Cybersecurity Digest #67: 23/01/2023 – 08/02/2023

23/01/2023

Cybersecurity Digest #67: 23/01/2023 – 08/02/2023

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • The team at DFIR Report has a summary of how threat actors have adopted and are now abusing Invoke-ShareFinder, a script part of the PowerView module of the PowerSploit framework. The script allows users to find all network shares inside a large network, which can be very useful for threat actors trying to find a victim’s data and steal it or encrypt it.
  • Check Point has put out its quarterly phishing report. The top most-used brand in phishing emails in Q4 2022 was Yahoo. DHL reached second position in Q4 with 16% of all brand phishing attempts, ahead of Microsoft in the third place with 11%.
  • According to year-in-review report of Wordfence, while credential stuffing attacks have remained the top threat for WordPress site operators in 2022, the number of attacks “saw a significant reduction” compared to the previous year. A total of 1.2 million WordPress sites appear to have been hacked last year, and of these, 210,000 appeared infected at the start and end of the year, meaning there was no one maintaining them.
  • Insider threats are a top concern at organizations of all kinds. Only 3% of respondents surveyed are not concerned with insider risk, according to Gurucul. The report found that organizations have never felt more vulnerable with three-quarters of respondents saying they feel moderately to extremely vulnerable to insider threats – an increase of 8% over the previous year.
  • Researchers from Cisco Talos reported that one particular commercial RMM tool called Syncro was observed in a third of the incident response cases the company was engaged in during the fourth quarter of 2022. However, this wasn’t the only such tool used.
  • Proofpoint researchers have published a report about a new campaign targeting Microsoft 365 users that aims to trick them into authorizing malicious third-party OAuth apps on their accounts.
  • According to blockchain analysts from Chainalysis, revenues from extortionate attacks fell from $765.6 million in 2021 to $456.8 million in 2022. Experts explain this drop by more than 40% by many factors, but the main reason is simple: more and more victims refuse to pay hackers.

Major Cyber Incidents