Threat advisories

Top Middle East Cyber Threats – 6 December 2022

3 min to read
Top Middle East Cyber Threats – 6 December 2022

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.  

In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:  

Black Friday Phishing Attacks Target UAE Organizations 

Multiple phishing cases targeting Financial and Retail sectors have been reported to Help AG recently. Cybercriminals tend to use big events as lures and since Black Friday is a suitable lure for financial information as it has a lot of engagement during the holiday season and hence, it gains momentum for online phishing scams. As a result, it is expected like previous years, the trend of a surge in phishing attacks and scams is expected to continue this year.
There is an expected increase in the following categories: 

  • Credential Phishing 
  • Malware (especially, trojans capable of harvesting credentials, downloading and executing other malware) 
  • Phishing for banking details
  • Phishing for e-payment details 
  • Phishing e-commerce websites 

 RECOMMENDATIONS 

  • Conduct user awareness campaigns. 
  • Have a hotline and email address for users to report suspicious encounters regarding their credentials or organizational assets. Users need to be informed about the ability and importance of reporting such encounters. 
  • Avoid clicking or opening untrusted or unknown links, files or attachments. 
  • Monitor your network for abnormal behaviors and indicators of compromise (IoCs). 
  • Block the IoCs within respective security controls throughout the organization. 
Black Basta Ransomware Group Leverages QakBot Malware  

It has been observed in recent campaigns that the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization’s network. QakBot, also known as QBot or Pinkslipbot, is a banking trojan primarily used to steal victims’ financial data, including browser information, keystrokes, and credentials. Once QakBot  successfully infects an environment, the malware installs a backdoor allowing the threat actor to drop additional malware. 

RECOMMENDATIONS 

  • Ensure all systems are patched and updated. 
  • Avoid clicking or opening untrusted or unknown links, files or attachments. 
  • Do not enable macros for unknown MS Office files. 
  • Enable software restriction policies and application whitelisting. 
  • Ensure that the email server is configured to block any suspicious attached files. 
  • Enforce the Restricted PowerShell script execution policy for end users. 
  • Monitor your network for abnormal behaviors and indicators of compromise (IoCs). 
  • Ensure frequent backups are in place.  
  • Block the IoCs within respective security controls throughout the organization. 
  • Educate employees about detecting and reporting phishing/suspicious emails. 
Google Chrome Updates Fix Zero Day Vulnerabilities 

Google published two security updates to address zero day vulnerabilities in Chrome that is now fixed.  

The update includes security fixes for vulnerabilities rated as High Risk –  

  1. CVE-2022-1853, described as a Heap Buffer overflow in GPU. 
  2. CVE-2022-4262, described as Type Confusion in the V8 JavaScript engine. 

Heap based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary codes. According to the NIST’s National Vulnerability Database, the flaw could permit a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 

Type Confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or crash a program and perform arbitrary code execution. 

Google is aware that an exploit for CVE-2022-4135 and CVE-2022-4262 exists in the wild. 

RECOMMENDATIONS 

  • Ensure all systems are patched and updated. 

 

References: 

 

Share this article