Cybersecurity experts are sounding the alarm as global cyber gangs continue to evolve, employing advanced techniques and benefiting from state sponsorship. Menlo Security’s latest report sheds light on the increasing threat landscape, revealing how these criminal groups are becoming more sophisticated and dangerous.

According to the report, three new nation-state campaigns utilizing Highly Evasive and Adaptive Threat (HEAT) attack techniques have been identified, targeting a range of industries including banking institutions, financial powerhouses, insurance companies, legal firms, government agencies, and healthcare providers. HEAT attacks are known for bypassing traditional security measures by targeting web browsers as the entry point, using techniques like dynamic behavior, fileless attacks, and delayed execution to evade detection.

Menlo Labs uncovered three sophisticated HEAT campaigns, namely LegalQloud, Eqooqp, and Boomer, which have compromised at least 40,000 high-value users. These campaigns have been generating evasive attacks that can bypass Multi-Factor Authentication (MFA) and take over sessions with Adversary in the Middle (AiTM) kits.

The study highlights that 60% of user-clicked malicious links are phishing or fraud attempts, with 25% going undetected by legacy URL filtering. Additionally, Microsoft is reported to be the most impersonated brand by these cyber gangs.

Each of the identified campaigns employs different strategies to carry out their attacks. LegalQloud utilizes trusted domains and URL obfuscation to bypass security measures, while Eqooqp uses Adversary in the Middle (AiTM) techniques and the NakedPages phishing toolkit to defeat MFA. Boomer, on the other hand, employs advanced evasion techniques such as custom HTTP headers and rapid phishing site deployment.

LegalQloud, hosted on Tencent Cloud, targets entities in North American governments and investment banks by impersonating legal firms to steal Microsoft credentials. Eqooqp focuses on government and private sector organizations, bypassing non-phishing resistant MFA using the Adversary-in-the-Middle/AiTM technique. Boomer, a sophisticated phishing campaign, targets government and healthcare sectors by employing advanced techniques and impersonating brands like Adobe and Microsoft.

The report also highlights the alleged support and shelter provided by nation-states to these cyber gangs. State-sponsored cybercrime is seen as a significant threat to businesses, critical infrastructure, and personal information security of citizens.

In response to these evolving threats, experts emphasize the importance of increased international cooperation, intelligence sharing, joint investigations, and coordinated takedown operations. Robust cybersecurity measures, employee training, and advanced software are deemed essential in combating these cyber threats. Governments are urged to promote best practices for data protection and establish regulations to safeguard against cyber attacks.

In conclusion, the evolving tactics and increasing sophistication of global cyber gangs underscore the need for proactive and collaborative efforts to address cybersecurity challenges. The fight against cybercrime requires a multifaceted approach involving various stakeholders working together to protect against and mitigate the risks posed by these threats.

Извор линк