Security Threat Intelligence Report
DXC’s monthly Security Threat Intelligence Report provides a strategically oriented roundup of the latest threats, breaches, cybercrimes and nation state activities. Combining information from public and proprietary sources including DXC’s global network of security operations centers and cyber intelligence services, this report is part of DXC Labs | Security, which provides insights and thought leadership to the security industry.
Security Threat Intelligence Report: January 2021
In the words of WIRED magazine, “Russia’s SolarWinds hack is a historic mess.” New revelations about this wide-reaching, trusted supply-chain attack are surfacing daily. In this special report, we’ve compiled the latest updates on the impact, indicators of compromise and threat-hunting approaches from numerous sources. I suspect we’ll be hearing about the impact of this nation-state campaign for some time.
Past reports
December 2020: Cyber criminals are opportunists, and with COVID-19 vaccines shipping in multiple countries, attackers are targeting manufacturers and their supply chains in an effort to monetize ransomware attacks at the worst possible time and steal intellectual property and patient data. This month’s report also documents the expanding attacks against Linux, Windows, and internet of things (IoT) devices along with underlying firmware. Now is the time to focus on patching vulnerabilities and safeguarding senior executives from highly sophisticated phishing attacks.
November 2020: Nation-state threats involve some of the most sophisticated attacks across the threat landscape, and threat actors have branched out from espionage to extortion. Iranian-backed threat actors are exploiting the Microsoft Zerologon vulnerability with ransomware, while others are exploiting the Netlogon elevation of privilege vulnerability. Other Linux-based attacks have been attributed to the Russian GRU (GU) Military Unit. Threat intelligence, continued vigilance and addressing vulnerabilities are crucial in this expanding threat landscape.
October 2020: October is once again Cyber Security Awareness Month, and the 2020 threat landscape is especially hostile to remote workers. This month, we’ve included security tips for hardening remote equipment and networks, blocking malicious websites and securing passwords. Emerging threats include new container malware, remote code execution vulnerabilities and nation-state campaigns.
September 2020: The shift to remote work has seen a considerable uptick in targeting remote access solutions. A new Zoom phishing campaign is harvesting Office 365 credentials while new business email compromise attacks can bypass multifactor authentication. We must ensure identity and access management are tight, and cyber hygiene is an ongoing focus. We also must continue to educate teams to keep a diligent eye on ongoing phishing schemes and malware.
July-August 2020: Each month, we report on ransomware attacks, and DXC is not immune. Our Xchanging subsidiary was attacked in July. While the incident was contained within days with minimal impact on customers and no loss of data, the attack underscores the prevalence of evolving ransomware threats. Elsewhere, various families of ransomware are attacking Windows- and Linux-based systems with destructive effect. In addition, new remote code execution (RCE) vulnerabilities have surfaced. In today’s environment, we all need to stay focused on securing infrastructure and data, increasing awareness and reducing the number of exposed threat vectors.
June 2020: As the world gradually lifts pandemic-related restrictions, it is clear COVID-19 has changed the way we work, shop and socialize, and these changes have created new and lucrative targets. Attackers launched numerous COVID-themed campaigns in the first quarter of 2020, but as success rates have fallen, they’re turning to more subtle phishing lures. Employing strong endpoint security, remote access solutions and security monitoring is essential in this threat climate.
May 2020: Ransomware attacks are increasing in intensity, as criminal groups continue to take advantage of COVID-19’s impact. Many security teams have been called in to support urgent IT operational demands, creating golden opportunities for attackers. Organizations must maintain constant vigilance for malware including TrickBot, Emotet and Maze.
April 2020: The coronavirus outbreak has swept across the globe causing unprecedented shutdowns in many industries and a huge move to home working. This shift has not gone unnoticed by cyber criminals, with an estimated 80 percent of the threat landscape using coronavirus as a theme for phishing emails, spoof websites and other attacks. Included are tips for staying safe and secure during these unprecedented times.
