Threat Pulse – June 2023
Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats.
If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
The intrusions, which make use of residential proxy services to obfuscate the source IP address of attacks, target governments, IT service providers, NGOs, defence, and critical manufacturing sectors.
“These credential attacks use a variety of password spray, brute-force, and token theft techniques,” Microsoft said in a series of tweets, adding the actor “also conducted session replay attacks to gain initial access to cloud resources leveraging stolen sessions likely acquired via illicit sale.”
ThirdEye Windows-based Malware
ThirdEye, a not-so-known Windows-based information stealer with the ability to obtain private information from infected devices, has been found in the wild.
The malware was discovered in an executable that was posing as a PDF file with a Russian name which translates to “CMK Rules for issuing sick leaves.pdf.exe.”.
Although not particularly sophisticated malware, it was made to steal various pieces of information from affected PCs that might be used as a base for later attacks.
New Mystic Stealer Malware Increasingly Used in Attacks
A new information-stealing malware called Mystic Stealer has been found which currently has the capability to steal data from 40 different web browsers, 70 web browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications and 55 cryptocurrency browser extensions.
The malware is able to run on Windows devices running XP or newer and it does not need any dependencies, so its footprint on infected systems is minimal, while it operates in memory to avoid detection from anti-virus products.
Linux version of Akira ransomware targets VMware ESXi servers
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide.
By targeting ESXi servers, a threat actor can encrypt many servers running as virtual machines in a single run of the ransomware encryptor.
Akira first emerged in March 2023, targeting Windows systems in various industries, including education, finance, real estate, manufacturing, and consulting.
Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover
Researchers have found a potential vulnerability in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process which could have been exploited to achieve full account takeover.
The “Contact Information” in that Azure AD account can be modified by a malicious actor and can exploit the “Log in with Microsoft” feature to hijack a victim account.
DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.
Talk to the team to see how you can start protecting your business against cyberattacks today.
