Sectrio

Weekly threat monitor: March 21st, 2022

Ransomware, DDoS, and Botnet attacks made headlines in the past week. Sectrio has detected huge volumes of DDoS attacks taking down websites, primarily government-affiliated websites. Most of these attacks are targetting nations facing an ongoing geopolitical conflict and the ones prone to disputes with affiliated countries.

Governments, Critical infrastructure, and healthcare sectors bore the brunt of cyberattacks with damages ranging from data leakage of social security numbers to operational halts. The spike in cyberattacks originating from Eastern Europe plateaued last week. Is this a lull before the storm or are we witnessing a phase of a temporary pause as the APT teams regroup, we can only speculate.

Oil and gas companies and manufacturing entities are being kept under constant pressure by hackers. Most of the attacks logged last week were on up-stream oil companies most of whom were targeted using multi-stage phishing tactics. Oil pipeline companies that were receiving a disproportionate volume of attacks saw a decline in targeted attacks.

Malwares identified in the past sprung up in the past week with added upgrades of unconventional means and advanced techniques of breaching the network. The new variant of BazarLoader that is being pushed around has also seen extensive propagation in geographies such as the Middle East, North America, and parts of Asia-Pac. With the arrival of Escobar malware, it is clear that hackers are now targeting individuals to steal large amounts of money and convert that into cryptocurrency. IoT devices connected to the network succumbed to cyberattacks and were turned into bots to initiate cyberattacks of higher severity. New groups of threat actors Ransomware as a Service (RaaS) were identified with no intentions of ever decrypting even after the payments of ransom were made. These threat actors also bricked several devices, making them unusable. The role of North Korean APT group Lazarus in promoting such multi-payload delivery malware cannot be ruled out as we have found 3 instances of Lazarus’ digital footprint in some cases.

Chatter on Dark Web indicates that at least some of the Russian hackers have broken free from their APT teams and are now working with or for private actors. This development could lead to more attacks on enterprises and on targets that are not just easy to breach but could potentially yield more ransom.

We urge all to secure and strictly monitor for anomalies in regular functions and also beware of rogue activities from such connected devices in the coming days ahead.

Weekly advisory

Segments under this list must be on high alert in the coming weeks:
Scroll to Top