Threat Briefing: May 24, 2024

Cyber threat actors are perpetually seeking fresh avenues to conceal their operations and heighten the challenge for cyber defenders. One such avenue they exploit is the compromise of smart devices, leveraging them to facilitate cyber attacks.

Despite the myriad benefits smart devices offer in both personal and professional spheres, their inadequate security measures and lack of updates can inadvertently create openings for malicious actors. Recognizing this, the U.S. government has initiated a program to label smart devices, aiding consumers in selecting products meeting specific security benchmarks.

The same cyber threats that target larger systems, such as credential compromise, unaddressed vulnerabilities, and security misconfigurations, pose risks to personally owned devices as well. This underscores the importance of actively safeguarding all devices, regardless of their scale or purpose.

Over 1,500 Banks Impacted by the Grandoreiro Banking Trojan – The campaign launched in late March 2024 and has impacted banks in over 60 countries throughout Asia, Africa, Europe, and Latin America. Although the Brazilian government undertook a law enforcement operation against the Grandoreiro banking trojan in January 2024, the malware has since evolved its tactics. Originally targeting victims primarily in Latin America, Grandoreiro has now broadened its scope to encompass other global regions. The developers behind Grandoreiro have refined its capabilities and streamlined the dissemination of phishing emails, further exacerbating its threat. The Hacker News

Hacktivist Turning to Ransomware in Cyber Attacks Against Victims in the Philippines – Targets of the attacks include government agencies and critical infrastructure. The operations used a variety of ransomware variants to conduct attacks and copies the ransom note used by LockBit to communicate with victims. Cyber attacks against the Philippines have increased significantly in the first part of 2024 and has also felt the impact of misinformation operations. The Record

SolarMarker Malware Utilizes Multi-Tier Landscape to Evade Disruption by Law Enforcement – SolarMarker, an information-stealing malware identified for its ability to snatch VPN configurations, cryptocurrency wallets, and data from web browsers, emerged in 2020. Primarily afflicting victims in the United States, with a particular emphasis on government, healthcare, and education sectors, SolarMarker employs a multi-tiered landscape to sidestep disruptions by law enforcement. Employing two distinct sets of infrastructure, SolarMarker utilizes one cluster for experimental purposes or to target specific victims, while the other serves as the primary hub for active operations. It also employs a sophisticated four-tier command-and-control system, enhancing its resilience against detection and interception efforts. The Hacker News

Chinese Cyber Threat Actors Utilizing Operational Relay Box (ORB) Networks to Obfuscate Activity – Chinese cyber threat actors have adopted Operational Relay Box (ORB) networks as a strategy to obscure their activities. These ORBs comprise virtual private servers (VPS) and compromised smart devices. Within this network, some ORBs are categorized as provisioned, employing rented VPS, while others utilize smart devices and are classified as nonprovisioned ORBs. By leveraging ORBs, Chinese cyber threat actors can create the illusion of originating from diverse locations. Dark Reading

New Smart Devices to Feature “Cyber Trust” Label, Certifying Compliance with Cybersecurity Standards – The introduction of “Cyber Trust” labels marks a significant stride in the U.S. government’s Cyber Trust Mark Initiative. These labels, designed for products like home security cameras, fitness trackers, and internet-connected appliances, signify adherence to established cybersecurity standards. Each label will incorporate a QR code, enabling consumers to access detailed information regarding the security measures implemented in the respective smart devices. AP News