Weekly Intelligence Snapshot – Week 16

Ransomware groups and APTs are resorting to Living-off-the-Land Binaries (LOLBINs) — legitimate software and tools preinstalled on infected systems.

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 3 – 19 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current threat

LOLBINs And The Danger They Pose To An Organization’s Security Posture

eCrime actors, such as ransomware operators, and APTs are resorting to the use of Living-off-the-Land binaries (LOLBINs) in increasingly creative ways to avoid detections and accomplish their final goal. Both ViceSociety and Dark Pink are recent examples of groups using these techniques. LOLBINs refer to legitimate software and tools that are preinstalled on infected systems. Adversaries use these tools to accomplish their nefarious objectives. Due to their lawful nature, it can be exceedingly challenging for security teams to identify malicious activities that leverage this approach and thwart ongoing campaigns before the deployment of the ransomware payload or infostealer.

Rollups

Industries impacted: Consumer Discretionary, Energy, Financials, Government, Health Care, Industrials, Information Technology, Utilities

  • New RaaS Provider RTM Locker Gang Discovered, Targets Based on Opportunity
  • New Domino Backdoor Contains Source Code from FIN7 and Conti Malware
  • BlackCat Ransomware Attack Affects NCR Point Of Sale Platform
  • Researchers Find LockBit Ransomware Encryptors Targeting Mac Devices
  • Chinese-Sponsored Group APT15 is Suspected of Carrying Out Cyberattack against the Slovenian Foreign Ministry Servers
  • Tailored Phishing Emails Delivering QBot Banking Trojan Targeting Germany and Italy
  • UK Cyber Security Center Warns of Emerging Threat to Critical Infrastructure
  • APT28 Exploits Cisco Routers Using Known Vulnerability to Target Governments

Geo Highlights

The EU Presents Bill For Stronger EU Cybersecurity Capabilities and Operational Cooperation

Industries impacted: Government, Information Technology

Following a 140 percent increase in the number of infrastructure attacks after the Russian invasion of Ukraine in 2022, the EU is strengthening its legislative shield to protect European entities against cyberattacks. QuoIntelligence outlines the key takeaways of the EU latest cybersecurity bill: the Cyber Solidarity Act adopted by the European Commission on 18 April.

Industries impacted: Energy, Financials, Government, Information Technology, Materials

Rollups

Industries impacted: Financials, Government, Information Technology

  • German Antitrust to Investigate Energy Suppliers Over Pricing
  • Germany to Support Countries Rich in Critical Minerals to Build Processing Capacity
  • US Arrest Individuals in Effort to Combat China’s Transnational Repression Activities
  • European Parliament and EU States Approve the European Chips Act
  • EU Auditors Told ECB to Conduct Independent Analysis to Ensure Banks’ Accurate Risk Assessments
  • International Financial Body Provides Recommendations to Improve Cyber Incident Reporting

 

Community Area

Outlook

  • 24 April – RSA Conference
  • 25 April – National Cybersecurity Show 2023

 

Latest Reports

(Sent to PREMIUM Customers only)

  • 5 April – Operational Profile: LockBit
    LockBit is a ransomware group whose operations are based on providing malware builders to affiliates responsible for gaining access to victim networks.
  • 31 March – Operational Profile: Phoenix Group
    Phoenix Group is a pro-Russia hacktivist group active since April 2022 and involved in DDoS and defacement attacks. In February 2023 it announced it was joining Killnet. 

Interested in becoming a premium customer? Let’s talk

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 16

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.