Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

Consequential Highlights from the Second Quarter of 2018

Better the devil you know than the devil you don’t. The old adage holds true for cyberattacks. Kaspersky Labs have found that Advanced Persistent Threats (APT) were looming in the Asian region. What’s worrying is the less familiar threat actors which the researchers have little experience combating.

There have been a significant number of attackers who have targeted or timed their campaigns around sensitive geopolitical incidents.

Kaspersky laps are constantly uncovering new tools, techniques and campaigns being launched by APT groups, some of which have been dormant for years. Asia being a bustling business hub have been the epicentre of APTs over the past decade. Regional groups such as the Korean-speaking Lazarus and Scarcuft were humming with activities. Researchers also discovered an implant called LightNeuron that have been used by the Russian-speaking Turla to take Central Asia and the Middle East as prey.

The following are Kaspersky Lab’s log of global cyber-attacks.

The Olympic Destroyer makes a come back

Bad things come in pairs. Research suggests that the faceless actor responsible for Olympic Destroyer just might be the culprit for the latest Russian-speaking threat actor Sofacy. The Olympic Destroyer a potent malware that caused mass disruption in the 2018 Winter Olympics in Pyeonchang, made a comeback targeting financial organizations in Russia. It also attempted to attack biochemical threat prevention laboratories in Europe and Ukraine.

The Lazarus Group’s Cyberespionage Campaign

The Lazarus group also known as the BlueNoroff is one of the world’s most notorious cybercrime groups, made up of an unknown number of individuals. This high profile APT targeted several financial institutions in Turkey and casinos in Latin America, as part of a cyberespionage campaign. Despite the ongoing North Korean peace talks, these attacks suggests that the Lazarus Group is financially motivated.

Scarcruft the Relatively New but Potent APT

Researchers have recently observed a relatively high activity from the Scarcruft APT. This particular threat actor has taken victims from Russia, Nepal, South Korea, China, India, Kuwait and even Romania.  They do this by using Android malware and launching an operation with new backdoor researchers named POORWEB.

Smell a Rat? It’s LuckyMouse APT.

LuckyMouse APT goes by APT 27. The ambiguity in name allowed the Chinese-speaking threat actor to abuse Asian Internet Service Providers (ISP). LuckyMouse APT launched a waterhole attack through high profile websites. The vicious attack targeted the website’s end users. By infecting the website, the APT is able to gain unauthorized access into the end user’s networks, and eventually their place of employment’s network.

The attacks were strife in Kazakh and Mongolian governmental entities. Unsurprisingly, the attacks were around the time when these governments had a meeting with the People’s Republic of China’s statesmen.

The VPNFilter Campaign

Domestic networking hardware and storage solutions were threatened by the VPNFilter campaign. The Campaign was uncovered by Cisco Talos and the FBI. The FBI attributes the VPNFilter campaign to Sofacy or Sandworm. [wtheck is sofacy and sandworm].

The threat can even inject malware into traffic in order to infect computers behind the infected networking device. Most worryingly, Kaspersky Lab’s analysis confirmed that traces of this campaign can be found in almost every single country.

Concluding Remarks

All in all, the second quarter of 2018 revealed interesting developments in APT activity. The threats received only confirm the fear of how destructive APT activity can be. Kaspersky advices that networking hardware is predisposed to targeted attacks. Furthermore, warnings regarding the

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com

The Q2 APT Trends summary report can be found on Securelist

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.