August 2022

Kaspersky Lab experts responded to a group of cyber theft cases targeting financial institutions in Eastern Europe. The researchers found that in each case, corporate networks were accessed by an unknown device controlled by the attackers. These networked devices were sneaking into company buildings. To date, eight banks in the region have been attacked by this method. Tens of millions of dollars were lost as a result of the attacks. Once the connection is established, the cybercriminals try to access the web servers to steal the necessary data from a particular computer via the remote desktop protocol. Then they commit data theft. This fileless attack method uses the remote launch toolkits Impacket, winexesvc.exe, and psexec.exe. In the final stage, attackers use remote control software to protect their access to the computer they have seized. What needs to be done to prevent such attacks; Physical security systems should be given importance. More attention should be paid to monitoring connected devices and accessing the corporate network. Network, Security devices in the environment must be positioned correctly. Environmental Monitoring and Control Systems, in the simplest sense, should pay attention to monitor certain parameters of the values required. Psexec, script etc. In order to prevent the commands from being executed by the end user, the necessary policies must be activated.

An Android banking trojan known as GodFather was shared, targeted more than 400 banking and cryptocurrency apps in 16 countries. In the report shared by Singapore-based Group IB; It was said that the malware could affect 215 banks, 94 crypto wallet providers and 110 crypto exchange platforms serving users in countries such as the USA, Turkey, Spain, Italy, Canada. The malware, like many financial trojans targeting the Android ecosystem, tried to steal user credentials by creating credible screens (Web Fraud) presented above target apps. Some of the measures we should take; Use new generation security products for your end users and make sure they are up to date. Make sure your devices are up to date, Activate multi-factor authentication (MFA) on all possible work and personal accounts, Strengthen your systems with mobile security products, Pay attention to user awareness trainings in your institution.

Microsoft is taking steps to prevent Brute Force attacks with Remote Desktop Protocol (RDP), part of the latest version of the Windows 11 operating system, in order to raise the security potential to meet the evolving threat landscape. "Windows 11 builds now have a default account lockout policy to reduce RDP and other Brute Force password vectors," Microsoft's security experts said. This technique has been one of the most popular methods used by human-run ransomware and other attacks to gain unauthorized access to computers with Windows operating systems. The account lockout policy is also available on Windows 10 systems, but is not active by default, allowing attackers to Brute Force attack Windows systems with the Remote Desktop Protocol (RDP) service. With Windows 11 improving the account lockout policy, accounts are automatically locked for 10 minutes after 10 failed login attempts. Precautions to be taken in order to be protected from such attacks; Advise your employees to set strong and unpredictable passwords, Enable multi-factor authentication (MFA) on all possible business and personal accounts Benefit from (PAM) services that ensure that passwords are changed and protected at regular intervals or at each use, Use a security solution that can protect you from phishing scams and malware on all your devices, Pay attention to user awareness trainings.

In early May, Google released eight new domains such as .com or .uk. Although these domains may seem harmless, .zip and .mov domains, to name a few, can be very useful for online scams such as phishing attacks. The reason for this is that one is used in data compression and the other is the extension of video format files developed by Apple. The concern that is already taking effect is that URLs masquerading as filenames will open up even more possibilities for digital scams like phishing, for web users to click on malicious links pretending to be something legitimate. Scammers can buy a url with these common file extensions .zip and .mov, and users who enter their site thinking it's an app can automatically connect to a malicious website. Bu tip saldırılardan korunmak için almamız gereken tedbirlerin bazıları; Sisteminizde her zaman en güncel güvenlik önlemleri kullanmalıdır, Son kullanıcılar gelişen atak türlerine göre eğitilmelidir, Sisteminiz değişen atak türlerine göre geliştirilmelidir. Tüm sistem ve güvenlik ürünlerinizin doğru bir şekilde yedeklenmesine önem verip, belirli aralıklarla yedekten dönme testleri yapılmalıdır.

An Android banking trojan known as GodFather has been shared, targeting more than 400 banking and cryptocurrency apps in 16 countries. In the report shared by Singapore-based Group IB; It was said that the malware could affect 215 banks, 94 crypto wallet providers and 110 crypto exchange platforms serving users in countries such as the USA, Turkey, Spain, Italy, Canada. The malware, like many financial trojans targeting the Android ecosystem, tried to steal user credentials by creating credible screens (Web Fraud) presented above target apps. Some of the measures we should take; Use new generation security products for your end users and make sure they are up to date. Make sure your devices are up to date, Activate multi-factor authentication (MFA) on all possible work and personal accounts, Strengthen your systems with mobile security products, Pay attention to user awareness trainings in your institution. For detailed information, you can contact our experts at ticket@zerosecond.com.tr.

More than a dozen military-industrial and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data using six different attack methods simultaneously. The Russian cybersecurity firm attributed the high-security attacks to a China-linked threat actor tracked by Proofpoint. Tactics and techniques pointed to overlaps in procedures. Attack chains plan to infiltrate corporate networks using phishing emails, including from applicants, to lure recipients into opening fake Microsoft Word documents. Precautions to be taken in order to be protected from such attacks; Do not download files from unsafe links, Do not click on irrelevant links, Use advanced Anti-Virus applications, Do not visit unsafe websites, Provide awareness training to users.

Hackers have started to use Google Ads more effectively for malicious purposes. While they search for reputable software products or other tools, they use ads to spread malware to unsuspecting users. Threat actors clone the official websites of companies that produce computer programs, and when users click the download button, malicious versions of the software are distributed to the user. When we try to download the program we need on the sites, if we click on the advertisement written "Download" at the top, we download the malware to our machine. With this method, end users become victims of cyber attacks. These attacks take place by hiding the download link of the malware behind the offensive advertisements. Some of the measures we need to take to protect ourselves from such attacks are; Up-to-date and advanced security products should be used on end users' machines. Sites with unreliable sources should not be opened. Advertisements on sites with unreliable sources should not be taken into account. End users should be informed and regular cyber security trainings should be given. For detailed information, you can contact our experts at ticket@zerosecond.com.tr.

LibreOffice is office software with a powerful and clean visual design. Developed as free and open source, LibreOffice includes all office software and aims to provide users with the best office experience, both free and free. With the statement made by the LibreOffice teams in the past days, security updates on the software side are mentioned. These security vulnerabilities were identified as CVE-2022-26305, which was stated to be related to the use of software-side vulnerabilities and to run arbitrary code, and it was stated that this finding was related to the system that checks whether the certificate is trustworthy during the operation of a software. The bug, tracked as CVE-2022-26305, has been identified as a case of incorrect certificate validation that results in the execution of pseudocode packaged within macros when checking if a macro is signed by a trusted author. Precautions to be taken in order to be protected from such attacks; Make regular updates of such applications, Change your passwords and do not use the same passwords, Make sure you have installed the trusted certificate, Do not download files from unsafe links, Provide awareness training to users, Never click on unverified links on the Internet.

Apple recently released security updates for iOS, iPadOS, and macOS platforms to address two Zero-Day vulnerabilities that could previously be compromised by attackers. These two vulnerabilities, which enable remote code execution on devices, have been checked with advanced attack controls, and it is among the statements made by Apple that the vulnerabilities may have been actively exploited. Both vulnerabilities were fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Precautions to be taken in order to be protected from such attacks; Make sure your devices are up to date, Follow the general and patch updates of the devices, Use multi-factor authenticator, Inform your users with awareness trainings, Strengthen your systems with mobile security products.