August 26th: Microsoft Cyber Signals +++ Two new air-gap attacks +++ Cybercrime 2021 Threat Landscape Report

Microsoft Cyber Signals: Defend against the new ransomware landscape

Microsoft published Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, they pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). Instead of relying on what cybercriminals say about themselves through extortion attempts, forum posts, or chat leaks, Microsoft threat intelligence gives visibility into threat actors’ actions.

Microsoft says the impact of RaaS dramatically lowers the barrier to entry for attackers, obfuscating those behind initial access brokering, infrastructure, and ransoming. Because RaaS actors sell their expertise to anyone willing to pay, budding cybercriminals without the technical prowess required to use backdoors or invent their own tools can simply access a victim by using ready-made penetration testing and system administrator applications to perform attacks.

The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage. Businesses are experiencing an increase in both the volume and sophistication of cyberattacks. The European Union Agency for Cybersecurity (ENISA) reports that between May 2021 and June 2022, about 10 terabytes of data were stolen each month by ransomware threat actors, with 58.2 percent of stolen files including employees’ personal data. The best defenses begin with clarity and prioritization

Interested in more information? Then check out the official publication: Cyber Signals (microsoft.com)

Two new air-gap attacks

GAIROSCOPE

An Israeli researcher devise an attack technique named GAIROSCOPE to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The attack requires that the threat actor has in advance installed malware on the air-gapped system, as well as on a smartphone which must be located in the proximity of the system. The malware installed in the air-gapped system generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope which produce tiny mechanical oscillations within the smartphone’s gyroscope.

The frequencies are inaudible, and the mechanical oscillations can be demodulated into binary information. The malware on the air-gapped system gathers sensitive data, including passwords and encryption keys, and encodes it using frequency-shift keying. In frequency-shift keying (FSK), the data are represented by a change in the frequency of a carrier wave. Then the malware uses the device’s speakers to transmit the sounds at the inaudible frequencies. On the receiving side, the phone receives the sounds using the device’s gyroscope and the malware running on the phone continuously samples and processes the output of the gyroscope.

ETHERLED

The same researcher has published another paper describing a method that can be used to silently exfiltrate data from air-gapped systems using the LEDs of various types of networked devices. This attack has been dubbed ETHERLED and it relies on the LEDs attached to the integrated network interface controller (NIC) of devices such as PCs, servers, printers, network cameras, and embedded controllers. An attack scenario assumes that the attacker has somehow managed to gain access to the targeted air-gapped device — via social engineering, malicious insiders or a supply chain attack — to plant a piece of malware that collects sensitive data and uses a covert channel to exfiltrate it to the attacker. An attacker could transmit sensitive information such as passwords, encryption keys and even text files by encoding and modulating them over optical signals that rely on the blinking patterns or blinking frequency of the Ethernet LEDs.

Do you want to dive deeper into the research papers? Here the two sources:

Cybercrime 2021: Threat Landscape Report

In its annual report, Bitdefender compiles the results of the data observed in its telemetry for the year 2021. Bitdefender could see little positive for 2021. There were new negative records in almost all branches of cybercrime. These poor prospects are joined by a new front: unprotected digital identities that virtually invite criminal activity from hackers due to consumers’ careless behavior.

Throughout 2021, spammers and malicious actors have kept busy creating and distributing fraudulent correspondence across the globe. Spam topics and delivery tactics were once again strengthened by the socio-economic changes brought on by the pandemic, with spammers continuing to piggyback on coronavirus-related subjects. Spammers built an impressive spam menu experimenting and building upon previously delivered spam campaigns with a clear focus on four major spam categories that include malware distribution, extortion, scams and phishing. Of the many threats seen targeting Windows systems last year, five key categories have remained in place: Exploits, Trojans, Ransomware, Coin-Miners, and Potentially Unwanted Applications (PUA). Macs face slightly less variance in terms of malware. On macOS, Trojans, Potentially Unwanted Applications (PUA), Adware and Coin Miners were analyzed.

The complete report can be read here: 2021 Consumer Threat Landscape Report (bitdefender.com)


Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.