According to the State of Encrypted Attacks report released by cybersecurity firm Zscaler, tech companies and retailers are facing a growing number of https threats since January. HTTPS threats have increased by 314% while attacks on retailers have increased by 800%, and attacks on tech companies by an unbelievable 2,300%. The report analyzes 190 billion daily transactions through Zero Trust Exchange that took place between January and September.
The lack of compute resources and/or privacy concerns are the main reasons why the security teams of many enterprises face issues when implementing SSL/TLS inspection policies. Encrypted channels constitute a significant blind spot in sethe curity postures of these companies. Scalable and cloud-based proxy architecture designed to inspect all encrypted traffic is the most effective way to prevent encrypted attacks.
Malicious actors are actively sending phishing emails containing QR codes to harvest Microsoft 365 cloud applications login credentials. The purpose of this malicious campaign is the exploitation of these credentials to launch malware and ransomware attacks. Also, the stolen credentials may be later sold on the dark market. The attacks involving the use of QR codes are called “quishing attacks”.
The use of QR codes has gained popularity among hackers since standard email security protections such as URL scanners do not indicate any suspicious signs in emails containing QR codes. Hackers are using previously compromised email accounts to conduct this campaign. Thereby they are adding the aura of authenticity to the messages containing QR codes.
The North Korean hacker group Lazarus APT has been detected compromising software supply chain in attacks resembling the attacks on SolarWinds and Kaseya. This hacker group targeted the think tank in Asia by deploying malicious payloads by infecting legitimate South Korean security software. To conduct this attack malicious actors were using the updated version of remote access Trojan (RAT) called BLINDINGCAN and the other RAT called COPPERHEDGE.
The second attack conducted by this hacker group targeted Latvian IT asset monitoring solutions provider. In this attack, hackers were using the downloader dubbed “Racket” signed via a stolen certificate. Also, attacks compromised multiple vulnerable web servers. Lazarus also actively targets entities representing the military sector.
More than 30 US-based companies were hit by Ranzy Ransomware by July this year. Hackers were carrying out brute force credential attacks targeting Remote Desktop Protocol to access targeted networks. According to the information reported to the FBI by recent victims, hackers were actively exploiting known vulnerabilities in Microsoft Exchange Server as well as committing phishing attacks.
By using the Ranzy Locker Ransomware malicious actors were exfiltrating files from the compromised systems thereby stealing personal information and other sensitive data. Then the ransomware was used to encrypt files across the system. Hackers were demanding victims to pay ransom in crypto to unlock the encrypted files.
Cream Finance has suffered the third serious hack in its history. The attack had the form of a series of flash loans and had a very unorthodox form. Thereby, it seems that the attacker was a very experienced DeFi developer. According to the information provided by a cybersecurity firm Peckshield, a bug in a price oracle might have led to an attack. Cream Finance notified its users of the incident and soon fixed the revealed flaws.
Cream Finance has tried to contact attackers offering them to return the stolen assets offering them 10% of the tokens stolen. This strategy has proven its efficiency for some other protocols. During the first incident, Cream Finance lost $36 million while during the second incident the protocol lost $29 million.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.