In its latest Internet Security Report, for the first quarter of 2023, U.S. cybersecurity company WatchGuard Technologies, indicated that 75 percent of the new threats of its top 10 list of malwares have strong ties to Russia or China.
“These hacker groups target unsuspecting users and unprotected devices. In many cases, this leads to scams, but attacks can be compounded by giving access to ransomware and Trojan programs,” the report indicated. “We suspect that, if a high-value target is compromised, attackers will sell access to the infected device to the highest bidder, and it is likely that state-sponsored groups will outbid any other group.”
One such new threat is the Chinese malware family Zusy, which appears for the first time on WatchGuard’s list. One of the Zusy samples found by researchers points to adware (automatic advertising programs) that infects browsers. The adware self-designates itself as the original browser and hijacks the system’s Windows settings.
“Zusy malware usually spreads through email attachments, downloads from compromised websites, or by exploiting vulnerabilities in outdated software,” Raúl Álvarez, Intelligence expert and professor of Cybersecurity at the Universidad Anáhuac de México, told Diálogo on August 16. “Once in the system, it hijacks the victim’s browser. This is achieved by modifying computer settings such as the home page, default search engines, and installed extensions.”
Once Zusy hijacks the browser, the virus spreads to affect Windows operating system settings. Some of the most common effects Álvarez described include altering the Windows registry to establish itself as a permanent application on the system, redirecting web traffic to malicious or attacker-controlled sites, stealing confidential information, injecting malicious content into web pages visited by the victim, and impairing system and browser performance.
“This type of malware is aimed at stealing personal and banking information, from identity theft to bank robbery and economic destruction of the victim,” Veronica Becerra, co-founder of the Mexican cybersecurity company Offensive Hacking & Security Networks, told Diálogo. “In some cases it is used as a method of entry to leak into organizations, steal information, and extort up to the loss of business continuity.”
“Organizations need to pay more active and continuous attention to the security strategies they entrust their businesses to, to stay protected against increasingly sophisticated threats,” says Corey Nachreiner, WatchGuard’s chief security officer. “The key themes and best practices that our threat lab [discovered] strongly emphasize layered malware defenses to combat attacks. This can be done simply and effectively with a unified security platform, run by certified service providers.”
Social engineering
WatchGuard’s report further warns of trends in browser-based social engineering and using notification features to force certain types of interactions. But attacks of this type can also come via other applications.
Microsoft warned about a series of social engineering attacks to steal information via messaging from its Microsoft Teams enterprise program. The company confirmed that the entity responsible for the attacks is the Russian group Midnight Blizzard, which the governments of the United States and the United Kingdom link to a hacking arm of the Russian Foreign Intelligence Service.
Digital magazine CIO Perú reported that this group — also known as Cozy Bear or NOBELIUM — was behind the 2020 attack on the U.S. software company SolarWinds and other attacks against government institutions, diplomatic missions, and military industry companies around the world.
These cyber criminals set up subdomain accounts to trick their victims, posing as Microsoft Teams technical support. Through chat services, they obtained the credentials to hack companies or governments, reported Spanish newspaper El Español on August 3.
According to Reuters, this Russian group has specific targets aimed at state entities, nongovernmental organizations, intelligence services, technology, discrete manufacturing, and media sectors.
The social engineering attacks take advantage of the human factor, using artificial intelligence and public information on social networks to create fake images, audios, videos, and other files. The FBI warned that cybercriminals are developing new attacks through websites that can secretly inject malicious code, U.S. computer magazine PCMagazine reported. Any IT security strategy should consider this factor, Strategy & Business magazine warned.
“You have to be careful with companies’ production line and industrial devices,” Gabriel Croci, director of Information Security at Indian company Tata Consultancy Services, told Infobae. “Attackers can easily penetrate systems through devices installed on the internal network of organizations without security controls in place, or with outdated operating systems, both locally and in the cloud.”
The U.S. National Security Agency released a new cybersecurity advisory on web application vulnerabilities in July. Cybercriminals can abuse web applications to compromise sensitive data, which could affect not only web applications, but also services in the cloud. It therefore recommends regular penetration testing and scanning, to ensure that web applications are secure.