Top Middle East Cyber Threats – 19 July 2022
At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
Advanced Phishing Scams Target the UAE
An ongoing phishing campaign has been exposed targeting various government as well as corporate entities in the finance, travel, healthcare, legal, oil and gas, and consultation industries in multiple countries including the United Arab Emirates.
These phishing attacks can be utilized by other threat actors to target specific users and steal their passwords, documents, crypto wallets and other sensitive information.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
- Avoid clicking or opening untrusted or unknown links, files or attachments.
- Don’t enable macros for unknown MS Office files.
- Enable software restriction policies and application whitelisting.
- Ensure that the email server is configured to block any suspicious attached files.
- Enable multi-factor authentication (MFA).
- Enforce the Restricted PowerShell script execution policy for end users.
- Monitor your network for abnormal behaviors and indicators of compromise (IoCs).
- Block the IoCs within respective security controls organization wide.
- Ensure frequent backups are in place.
- Educate employees about detecting and reporting phishing / suspicious emails.
Microsoft Releases Patch to Fix 84 Flaws Including Exploited Zero-Day Vulnerability
Microsoft published a security update to address 84 vulnerabilities as part of its July 2022 Patch Tuesday which also includes a fix for an actively exploited zero-day vulnerability CVE-2022-22047. Four vulnerabilities are classified ‘Critical’ and allow remote code execution.
Successful exploitation of these critical vulnerabilities could result in an attacker gaining the same privileges as the logged-in user. Depending on the privileges associated with the user, an attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Furthermore, two CVEs have been patched in Microsoft Edge (Chromium-based).
RECOMMENDATIONS
- Ensure all systems are patched and updated.
Significant Rise Witnessed in Qakbot Malware Attacks
A significant uptick has been noticed in the spread of Qakbot malware. Also known as QBot, QuackBot and Pinkslipbot. It has been active since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads.
It has been discovered that the operators behind the Qakbot malware are transforming their delivery vectors to evade detection using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot. Other techniques are being deployed to prevent automated detection such as obfuscating code, leveraging multiple URLs and using unknown file extension names to deliver the payload, as well as altering the steps of the process by introducing new layers between initial compromise, delivery, and final execution.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
- Avoid clicking or opening untrusted or unknown links, files or attachments.
- Don’t enable macros for unknown MS Office files.
- Enable software restriction policies and application whitelisting.
- Ensure that the email server is configured to block any suspicious attached files.
- Enforce the Restricted PowerShell script execution policy for end users.
- Monitor your network for abnormal behaviors and indicators of compromise (IoCs).
- Blocking the IoCs within respective security controls organization wide.
- Ensure frequent backups are in place.
- Educate employees about detecting and reporting phishing / suspicious emails.
References: