Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

ThreatList: Top 8 Threat Actors Targeting Canada in 2019

by

Bad actors are looking to hit financial and banking firms in Canada with geo-specific campaigns touting malware like Emotet, GandCrab and Ursnif.

Banking and financial services in Canada are being targeted in geo-specific attacks looking to spread varying forms of malware, according to researchers tracking thousands of malicious email campaigns between January 2019 to May 2019.

In particular, campaigns are typically launched by financially-motivated cybercriminals, but can also be orchestrated by national, state-sponsored threat actors (such as Advanced Persistent Threat or APT groups), said researchers with Proofpoint.

“In 2019, threats specific to Canadian interests, whether abusing Canadian brands, or affecting Canadian organizations through specific geo-targeting mean that defenders at Canadian companies must be cognizant of threats far more targeted than ‘North America,’” researchers said.

Click here for the complete article

CANADIAN POLICE RAID ‘ORCUS RAT’ AUTHOR

by

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a Remote Access Trojan.

Filed Under: Advanced Persistent Threat, Blog, CyberThreats, Security News

Over 12,000 Business Websites Leveraged for Cybercrime

by

By Kelly Sheridan- Dark Reading – February 5, 2018

Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.

 More than 12,300 websites in the business category were used to launch cyberattacks or deliver malware in 2017, making company sites riskier than gambling and shopping sites. Attackers are abusing people’s trust in popular sites to launch consistent and effective malware campaigns.

Forty-two percent of the top 100,000 websites ranked by Alexa are considered “risky,” according to Menlo Security’s State of the Web 2017. Researchers determined a website’s risk based on three criteria: use of vulnerable software, history of distributing malware or launching attacks, and the occurrence of a security breach within the 12 previous months.

A site was deemed risky if it met any one of these criteria. The largest category of risk was news and media sites, 49% of which met a risk factor, followed by entertainment and arts (45%), travel (41%), personal sites and blogs (40%), society (39%), and business and economy (39%), which includes company, association, industry group, financial data and serivces, and hosted business application sites.

Business and economy sites hosted more phishing sites, ran more vulnerable software, and experienced more security incidents than any other category in 2017, researchers found. The category was hit with 23,819 incidents in 2017; the next-highest was society sites at 12,669.

Background websites: Who are you talking to?

Menlo CTO Kowsik Guruswamy explains the risk of “background radiation,” which stems from the idea that much of cybercriminals’ damage happens behind the scenes. Each time someone visits a website, it contacts an average of 25 background sites for different demands: grabbing ads from an ad delivery network, for example, or videos from a content delivery server.

Any of these third-party sites could be compromised and pose risk to users. Most malware prevention tools, from antivirus products to behavioral modeling systems, are designed to focus on the intended domain and often don’t pick up on calls to background sites.

A major website like Bloomberg might have an IT team to update servers, Guruswamy says. However, when end users visit and are presented with videos and ads, the activity comes from other networks and may not necessarily be safe. The same applies to all major websites.

As software ages, risks grow

Many of today’s websites are participating in browsing sessions, and actively servicing ads, on software riddled with vulnerabilities, Guruswamy says.

“You have this really, really old software that’s full of holes that haven’t been patched and are waiting to be exploited,” he explains, pointing to the Equifax breach as an example of what threat actors can do if a website is running unpatched software.

Menlo analysts passively fingerprinted website software for both primary and background sites, and coordinated the documented vulnerabilities for each one. They found more than 51,000 business and economy websites are running vulnerable software.

The software supporting company websites is often old enough to have been compromised several times over the past few years. More than 32,000 websites analyzed run on Microsoft Internet Information Services (IIS) 7.5, which was released in 2009. Many sites use software that is no longer fully supported; for example, Microsoft’s IIS 5 Web server, which was released in 2000 and stopped receiving mainstream support in 2005.

Read full article ->

IBM Discovers Cybercrime Ring Targeting Canadian Businesses

by

November 27, 2017 – www.pymnts.com

IBM X-Force, the cybersecurity intelligence and research unit of IBM, has reportedly discovered a cybercriminal ring operating out of Ukraine targeting Canadian businesses.

Recent reports in Security Intelligence said the criminals are deploying custom phishing attacks against business customers of Canadian banks to gain access to their bank credentials, passwords and authentication codes. The attackers send a spear phishing email to a target with seemingly legitimate contents, including a bank logo.

The emails are sent with PDF attachments designed to hide from detection tools. Analysts said it is possible that the criminals may have first deployed an earlier attack on their targets to learn more about the companies’ account information before launching the PDF-related attack. The PDFs urge readers to synchronize their devices and re-activate with one-time passwords and tokens, while links in the PDF send users to phishing sites.

The scheme is designed to give attackers access to business bank accounts.

According to IBM X-Force, the same attackers have also been operating a separate ring targeting consumers, though cybercriminals have recently been heightening their focus on corporate victims and high-value accounts.

The cybercrime ring identified by IBM X-Force is one of several that have taken to targeting businesses in recent months. Last June, in the wake of WannaCry, Bloomberg reported on another “massive cyberattack” originating in Europe. Investigators found Mondelez International, A.P. Moller-Maersk and BNP Paribas Real Estate to be among the targeted victims.

A research report released in October by Deutsche Bank and Economist Intelligence Unit found cybercriminals are particularly interested in targeting the corporate treasury department, which holds a trove of sensitive company and customer data.

“Sophisticated cybercriminals often use social engineering and insight information to execute high-value thefts via corporate treasuries,” said Deutsche Bank head of cash management Michael Spiegel, in a statement at the time. “Our research has identified serious gaps in corporate defense, including vulnerabilities hidden with third parties and their subcontractors. This gives cybercriminals the opportunity to steal data.”

Many businesses continue to leave their doors wide open to unsophisticated attackers, research shows

by

From Bitdefender – Flip Truta

New research reveals that cyber-attacks by unsophisticated hackers this year have successfully exploited vulnerabilities that many of the world’s famed businesses were already aware of but did nothing to fix.

Despite upcoming laws that will charge them millions in penalties if found non-compliant, many businesses worldwide continue to neglect standard security procedures.

The latest evidence comes from the 20th annual EY Global Information Security Survey (GISS), which breaks some disconcerting news regarding the willingness of big businesses to beef up security.

While the surveyed companies weren’t named in the report, the research was conducted with the aid of “1,200 C-level leaders of the world’s largest and most recognized organizations.” Here’s what EY found:

Only 56% of those surveyed are changing or planning to change their strategies due to the increased impact of cyber threats. Even though most organizations are spending more on cybersecurity, only 12% expect an increase of more than 25% this year.

Potential damage from a cyber-attack isn’t always immediately obvious, yet 64% say an attack that “did not appear to have caused any harm” would not likely persuade the powers-that-be to spend more on cybersecurity.

Many, however, recognize that lack of adequate resource allocation can increase cybersecurity risks. As many as 20% of respondents admit they do not have enough of a grasp on current information security implications and vulnerabilities to decide what needs to be done.

Cybersecurity budgets are bigger in organizations that place dedicated security officers in key lines of business, as well as in companies that report on cybersecurity to the board audit committee at least twice a year. Some companies also seek the counsel of cybersecurity lawyers from Sidley Austin (https://www.sidley.com/en/services/privacy-and-cybersecurity) or similar law firms that can offer their legal guidance and support through data security breaches of all dimensions.

However, while 50% report to the board regularly, only 24% say the go-to person with responsibility for cybersecurity sits on that board. Moreover, only 17% of respondents say boards have enough of a grasp on IT security matters to properly assess the effectiveness of preventive measures.

The report also reveals, perhaps most importantly, that common attacks described as “cyberattacks carried out by unsophisticated, individual attackers” have successfully exploited vulnerabilities that many of the surveyed organizations were aware of. According to EY analysts, this finding points to “a lack of rigor in implementing standard security procedures.”

Other findings include:

  • Malware and phishing are regarded as the most prolific threats in the past 12 months
  • Careless, unaware and/or malicious employees are seen as the most significant increasing vulnerability to organizations’ security
  • 75% rate the maturity of their vulnerability identification as “very low to moderate.”
  • 12% say they have no formal breach-detection program
  • 35% describe their data-protection policies as ad-hoc or non-existent
  • 38% either have no identity and access program or have not formally agreed on such a program.
  • 57% of respondents have an “informal” threat intelligence program or do not have one at all
  • just 12% of respondents can confidently say they can detect a sophisticated cyberattack targeting their organization

If you have questions or would like to discuss how to improve your security posture – contact us.