At the end of January, the UK’s National Cyber Security Centre (NCSC) issued a warning of spear-phishing attacks being driven by Russian and Iranian state-sponsored actors. In an advisory published on the 26th, the NCSC shared details about the strategy that the actors use in order to orchestrate attacks and how best to mitigate in the face of on-going threat.
Following on from this announcement, the NCSC reflected on 2022 and how this year witnessed ongoing malicious campaigns from Iran-based group TA453 and Russia-based group SEABORGIUM. The intention for such attacks are to cause damage to government organisations, NGOs, think-tanks, financial institutions, defence, academia and high-profile figures such as politicians, activists and journalists.
The announcement made in January spotlighted the danger of spear-phishing campaigns, whereby cybercriminals send strategic and tailored messages to their targets by identifying their key interests and people within their professional and social circles. The initial contact of such an attack is designed to come across as innocuous so the attacker can gain the trust of their target. Such an attempt can go on for several weeks before an attacker decides to exploit the target and steal data. The attackers use these stolen credentials to gain access to a victim’s accounts and can maintain continued visibility into their correspondence.
Whilst the NCSC shared that there is no evidence to support the notion the two criminal groups are working collaboratively, both of the actors illustrate the high threat environment that we have emerged from in 2022 and will continue to face in 2023 and beyond.
It is not just the UK that is expressing concern with regards to organised cybercrime. The threat of these attacks remains to be a global concern. In 2022, the CISA shared a ‘shields up’ strategy in response to Russia’s invasion of Ukraine. Businesses were advised, regardless of their size, to adopt a ‘heightened posture when it comes to cybersecurity and protecting their most critical assets’.
It has never been more important for businesses in the financial sector to invest in a mitigation strategy so they can be prepared in the event of such attacks and minimize the damage should they be subjected to a cyber intrusion.
There are several ways in which firms can invest in their mitigation strategy. One of the most proactive ways to do this is to invest in a disaster recovery plan. Companies should embrace the mindset that an attack can happen at any moment, 24/7. By having a disaster recovery plan in place, firms can act swiftly in the event of an attack and minimise the overall damage caused.
In addition to developing a formalised plan, businesses should ensure that their software is updated and upgraded. This advice sounds obvious but it often overlooked. In addition to this, account access should be controlled and limited to a select number of key individuals to minimise the risk of exposure.
At RFA, we understand the vulnerability firms are up against operating in today’s current digital landscape. In order to help businesses be prepared in an environment of constant threats, we have developed our vulnerability management program to deliver External Attack Surface Management and Dark Web Breach Exposure Monitoring solutions. Both of these solutions help companies to to see and manage their online ecosystem and protect them from vulnerabilities as their business continues to expand. The solutions work by systematically tracking, analysing, and maintaining the vast inventory of known and unknown assets within the company, as well as enabling them to continuously view all of their connections. By doing this, the solutions can identify and neutralise vulnerabilities before bad actors can exploit them.
If you would like to learn more about how RFA can help you develop your mitigation and vulnerability management, contact us today.