Report: APT gang increased cyberattacks on businesses in Q3

Positive Technologies reports that targeted attacks were up in Q3 as hackers continued to rely on malware and social engineering to steal data from companies and individuals.

Targeted attacks rose to 65% in Q3, up from 47% in Q1, according to the company’s Cybersecurity Threatscape Q3 2019 update. In the Q3 report, Positive Technologies noted that 81% of malware infections of corporate infrastructure started with a phishing message.

Positive Technologies cited APT groups for the increase as hackers focused these attacks on governments, industrial companies, the financial sector, and science and education organizations. APT hackers pretend to represent governmental institutions, military entities, and telecom companies to attack organizations in South Asia.

Cybercriminals used social engineering in 69% of attacks on organizations in the third quarter, up from 37% in the second quarter. Business email compromise (BEC) was the weapon of choice, as hackers “present themselves as belonging to a trusted company (such as a vendor) and send an invoice with their own bank account number.”

According to the FBI’s Internet Crime Complaint Center, worldwide losses from BEC fraud are more than $26 billion over the last three years.

In the third quarter of 2019, TA505, an APT group, expanded its targets to include more countries and additional industries. Phishing messages are the group’s main method for penetrating target networks.

SEE: Fighting social media phishing attacks: 10 tips (free PDF)

In September, the PT Expert Security Center noticed that TA505 was sending phishing messages to European and African banks. The emails included Office documents with macros that extract a DLL, save it, and run the new FlawedAmmyy loader.

Hackers are finding new ways to get around anti-phishing defenses. In Q3, hackers used a compromised SharePoint site to trick bank employees into sharing usernames and passwords. The initial SharePoint link made it through to bank inboxes because SharePoint links had been whitelisted.

The group’s arsenal includes:

Dridex, a banking trojan
Cryptomix, ransomware signed with certificates issued to dummy legal entities
ServHelper, a remote desktop agent and a downloader
FlawedAmmyy, remote administration trojans
Upxxec, a plugin that detects and disables a large range of antivirus software

Positive Technologies reports that with each new wave of attacks, “the group has made qualitative changes to its toolkit and advanced to more sophisticated techniques for maintaining stealth.”

The Q3 2019 update also found that that mining software now represents only 3% of attacks on organizations because attackers are gradually switching to malware with “multifunction capabilities.”

“The Clipsa trojan is one example of this multitasking malware which includes mining cryptocurrency, stealing passwords, tampering with addresses of cryptocurrency wallets, and launching brute-force attacks against WordPress sites.”

In late August, Emotet started sending malicious spam again after several months of inactivity. The botnet’s operators offer other hackers access to Emotet-infected computers so that these “customers” can install more malware.

The botnet sends out malicious mailings disguised as invoices, financial documents, and even a free version of Edward Snowden’s book. The attachments infect the victim with the Emotet trojan. This allows the botnet operators to place more malware on compromised devices, such as the Trickbot trojan or Ryuk ransomware, which are frequently found together on infected machines.

At the end of the report, Positive Technologies reminds readers that the majority of attacks are not made public because companies don’t want to admit to losing control of their data and IT systems. Positive Technologies and offers this advice to improve IT security:

Make sure that insecure resources do not appear on the network perimeter <
Filter traffic to minimize the number of network service interfaces accessible to an external attacker
Use two-factor authentication where possible, especially for privileged accounts
Improve security awareness among clients

In Q3, hackers used a compromised SharePoint site to trick bank employees into sharing usernames and passwords.
Image: Positive Technologies

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This policy describes the organization’s employee privacy guidelines and outlines employee privacy expectations. From the policy: POLICY DETAILS The organization’s IT equipment, services and systems are intended for business use only. However, the organization acknowledges that staff, consultants and volunteers occasionally require opportunities to make or receive personal phone calls, access personal email, utilize ...

PURPOSE The purpose of this Security Response Policy from TechRepublic Premium is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both ...

PURPOSE This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of IT departments and employees to identify tasks and action items for each group. The policy can be customized to fit the needs of your organization. From the policy: IT STAFF RESPONSIBILITIES IT staff ...

Report: APT gang increased cyberattacks on businesses in Q3