At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.

In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:

OilRig New Campaign

A new campaign by OilRig is consistent with their previous TTPs and targeting. The entry point is phishing and the lure document poses as a hiring related document and drops a .doc file then renames it to .exe upon closing. The campaign also utilizes DNS tunneling and even the malicious document utilizes DNS tunneling which is a new procedure for OilRig. In the campaign, OilRig use scheduled tasks for persistence. The persistence mechanism is established by the malicious document and the scheduled task triggers communication with C&C every 5 minutes. They also hide encoded commands in the source code of clones from legitimate websites.

RECOMMENDATIONS

Increase user awareness of such campaigns.
Use group policy objects to block running macros of documents created outside the environment.
Apply detection for DNS tunneling. The most efficient way is to use a technology that applies natural language processing for detection.
Apply the rule of threat hunting for detecting such threats.
Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
Block the Indicators of Compromise (IoCs).

Reference: