At a glance.
- Threat reports and trends.
- Misconfiguration risk to US government networks' security and compliance.
- CISA and election security.
- Business email compromise and gift cards.
- Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting.
- Crimson Kingsnake BEC group impersonates law firms.
- Cyberattacks and incidents.
- DataTribe announces winner of annual cybersecurity startup challenge.
- Former UK Prime Minister Truss's phone may have been compromised.
- Emotet is back.
- Black Basta ransomware linked to Fin7.
Threat reports and trends.
Three studies of threat trends appeared this week.
Deep Instinct has published its 2022 Interim Cyber Threat Report, outlining some of the top malware strains and exploited vulnerabilities between January and December of 2022. The majority (44%) of ransomware campaigns were launched by affiliates of the Lockbit ransomware-as-a-service offering, while 23% were carried out by the now-defunct Conti gang. Emotet retains its commanding place atop the banking Trojan leaderboard, with 67% of the observed attacks (NJRat is an also ran in second, at just 14%). For more on Deep Instinct's study, see CyberWire Pro.
Barracuda has published a report on the severity of threats over the course of 2022, finding that a larger number of serious attacks occur during the summer while many employees are on vacation. Microsoft 365 account compromises in particular were found to increase during the summer. 40% of attacks between June and September 2022 involved logins to Microsoft 365 accounts from suspicious countries. Barracuda classifies these attacks as “high risk.” For more on these threat trends, see CyberWire Pro.
Akamai’s DNS Threat Report for Q3 2022 has found that 14% of devices connected with a malicious destination at least once during the quarter. The researchers state, “Breaking down these potentially compromised devices further, 59% of the devices communicated with malware or ransomware domains, 35% communicated with phishing domains, and 6% communicated with command and control (C2) domains.” Akamai also notes that phishing campaigns will increase as the holiday season approaches, so this unfortunate trend will in all likelihood see a seasonal upturn. For more on this study, see CyberWire Pro.
Misconfiguration risk to US government networks' security and compliance.
Titania has released a study on US Federal security practices, “The impact of exploitable misconfigurations on the security of agencies’ networks and current approaches to mitigating risks in the U.S. Federal Government.” The research shows that network professionals report that they’re meeting their security and compliance requirements, but the data suggest that this self-reporting is optimistic. Federal agencies have a larger number of devices on their network, with over 1,000 on average. 59% of respondents say that they assess the configuration of network devices every year, with 12% doing it on a bi-montly cycle. 71% reported the effectiveness of their network security tools in categorizing and prioritizing compliance risks, which contrasts the 81% of respondents that reported that the inability to prioritize remediation based on risk is a top issue. Respondents reported an average of 51 misconfigurations in the past year, with 83% reporting at least one critical configuration issue in the past two years. For more on the study, see CyberWire Pro.