QuoIntelligence’s Weekly Intelligence Snapshot for the week of 3 – 19 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current threat
LOLBINs And The Danger They Pose To An Organization’s Security Posture
eCrime actors, such as ransomware operators, and APTs are resorting to the use of Living-off-the-Land binaries (LOLBINs) in increasingly creative ways to avoid detections and accomplish their final goal. Both ViceSociety and Dark Pink are recent examples of groups using these techniques. LOLBINs refer to legitimate software and tools that are preinstalled on infected systems. Adversaries use these tools to accomplish their nefarious objectives. Due to their lawful nature, it can be exceedingly challenging for security teams to identify malicious activities that leverage this approach and thwart ongoing campaigns before the deployment of the ransomware payload or infostealer.
Rollups
Industries impacted: Consumer Discretionary, Energy, Financials, Government, Health Care, Industrials, Information Technology, Utilities
- New RaaS Provider RTM Locker Gang Discovered, Targets Based on Opportunity
- New Domino Backdoor Contains Source Code from FIN7 and Conti Malware
- BlackCat Ransomware Attack Affects NCR Point Of Sale Platform
- Researchers Find LockBit Ransomware Encryptors Targeting Mac Devices
- Chinese-Sponsored Group APT15 is Suspected of Carrying Out Cyberattack against the Slovenian Foreign Ministry Servers
- Tailored Phishing Emails Delivering QBot Banking Trojan Targeting Germany and Italy
- UK Cyber Security Center Warns of Emerging Threat to Critical Infrastructure
- APT28 Exploits Cisco Routers Using Known Vulnerability to Target Governments
Geo Highlights
The EU Presents Bill For Stronger EU Cybersecurity Capabilities and Operational Cooperation
Industries impacted: Government, Information Technology
Following a 140 percent increase in the number of infrastructure attacks after the Russian invasion of Ukraine in 2022, the EU is strengthening its legislative shield to protect European entities against cyberattacks. QuoIntelligence outlines the key takeaways of the EU latest cybersecurity bill: the Cyber Solidarity Act adopted by the European Commission on 18 April.
Industries impacted: Energy, Financials, Government, Information Technology, Materials
Rollups
Industries impacted: Financials, Government, Information Technology
- German Antitrust to Investigate Energy Suppliers Over Pricing
- Germany to Support Countries Rich in Critical Minerals to Build Processing Capacity
- US Arrest Individuals in Effort to Combat China’s Transnational Repression Activities
- European Parliament and EU States Approve the European Chips Act
- EU Auditors Told ECB to Conduct Independent Analysis to Ensure Banks’ Accurate Risk Assessments
- International Financial Body Provides Recommendations to Improve Cyber Incident Reporting
Community Area
Outlook
- 24 April – RSA Conference
- 25 April – National Cybersecurity Show 2023
Latest Reports
(Sent to PREMIUM Customers only)
- 5 April – Operational Profile: LockBit
LockBit is a ransomware group whose operations are based on providing malware builders to affiliates responsible for gaining access to victim networks. - 31 March – Operational Profile: Phoenix Group
Phoenix Group is a pro-Russia hacktivist group active since April 2022 and involved in DDoS and defacement attacks. In February 2023 it announced it was joining Killnet.
Interested in becoming a premium customer? Let’s talk