Warning: Your Next Caller Could Be a Hacker.
The scam is not new, but it still seems to work and is currently being used again, according to a warning from UMB security specialists. Cyber criminals call people in target companies and notify them of a delivery bill or confirmation of receipt that will arrive shortly by e-mail. Neither the caller nor the sender of the email message are genuine. Anyone who clicks on the attached file will create a problem with a familiar name for themselves: Cobalt Strike. This can have nasty consequences.
#Security Awareness #Security Risk Assessment #SIEM #SentinelOne
UMB cyber security customers report current attack attempts of this kind, as does a medium-sized Swiss software and consulting company that has already been attacked and damaged. These incidents fit a trend that has been going on for some time now.
Security tools turned into hacking tools
In recent years, the IT security industry has found that more and more open-source security tools are being used for malware attacks. Such tools were originally built to test, with the simulated actions of a hacker, whether a company's defenses were strong enough. Cybercriminals have since appropriated these tools to inject real malware into IT infrastructures. Research by the security company Recorded Future shows which test tools are most used by hackers[i]: Cobalt Strike topped the rankings and was used in 13.5 percent of all known cases last year to inject malware through command-and-control (C &C) servers. If malware manages to penetrate a system, it reports back to a C&C server to request new commands or upload stolen information. Cobalt has been cracked and abused by hackers for these purposes for years, according to Recorded Future experts, who found Cobalt Strike on 1,441 servers last year. Security specialists at technology giant Cisco found that Cobalt Strike was responsible for two-thirds of all ransomware attacks that the in-house task force had to deal with in the second half of last year.[ii].
How to protect yourself
Thus, Cobalt Strike does not need to prove its dangerousness anymore, and the fact that the malware is on the move again means that great caution should be exercised, especially when dealing with unknown files delivered by email. The first and most important firewall in this case is once again the individual user. In Switzerland, the National Center for Cybersecurity (NCSC) has published tips relating to this. Among other things it recommends:
- Never click on links and files in e-mails that you receive unsolicited.
- Do not allow yourself to be pressured, and take enough time to clarify the matter.
- If you need to make inquiries, do not use any telephone numbers contained in the e-mail, but look for the number on the official company website from which the e-mail message is supposed to originate.
What we can do
UMB creates permanent protection in an increasingly digital and complex world thanks to modular cyber security services. Only balanced organizational and technical measures will protect your company effectively and comprehensively. To achieve this, new security dimensions must be introduced to complement classic prevention (network and perimeter protection). On the one hand, this includes the ability to detect an attacker at an early stage. On the other hand, it must be possible to initiate the right countermeasures quickly.
Many well-known Swiss companies and organizations - such as Meier Tobler - already rely on UMB cyber defense services. Benefit from a new dimension of security and start now with our online security maturity checkup. Identify your optimization opportunities through this gap analysis, specially developed for SMEs. You will receive the result in just a few minutes. A UMB security specialist will be available to you free of charge for a detailed discussion. This will provide you with an initial tool for your risk management.
[i]https://www.recordedfuture.com/2020-adversary-infrastructure-report/
[ii]https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html?m=1
