Weekly Threat Report

IoT and OT security should be your top priority in the following months as threat actors are much more focused on disrupting operational functions and with the intent to stay dormant and monitor the network waiting for the perfect opportunity to strike. Industries such as manufacturing, pharmaceuticals, oil, and gas must monitor logs and incoming traffic for any anomalous activities. In recent news, the crash in the crypto market has brought in renewed interest from the North Korean APT groups such as Lazarus, which has now begun targeting banks and the financial sector. Banks and financial institutions in the APAC regions as Sectrio Banking Sector focused – Honeypots have detected signs of such attacks rooting from North Korea, Read more on this update here: Why the cryptocurrency market crash portends bad times for cybersecurity Smart cities and critical infrastructure in Europe, the Middle East, and the Americas must continue to have their shields up as attacks only continue to grow in numbers and sophistication. This level of persistence is meant to fatigue security teams with the sole intention of infiltrating the network. This trend continues to target all sectors of the industry irrespective of size or revenue generated. If your network has IoT or OT assets an added layer of attention must be allocated with an additional focus on deep scanning such interconnected complex network. Reach out to sectrio’s team of cybersecurity experts for a comprehensive threat assessment today: Sign up for threat assessment. Weekly advisory Segments under this list must be on high alert in the coming weeks: Banks and Financial Services Oil and gas Manufacturing Critical Infrastructure Supply chains Energy Sector Water and wastewater treatment facilities Utility entities Maritime agencies Healthcare Government Agencies

Critical infrastructure in North America falls under the spotlight of hackers/APT groups again with a rising sophistication and an increased volume of target cyberattacks. Primary sectors that must stay on guard this week will be Water and wastewater industry, Utilities, Oil and gas, and manufacturing. This alert is being issued in the wake of rising cyberattacks from Russia’s geopolitical conflicts in the EU and its spill-over to the west. Sectrio’s researcher’s had accurately predicted this surge of cyberattacks coming into play before tensions with Ukraine-Russia were escalating at a record rate with no end in sight. Also Read: Why is IoT Security important in today’s network? Budding geopolitical conflicts in the Middle East and APAC suggest an early activation of cyber threats and attacks ramping up in the months ahead. Such brewing conflicts often begin with the defacement of notable web domains on the internet followed by a surge of misinformation. Similar to the events that took prior to the immediate escalation of the Ukraine-Russia conflict. We request our readers pay close attention to such factors. Early adoption of cybersecurity solutions will help security teams adapt to new methods and will go a long way in terms of simplifying their tasks and prioritizing the ones that need their immediate attention. Get the report: The global threat landscape report 2022 Patching of known vulnerabilities is an immediate priority, but that is not enough anymore. It is vital that you have a complete view of the connected supply chains and technologies that are integrated into your networks. This is a must in 2022 as threat actors across the globe have been noticed to leverage new attack surfaces and gaps in complex networks as seen in an enterprise or a government body. Instances where printers and UPS systems were weaponized to carry out cyberattacks in the past and this trend is only going to grow until a robust cybersecurity solution provider such as Sectrio. Reach out to sectrio’s team of cybersecurity experts for a comprehensive threat assessment today: Sign up for threat assessment.

Healthcare, pharmaceutical, and manufacturing faced the brunt of sophisticated cyberattacks that were perpetrated considering the critical nature of such segments of the industry and the likelihood of successful extortion attacks like ransomware. Such attacks were carried out in North America, Europe, the Middle East, and the APAC as the payout of a ransom is considerably much higher when compared to regions outside the mentioned areas. Also Read: Why is IoT Security important in today’s network? Geopolitical tensions continue to escalate at an unprecedented rate. This conflict is beginning to engulf surrounding nations and is expected to spread and impact across regions. Cyberattacks pursue strategically geopolitical conflict-prone areas with sophisticated ransomware attacks and spyware with the ability to infect the network without detection. We suggest businesses work with rich and contextual threat intelligence feeds that can help you preemptively take measures to safeguard operations from such attacks. Monitor incoming traffic and cross analyze network logs from various connected zones and conduits for any clues for anomalous behavior. Cyberattacks are only predicted to rise with increasing entropy and sophistication (The global threat landscape report 2022) We expect malicious threat actors and clusters to grow substantially as collaboration with state-backed threat actors is being identified on various chatter picked up from Sectrio’s threat research team. We suggest all organizations prioritize IoT and OT Security at the core of their operations to avoid disruptions. Reach out to sectrio’s team of cybersecurity experts on how they can help you secure your connected assets: Contact Us

