2022. The survey will be closed for responses in the next two weeks so make sure you participate in this effort to gain insights into the strategies and tactics your peers are using to defend their digital transformation journey.  Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days