Threat Intelligence published by Microsoft[1] shows an increase in Russia-based nation-state threat actors launching attacks against countries outside Ukraine. The United Kingdom was the second most targeted country, behind the United States. Of all targeted countries, those operating within the Information Technology, Transportation and Education industries were subject to the greatest volume of attacks.

Data from Sapphire’s SOC Team also aligns with the rise of Russia-based threats. Five (or 100%) of ‘major’ incidents (i.e., Priority 1 or Priority 2 Cases) impacting Sapphire customers

have involved Russia-affiliated threat actors in industries closely aligning with those cited by

Microsoft.These involved Hive, Vice Society and Russian-based cryptocurrency mining infrastructure.

Microsoft’s intelligence states that Russian threat actors continue to utilise Phishing campaigns to gain initial access to a victim’s network. Over the last 60 days (8/1/23 – 8/3/23) Sapphire’s SOC Team have observed a consistent volume of Phishing-based Alerts, as shown below, reinforcing the need for effective Initial Access prevention technology.

 Additionally, Microsoft encouraged ensuring systems are fully patched, which first requires having visibility of all assets within an organisation. This is where a Vulnerability Management program can assist. Using vulnerability data from Sapphire’s SOC Team, we observe an upward trend in the  overall volume of vulnerabilities presents within a customer within one of the at-risk industries targeted by Russia.This highlights the need for effective asset management and potentially the growing attack surface presented through BYOD and expanding infrastructure.

Recorded Future’s 2022 Adversary Infrastructure Report[2] highlights Cobalt Strike being the most observed Command and Control post-exploitation framework observed over the last three years, as shown below. Data from Sapphire’s SOC Team is also in alignment with this trend. For example, 50% of Sapphire’s customer P1 incidents involved the usage of CobaltStrike.

References

  1. Microsoft Digital Defence Report 2022 (https://go.microsoft.com/fwlink/?linkid=2213817&clcid=0x409&culture=en-us&country=us)
  2. Recorded Future’s Insikt Group 2022 Adversary Infrastructure Report (https://www.recordedfuture.com/2022-adversary-infrastructure-report)

Similar Posts

|

Outsource Cybersecurity: Expectations vs Reality

ByJacky

Sapphire has designed its UK-based Security Operations Centre (SOC) to help organisations respond quickly to threats and receive the optimum cyber security protection available today. Organisations across the UK benefit from Sapphire’s twenty-five years of experience from network monitoring to vulnerability management and incident response. Sapphire security analysts have a wealth of knowledge.

|

An Interview with Vernon Poole on Cyber Security Culture

ByJacky

It’s an exciting concept and one that many people don’t grasp. All organisations today can potentially fall victim to a cyber-attack or cyber security outage, which can cause severe damage to its ability to operate and its infrastructure. It’s more than just cyber security awareness; it requires the whole workforce to know what the risk is and the processes that need to be followed to avoid this risk.

Leave a Reply

Your email address will not be published. Required fields are marked *