Ransomware, which once was a rare tactic used by APT groups is now a habitual go-to malware that anyone can purchase off the dark web for less than $50 or outsourced to groups that provide Ransomware as a Service or (RaaS)! This trend of new ransomware attacks is predicted to continue in enterprises, manufacturing, and critical infrastructure segments as they possess critical information and operations that cannot be halted for long periods or leaked to the public. One prominent motive as to why the ransomware has grown rapidly in sophistication and volume is the ease with which one can create a variant, deploy it to encrypt certain operations, withhold critical data for ransom demands, or worse, dump it on the dark web. Such go-to tactics worked in the past and persist to this date. Most vulnerable segments in the industry are ones that aren’t aware/lack visibility into their networks and in places where the convergence of technologies such as OT, IoT, and IT are not a part of the SecOps area of visibility. Also Read: Why is IoT Security important in today’s network? Entities in North America, the Middle East, and the APAC continue to face the repercussions of the geopolitical conflict in the Ukraine and Russia. This trend of rising cyberattacks emerging from geopolitically motivated, conflict-prone areas will continue to persist, as threat actors are brazenly targeting organizations and individuals irrespective of size or revenue. While keeping this in mind, it is also vital that SecOps teams are not overwhelmed with alerts and prioritizing them. The automation of SecOps processes can be achieved with the right tools and can go a long way in communicating the right alerts that required intervention by the member of the SecOps team. We suggest all organizations prioritize IoT and OT Security at the core of their operations to avoid disruptions. Reach out to sectrio’s team of cybersecurity experts on how they can help you secure your connected assets: Contact Us

Since our previous advisory, the threats impacting connected assets are now growing at alarming rates in the Asia Pacific, Middle East, and the Americas regions. This threat is likely to persist in the coming weeks. New variants of exiting ransomware now plague cyberspace with higher sophistication when compared to its predecessors. The pace of emerging versions of malwares in cyberspace has reduced drastically and the reason can be linked to a recent discovery made by Sectrio’s research team. This actual threat coupled with the rising trend of malware loaders, identified in the past couple of weeks can be summarized quickly by alerting your SecOps teams to be on the lookout for malicious activities and patching any known vulnerabilities if you haven’t already done so. Organizations leveraging technologies such as IoT, OT, ICS, SCADA, or Industrial IoT and those who are undergoing a digital transformation project must be on their guard as the complexities involved in such hybrid networks are often susceptible to cyberattacks due to a lack of asset visibility and threat detection capabilities. This brewing cyber storm is likely to impact industries in Manufacturing, Oil & Gas, and Maritime considering the legacy and ancient equipment active in networks that aren’t aware of its existence. We suggest all such organizations prioritize IoT and OT Security at the core of their operations to avoid any disruptions. Reach out to sectrio’s team of cybersecurity experts on how they can help you secure your connected assets: Contact Us

Cyberattacks have grown significantly in the past week, impacting several nations in Latin America, and the Middle East region. This rising threat can easily be associated with a recent discovery made by Sectrio’s research team regarding the reducing development and emergence cycles of sophisticated malwares. OT, Industrial IoT or IIoT, and ICS/SCADA equipment had seen a sharp spike in the rate of emerging attacks from areas prone to geopolitically motivated events. This update raises concerns for most Manufacturing, Oil and Gas, and Financial Institutions as they are proven to be vulnerable in the past and are an active target in the sites of most threat actors considering the security gaps that can be exploited with ease. The reactivation of several threat actors that are driven by the ongoing geopolitical conflict in Europe sent shockwaves of botnet attacks crippling critical infrastructure up to a certain extent. This was also the fate of certain satellite communication and internet provider that has been active since the onset of the conflict. Such attempts show no signs of remorse and are expected to grow significantly in the weeks ahead. In APAC, while certain countries are encouraging having a robust cybersecurity posture, few countries have begun taking their first steps in addressing the challenges caused by the threat of rising cyberattacks, and this has compelled most countries to initiate a cybersecurity regulatory and governance body in order to safeguard their digital transformation efforts and critical infrastructure. We have also noticed that SecOps KPIs that are currently being tracked by heads and leaders are growing to be a challenge as they might not be the right KPIs that can effectively measure your cybersecurity posture. We urge all our readers to read this latest blog on our website regarding the importance of tracking the right set of SecOps KPIs Do keep a lookout for malicious/anomalies in your incoming and outgoing traffic from countries associated with geopolitical conflicts as threat actors show no signs of backing down. Weekly advisory Segments under this list must be on high alert in the coming weeks: Oil and gas Financial Services Manufacturing Critical Infrastructure Supply chains Energy Sector Water and wastewater treatment facilities Utility entities Maritime agencies Healthcare Government Agencies

