Threat advisories

Top Middle East Cyber Threats – August 01, 2023

Aug-2023 4 min to read

241

Top Middle East Cyber Threats – August 01, 2023

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.

In this blogpost, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:

BEC Campaign Targets Government Entities, Banks and Private Enterprises

Help AG Cyber Threat Intelligence team has identified a massive Business Email Compromise (BEC) phishing campaign that we have aptly named “Operation Lustrous Deception”. The primary theatre of this operation spans multiple countries in the Middle East, with a noticeable concentration on the United Arab Emirates. The operation has been active and steadily intensifying for the past two years and it is still ongoing.

The orchestrators of this campaign are an organized group of Nigerian threat actors whom we have internally classified as “A-200-NG”. Our team has been closely monitoring their activities, building an intricate understanding of their methods and motives.

These threat actors have skilfully employed typosquatting and combosquatting techniques to acquire domains that mimic the appearance of legitimate ones, a masquerade designed to deceive and misdirect. These misleading domains serve as their operational base, from where they launch phishing emails, crafted to trick organizations into erroneous money transfers.

Below we are listing observed tradecraft for this campaign:

Crafting spear phishing emails by impersonating government brand-theme campaigns masquerading as new or on-going local project requirements.
Targeting organization’s vendor management department who oversee tender registration process.
Persuading victims to transfer certain amount as part of the tender registration requirements and promise the amount is refundable

Help AG CTI team has gathered relevant IoCs and TTPs to assist in countering this campaign.

Recommendations

Ensure all systems and software are up-to-date with the latest patches.
Avoid opening emails, clicking links, or downloading attachments from unknown or suspicious sources.
Regularly conduct security awareness training for your employees to ensure they can recognize phishing emails and are aware of the tactics used by scammers.
Monitor newly registered domains that are similar to your company’s to detect potential typosquatting or combosquatting activities.
Implement sophisticated email filtering solutions that can help identify and quarantine phishing emails.
Encourage employees to promptly report any suspicious emails or incidents.
Deploy Domain-based Message Authentication, Reporting & Conformance (DMARC) to authenticate emails and prevent spoofing.

Google Chrome Update Fixes Multiple Vulnerabilities

Google published a security update to address multiple vulnerabilities in Chrome browser that are fixed now in Chrome latest version (15.0.5790.98 for Linux and Mac, 115.0.5790.98/99 for Windows).

The update includes 20 security fixes and 11 of them were contributed by external researchers. Out of the 11 contributed fixes, four are rated as high, six as medium and one as low in risk level.

Recommendations:

Ensure all systems are patched and updated.

Oracle July 2023 Patch Update Addresses Remote Vulnerabilities

Oracle published a security update to address multiple vulnerabilities as part of Critical Patch Update for July 2023.

The update includes 183 CVEs in 508 new security patches across 132 products families. Out of the 508 security patches, 76 were rated as critical, 244 as high, 164 as medium, and 24 as low in severity level. Several of these vulnerabilities can be exploited remotely without authentication. A remote attacker exploiting these vulnerabilities may perform unauthorized operations or unauthorized deletion or falsification of sensitive information.

Recommendations:

Ensure all systems are patched and updated.

Ivanti patches MobileIron zero-day bug exploited in attacks

US-based IT software company Ivanti has patched an actively exploited zero-day vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).

Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078. This vulnerability impacts all supported versions 11.10, 11.9, and 11.8. Older versions/releases are also at risk, an unauthorized, remote (internet-facing) actor can access users personally identifiable information and can allow limited changes to the server.

The patches can be installed by upgrading to EPMM 11.8.1.1, 11.9.1.1, and 11.10.0.2. They also target unsupported and end-of-life software versions lower than 11.8.1.0.

Recommendations:

Ensure all systems are patched and updated.

Apple Security Update Fixes Multiple Vulnerabilities

Apple has released a security update to address multiple vulnerabilities as well as applying improved checks and state management to the previously reported two zero days (CVE-2023-38606 and CVE-2023-37450).

The security bug CVE-2023-37450 was found in the WebKit browser engine as processing web content may lead to arbitrary code execution. CVE-2023-38606 allows apps to modify sensitive kernel state, it was also known recently to deploy Tringulation spyware on iPhone via iMessage.

Apple addressed the vulnerabilities in iOS 16.6 and 15.7.8, iPadOS 16.6 and 15.7.8, macOS Ventura 13.5, macOS Monterey 12.6.8 and macOS Big Sur 11.7.9.

RECOMMENDATIONS