03/06/2023 | News release | Distributed by Public on 03/07/2023 02:39
Leonardo has published its report figures on attacks, threat actors and vulnerabilities for October-December 2022.
Leonardo's Cyber Threat Intelligence team issued its quarterly report on the top threats identified by the company's Security Operation Centre between the start of October and the end of December 2022. The analysis revealed some common features for the period:
Ransomware confirmed as the leading cybercriminal threat in Q4 2022. Leonardo's Cyber Threat Intelligence team again noted that ransomware - entirely new compared to previously used ones or employing updated tactics, techniques and procedures - emerged as the most prevalent malware.
But there are developments: the report stresses that even known ransomware still poses a severe threat. Like viruses that attack the human body, they 'mutate'.
In this quarter, the team observed evolutions of existing malware, in particular ones that use various techniques to evade threat identification systems:
In addition, some of the new ransomware identified by the team have special characteristics that significantly increase their ease of use, effectiveness and destructive capabilities. These include:
Regardless of the attack mode used, the weak link in the cyber security chain is still the human being. Indeed, cyber-attacks continue to exploit social engineering techniques, which seek to deceive the potential victim into parting with personal information and data, often by exploiting the person's network of social relationships. The success of these techniques shows that knowing the risks is, unfortunately, still insufficient to enable people to react appropriately to ever-new and different techniques and ways of distributing threats.
In particular, in the October-December 2022 quarter, Leonardo's Cyber Threat Intelligence team found many campaigns involving malspam (malware sent through email messages), mainly targeting Italian users, and phishing, designed to exfiltrate credentials and exploit known vulnerabilities to breach systems and then install malicious software.
One particular phishing technique observed during the quarter is used by the threat actor Luna Moth, which makes the victim the central player in the attack. The technique is called 'callback phishing', or TOAD (Telephone-Oriented Attack Delivery). Here, the perpetrators trick the victim into installing a malicious application. The latter receives an email with an invoice, saying that their subscription to a service (which they never requested) is expiring with automatic renewal. The email contains a telephone number to contact to cancel the subscription. However, the cybercriminals who run the call centre guide the unwitting user into downloading software that, they tell them, should cancel their subscription but steals their data and information (also useful for stealing money).
This technique appeared in late 2022 in another malicious campaign that targeted Italian online banking users. The campaign sought to acquire access credentials to banking portals and distribute the Android 'Copybara' trojan, with which they could perform many intrusive actions and commit fraud.
This technique will probably become increasingly popular as it assures threat actors a considerable attack success rate for a minimal management cost.
For more information: [email protected]
Follow our social media channels Twitter, LinkedIn and Instagram to stay up-to-date on Leonardo initiatives.