Conti Ransomware as predicted accurately from our previous blog post is growing to be a much larger threat. Enterprises, Oil & Gas entities, and manufacturing segments of the industry are facing the brunt of attacks and are predicted to rise in the coming weeks. Highly specialized reengineered malwares and spyware are seen infiltrating known vulnerabilities as a part of their reconnaissance attacks without being detected. We urge all to conduct frequent scans for anomalies in the network and compare them with scans conducted in the past as an added layer of precaution. In our previous update on May 4th, 2022, campaigns promoting ransomware across multiple channels through multi-phased spear-phishing were seen and intercepted in some cases. Threat actors were seen primarily targeting government websites across the globe, which was followed by several data dumps on the dark web containing highly classified information from entities that denied the payment of ransom. This also indicates that the threat actors are unwilling to negotiate and have effectively reduced their payment windows. Attacks from APT groups from East Asia continue to rise at an alarming rate targeting financial institutions. Few threat actors hit manufacturing entities as the average ransom payout is much higher and more likely compared to other verticals as a halt in operations could mean significant losses. Like the previous week, we urge Financial services firms, as well as manufacturers, should be on their guard and watch out for anomalies in their networks. Weekly advisory Segments under this list must be on high alert in the coming weeks: Oil and gas Financial Services Manufacturing Critical Infrastructure Supply chains Energy Sector Water and wastewater treatment facilities Utility entities Maritime agencies Healthcare Government Agencies

Campaigns to promote BumbleBee malware loader, a sophisticated malware downloader that can detect virtual environments, load multiple ransomware, and is highly stealthy dominated the threat landscape this week. Based on analysis of threat intelligence data gathered by our security analysts, 7 campaigns were run by at least 4 groups last week across 3 continents to push this malware loader. This includes the dreaded Conti group. The renewed interest in promoting ransomware across multiple channels through multi-phased phishing campaigns targeting verticals such as manufacturing, critical infrastructure, power plants, shipping firms, and defense entities is certainly a matter of concern. More importantly, the malware development cycles are shrinking (from months to weeks) and ransom payment windows are also getting shorter with hackers asking for a ransom to be paid in 48 hours. With growing attacks on IoT and OT infrastructure, the spike in cyberattacks expected in April has materialized and the volume of attacks continues to grow with the increasing levels of activity attributed to APT groups linked to China and North Korea. Financial services firms, as well as manufacturers, should be on their guard and watch out for anomalous traffic volumes coming from random geographies. Weekly advisory Segments under this list must be on high alert in the coming weeks: Oil and gas Financial Services Manufacturing Critical Infrastructure Supply chains Energy Sector Water and wastewater treatment facilities Utility entities Maritime agencies Healthcare Government Agencies

Sectrio issues major cybersecurity alert for manufacturing and oil and gas companies Oil and Gas and auto manufacturing facilities need to be on their guard this week. Firms in these two sectors have to watch out for a significant rise in deflected traffic coming from IP addresses in Africa, Latin America, and parts of Europe. Using multi-loader malware, hackers will attempt to place ransomware in networks connected with both upstream and downstream operations and manufacturing facilities. Russian hackers who are in retreat have identified as many as 70 targets including many oil and gas firms, manufacturing plants, shipping companies, and utility firms as targets for a multi-phase campaign that could run till the end of May this year. What to watch out for: Abnormal traffic patterns with an unusual volume of traffic coming from the geographies listed above Phishing campaigns using social media channels such as LinkedIn that will target key employees. Firewalls and other perimeter-based solutions could be targeted directly by these hackers Slow or non-responsive ICS control systems Hackers may also try and use reply phishing to enter key conversations using stolen credentials Board and senior leadership members will also be targeted directly This could be a revenge attack so a kinetic attack is most likely Multiple waves of intrusion attempts to tie down SOC teams Sectrio’s Threat Research team still monitoring the situation and we will provide more updates as and when they become available. Weekly advisory Segments under this list must be on high alert in the coming weeks: Oil and gas Financial Services Manufacturing Critical Infrastructure Supply chains Energy Sector Water and wastewater treatment facilities Utility entities Maritime agencies Healthcare Government Agencies

Attack volumes remain static while sophistication grows Attacks on some sectors grew in the week ending April 16th while some sectors recorded a decline in the number of cyberattacks logged by our global honeypots. Cyberattacks on global oil and gas companies across upstream and downstream operations continued to rise for the 3rd consecutive week. Attacks on manufacturing and utilities continue to rise while the attacks on sectors such as retail and shipping fell a bit this week. Hackers are now going after OT and IoT deployments connected with the above sectors in a phased manner. Aided by reconnaissance data collected over years and with help from careless insiders, it is only a matter of time before a major cyber attack succeeds. While the attacks originating from Russia stayed more or less static, that country is also attracting an increasing number of cyberattacks from nearly 20 countries. Russian digital assets across financial services, critical infrastructure, defense, and utilities continue to log a significant volume of cyberattacks. Globally the percentage of cyberattacks targeted at Russia grew from 8 percent in early February to almost 21 percent in early April.  Such cyberattacks may also spill over into adjacent countries and the hackers may be using these attacks to try out new malware and breach tactics. Caution is advised across sectors as hackers continue to put pressure on SOC and cybersecurity teams across industries. Weekly advisory Segments under this list must be on high alert in the coming weeks: Financial Services Manufacturing Critical Infrastructure Water and wastewater treatment facilities Supply chains Energy Sector Oil and gas Utility entities Maritime agencies Healthcare Government Agencies