As Solorigate remains under investigation, BitSight tells CRN that one aspect of the campaign, the supply chain attack that backdoored SolarWinds’ Orion platform, could cost insurers some $90 million. If that seems low, consider that a large fraction of the most seriously affected victims were US Government agencies that normally don’t carry cyber insurance. (And also consider that the incident is still relatively new, with a great deal more investigation to be done.)
Intel 471 argues that Solorigate displays the continuing convergence of criminal techniques and cyberespionage tactics. Supply chain attacks “started as a technique in the cybercriminal underground,” and their utility in espionage is now also evident.
Iranian cyber campaigns have been overshadowed by the (probably) Russian Solorigate operations, but Charming Kitten was active over the holidays. ZDNet cites a CERTFA Labs report on Christmas-and-New-Year-themed phishing and smishing that appears to have enjoyed some success. The campaign represents the second time Charming Kitten has been able to hide behind a legitimate Google url.
Bitdefender describes a resurgence of the Remcos remote access Trojan, engaged, as RATs so often are, in credential theft. In this case Remcos used COVID-19 phishbait in its spam, and concealed additional malicious payloads steganographically in “popular viral images.” The campaign also featured anti-reverse-engineering features.
Coronavirus phishbait has also been used in large-scale business email compromise campaigns. Proofpoint reports that the lure appealed to greed rather than fear, with (for example) predictions of a coming, vaccine-driven, global economic boom, offering big profits to savvy early birds.