March 2020: Cyber espionage operations are a key theme this month with new campaigns spotted in the wild. Both demonstrate the potential damage and length of time threat actors can remain in an environment undetected. Also, several large-scale data breaches were reported by construction, gaming and hospitality firms.
February 2020: Find out about the latest threats related to Microsoft. Several Windows operating systems reached their end of life in January, making them very tempting long-term targets for attackers. Also, ransomware operators are now collecting data to further monetize their operations.
January 2020: Nation-state threats are at the forefront of this month’s report in the wake of the killing of a top Iranian general by a U.S. drone strike. Western nations are bracing for counterattacks, and reports are surfacing of specific retaliation threats by pro-Iranian hacktivists including the potential defacement of sites belonging to U.S.-based entities.
December 2019: As much of the world heads into the holiday season, retailers are firmly fixed in the crosshairs of cyber criminals. The increase in sales is expected make the theft of payment card details very alluring. However, the threat is not limited to retailers. Distracted employees making plans for the holidays can be a welcome gift to a cyber criminal.
November 2019: Ransomware accounts for 39 percent of global data incidents and costs billions of dollars. Effective network controls and endpoint solutions can help, but organizations must construct and regularly test backups and data recovery plans to ensure recovery. Advanced threat actors also featured prominently in new operations related to nation-state actors and cyber criminals.
October 2019: October is Cyber Security Awareness Month and the perfect time to assess the threat to your enterprise and the motivations of attackers. This month saw the return of Emotet after four months of inactivity, a new ransomware strain targeting enterprises, and new phishing campaigns that target enterprises and users globally. Data security also features prominently this month as Ecuador investigates an unsecured database containing the personal details of over 20 million citizens.
September 2019: Extortion continues to be a key threat. In recent months, ransomware has locked up public services in cities and counties across five U.S. states, with the latest coordinated campaign hitting 23 Texas towns. Other ransomware campaigns are raging through Europe. Criminals have also ramped up sextortion tactics through botnets, targeting over 200 million email accounts. And keep an eye out for poorly configured printers and internet of things (IoT) devices, because Russian hackers may be looking too.
August 2019: The cost of cyber incidents is growing, plus victims face longer-term reputational damage, such as the recent takeover of the London police Twitter account by hacktivists. Also, there are new twists on familiar threats, such as phishing campaigns that use QR codes to target mobile devices, and the latest Magecart exploit of using poorly configured cloud buckets to inject the group’s notorious card-skimming code.
July 2019: Ransomware actors are combining automated approaches and manual methods to maximize their attacks. Advanced persistent threats that employ spear phishing continue to target long-standing vulnerabilities, underscoring the need for email protection and patching as the forefront of cyber defense.
June 2019: Third-party security risks are playing a role in major breaches. Ransomware continued to be a growing threat, with an increasing number of attacks against enterprise environments, often referred to as big game hunting. Also included: hacktivist threats, new e-commerce attacks and new vulnerabilities for WhatsApp and SAP.
May 2019: Retailers were targeted at the point of sale through complex network intrusion, new ransomware campaigns, TRITON’s focus on critical national infrastructure, a new trojan from North Korean’s Lazarus APT, a new Game of Thrones phishing scheme, and increasing tensions between the United States and Iran.
April 2019: Magecart’s compromises of third-party suppliers tfacilitated card skimming of e-commerce sites; the latest ransomware attacks on enterprise-scale targets; the growing use of automation to compress the cyber kill chain, reducing time for cyber defense to detect and disrupt attacks; and the increase in mobile malware attacks including Trojan-Droppers.
March 2019: More breaches for the highly targeted financial services sector, phishing campaigns targeting CEOs and chief executives, widespread attacks on DNS services, and growing credential-stuffing attacks being driven by cheap account information on the dark web. Get the latest updates on high-profile breaches, the most active threat actors and suspected nation-state activities.
Contact us for more information about DXC Threat Intelligence.