Cyber threats continue to evolve, presenting new challenges for organisations.
Companies can stay informed about the latest threats with The Monitor, a free, regular digest of Kroll’s global Cyber Risk case intake.
In this blog post, we outline the security issues covered in the latest edition, as investigated by our experts around the world.
Volume 7 covers the following topics:
Protecting against Magecart attacks
Kroll has investigated many different tactics used by threat actors to steal consumer data on e-commerce sites. One of the most long-lived and persistent threat actor groups is Magecart. The term ‘Magecart’ refers to the multiple cybercriminal groups known to exploit vulnerabilities within Magento e-commerce panels to steal payment card data, personally identifiable information (PII) or credentials through online skimming.
Our update discusses evolving tactics, techniques and procedures, and best practices and mitigations. We also look at the attack patterns that have left companies unable to detect illicit activity within their site and enabled threat actors to return to victim environments and manually exfiltrate data.
Significant changes in Emotet’s approach
Kroll has been tracking Emotet since it was first identified in 2014. Today, Emotet operators stand as one of the most prominent initial access brokers. We have observed a significant shift in Emotet’s method of distribution with the malware now leveraging emails with password-protected .zip archive attachments that contain .LNK files instead of malicious documents.
LNK files are shortcut files that link to an application or file commonly found on a user’s desktop or throughout a system and end with an .LNK extension. Our update in The Monitor provides a detailed overview of this approach and the countermeasures that organisations can apply.
Vishing and smishing on the rise
Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing”. These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. Our update covers recent activity, an example case study and key indicators.