Lumen's Black Lotus Labs researchers recently discovered evidence of a sophisticated, highly targeted campaign targeting SOHO (small office/home office) routers in both North America and Europe.
The evidence that the team has gathered so far suggests that the unidentified actor must have been state sponsored. Garden variety hackers don't usually have the necessary tools, techniques, or procedures to carry out the attacks the researchers are seeing.
It's interesting that the campaign's intensification coincided with the pandemic-fueled shift towards large numbers of workers working from home.
The following is a summary of the campaign's recent publication:
"This (a massive increase in people working from their homes) provided threat actors with a new opportunity to leverage at home devices such as SOHO routers, which are widely used, but rarely monitored or patched, to collect data in transit and hijack connections to compromise devices in nearby networks."
A sophisticated adversary was able to take advantage of the opportunity to undermine the traditional defense-in depth posture of many well-established organizations by shifting to remote work as a result.
The report continues to state that:
"The capabilities demonstrated in the campaign - gaining access SOHO devices of different models, collecting host information to inform targeting sampling and hijacking network communications to determine targeting, sampling, and hijacking network communications to obtain potentially persistent access to in land devices, and intentionally stealth C2 infrastructure by leveraging multi-stage siloed routing to router communications – points to a highly skilled actor that we hypothesize has lived undetected at the edge of targeted networks over years."
This is a real threat. This is a real threat, even though your IT department may be stretched thin. However, you can reduce your risk by helping your employees working remotely with patch planning.
Integrated Technology Systems can supplement you IT department with a co-managed approach to your network security. Securing your sensitive data with multiple points of access can be difficult for just a few people to manage. by calling our team, you are adding proactive approach to cybersecurity efforts.
Fake Copyright Infringement emails Used To Spread Malware
Hackers have found a way to sneak malware past your defenses. Researchers from around the globe have discovered a new tactic to scare victims. They send them emails warning about copyright infringement.
The email warns the recipient that their website hosts copyright-protected material and threatens legal action if they don't remove the offensive material immediately.
This is a red flag because, rather than just stating what materials are copyright protected within the body of an email, the attackers also include a ZIP protected archive file that supposedly contains the details.
Anyone who is scared to open the archive won't find any details. They will instead have accidentally opened the door for LockBit 2.0 ransomware installation on their computer.
Worse, if the malware is connected to your corporate network it will spread laterally, infecting as many devices and locking them all.
This clever social engineering trick is genius. Copyrights are something that nobody wants to violate, so hackers play on common fears. The current campaign is well-organized. The emails are well-organized and the hackers use one of the most prolific ransomware variants.
Your website is unlikely to display copyrighted material. Even if you were, copyrighted material would still be prominently mentioned in any email that you received from the copyright owner.
Make sure that your employees are aware of the current campaign. It's too late if someone opens the archive. Your company will likely experience some downtime and loss of trust. It is not worth taking the chance. Keep safe out there.
Training your employees on what to look for in email communications is imperative. Share this email with them and contact us today to discuss training your staff.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/
