In this month’s news, ransomware is reaching unprecedented levels of atrocity, and threat actor groups continue developing new types of malware that evade detection. Top worldwide organizations like ECB’s are constantly improving their security infrastructures implementing cyber defense stress programs, and the UK’s National Crime Agency is using deception to collect adversary intelligence. Read on to find out what we’re talking about this month.

Ransomware attacks have entered a heinous new phase

In February, the Russian BlackCat ransomware group hit the Lehigh Valley Health Network (LVHM), stealing patient-related data, including very intimate and graphic photos from oncology patients. Researchers say ransomware groups have become more aggressive and go quicker to ruthless extremes since fewer victims are paying the ransom. More victims follow this strategy to not pay threat actors, following governments’ advice and this is a positive sign. This can either force ransom groups from abandoning ransomware entirely or create the opposite effect, where ransomware groups shift towards more aggressive and heinous tactics.

Ransomware groups are going the extra mile with their strategies and intentions playing dirty. It’s not easy for every business to continue as usual without having enough resources and tools to resist paying ransom. What’s clear is that cyber victims are not willing to pay for ransom so threat actors can only leave or raise their game. I believe they will probably choose the latter.

Member of the Sales Team

Source: Arstechnica, March 14

Biden administration announces plan to stop water plant hacks

The US government has just announced a new plan to improve the digital defenses of public water systems. This move comes after the White House announced a national cybersecurity strategy, which aims to improve its critical infrastructure cybersecurity posture. Multiple high-profile hacking incidents have occurred in recent years in water treatment plants, and the government is acting urgently to stop new threats. The U.S. Environmental Protection Agency (EPA) says they have a robust technical assistance program in place to support public water systems that need cyber support.

For some time now the number of cyber-attacks against critical infrastructures has been growing and, due to the great impact that such attacks can have on a country and its inhabitants, the different governments are designing plans aimed at increasing security measures for this type of infrastructure in order to reduce the risk. The fact that critical infrastructures use legacy technology, which is often difficult to update, means that early detection is often the only option. CounterCraft has the experience and tools necessary to protect critical infrastructures using deception technology to achieve this early detection (even pre-breach) with zero impact on the systems to be protected.

Fernando Braquehais, Founder

Source: Reuters, March 3

Chinese hackers use new custom backdoor to evade detection

Mustang Panda, the Chinese cyber espionage APT hacking group, is deploying a new custom backdoor that goes by the name of ‘MQsTTang’. The new malware does not appear to be based on previous malware, which indicates the hacker group probably developed it to evade detection and make attribution harder. The malware targets government and political organizations in Europe and Asia. To evade detection, MQsTTang checks for presence of debuggers and monitoring tools on the server, and if any are found, the malware changes its behavior accordingly. It remains to be seen whether MQsTTang will become part of the group’s long-term arsenal or if it was specially developed for a specific operation.

Threat actors are increasingly becoming more sophisticated, developing new ways to go undetected. Cybersecurity vendors are constantly improving their detection and response capabilities, as are threat actors. This clearly shows a never-ending fight between ‘the dedicated cybersecurity practitioners and bad actors’ who are constantly attacking organizations.

Shunta Sanders, Director of Global Pre-Sales Engineering

Source: Bleeping Computer, March 2

UK sets up fake booter sites to muddy DDoS market

The United Kingdom’s National Crime Agency (NCA) is using cyber deception to create false DDoS-for-hire websites where users can easily access the information, so that the NCA can collect valuable information from people looking for such services to execute attacks. The NCA hasn’t declared how many websites they have created and for how long they have been running. The objective is to make adversaries unsure if what they are purchasing is legitimate or not, thereby deterring risk, according to the NCA. The NCA campaign comes on the heels of an international law enforcement takedown involving four dozen websites that made powerful DDoS attacks a point-and-click operation.

Once more we see national security and defense organizations like NCA make use of deception as part of their active defense strategy. This shows the potential of deception-based solutions when it comes to collecting high-profile adversary information and enforcing any organization’s security infrastructure. It even adds a bit of paranoia to the mix as adversaries cannot distinguish what’s decoy or real anymore.

Gorka Ariznabarreta, Product Marketing Manager

Source: Krebs on Security, March 28

ECB to test banks for cyber resilience

After the significant increase in cyber attacks following Russia’s invasion of Ukraine, the European Central Bank plans to test the cyber resilience of the euro zone’s top banks. In 2024, the ECB is going to launch a thematic stress test on cyber resilience to be able to understand how banks are able to respond and recover from successful cyber attacks. Andres Enria, Chair of the European Central Bank’s Supervisory Board, says that even though the source of the attacks are unclear, the number of attacks have increased since the Russian invasion of Ukraine started. Enria mentions that part of the problem is that banks are outsourcing some of their critical IT infrastructure.

We see worldwide organizations like the ECB moving towards a proactive approach to cybersecurity. It shows the need for banks to anticipate attacks and test their remediation and response capabilities after a breach has occurred. Advanced threat actors are constantly improving their techniques, so taking an active defense approach is truly the best option.

Member of the Customer Success Team

Source: Reuters, March 9

Don’t miss next month’s roundup. Follow us on LinkedInTwitter, or sign up for our newsletter to stay in touch.