Most Targeted Platform: Microsoft Office Facing Cyber Threats

Endpoint Attack Notifications (previously referred to as Microsoft Threat Experts - Targeted Attack Notification) provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyber-espionage. These notifications show up as a new alert. The managed hunting service includes:

Overview: APT6 engages in cyber operations where the goal is data theft, most likely data and projects that make an organization competitive within its field. APT6 targeted organizations headquartered in the U.S and U.K.

First of all, they need to understand the most significant threat vectors, allowing them to prioritize cybersecurity initiatives with the highest return on investment and create a successful cybersecurity plan. Ransomware, phishing, web application and vulnerability exploitation attacks, denial of service (DoS) attacks, insider threats, and attack campaigns of the nation-state and state-sponsored threat actors and Advanced Persistent Threat (APT) groups are the most prevalent threats that financial institutions face in 2022.

4. Hybrid Workplace: The recent changes to the ways of working accelerated by COVID-19, such as the hybrid workspace combining in-office and remote employees, have increased organizations' risk. As the pandemic enters its third year, remote work, hybrid workforces, and cloud-based software technologies have become practically ubiquitous. Businesses were forced to rapidly adopt new technologies that enabled remote access, communication, and collaboration. As a result, hybrid workplace environments increase the complexity of IT systems, broaden the attack surface, and bring new cyber risks and threats.

As a recent example, in September 2021, a DDoS attack took down the websites of several New Zealand financial institutions, including Kiwibank and the national postal service [22]. In June 2021, Fiducia & GAD IT, a German organization that operates technology for the country's cooperative banks, was targeted by a DDoS attack, impacting over 800 financial institutions across the country [23]. From August 2020 through the end of 2021, FS-ISAC members worldwide reported threats allegedly emanating from well-known APT groups threatening a large-scale DDoS attack unless a ransom is paid [24]. Organizations received communications from a variety of APT aliases, including the Russian actor groups Cozy Bear (APT27) and Fancy Bear (APT28), the North Korean-affiliated Lazarus Group, and most recently, a mashup of the latter two groups dubbed "Fancy Lazarus." Multiple sectors have noticed this behavior on a worldwide scale.

As cybercriminals evolve their tactics and techniques to target the most valuable data and services, financial institutions must improve their defenses to mitigate ever-evolving threats. To accomplish this, organizations in the financial sector must implement a security strategy that includes a living People, Process, Technology (PPT) framework capable of learning from threats and adapting defenses against them - a threat-centric approach. To ensure maximum security in the case of cybercrime, banks and FIs must develop a strategic plan that not only resists an initial cyberattack with minimal impact and loss but also maintains that resilience continuously against emerging threats.

Malware is the second big threat facing small businesses. It encompasses a variety of cyber threats such as trojans and viruses. Malware is a varied term for malicious code that hackers create to gain access to networks, steal data, or destroy data on computers. Malware usually comes from malicious website downloads, spam emails or from connecting to other infected machines or devices.

A Chinese cyber-espionage group has been identified targeting at least four critical infrastructure organizations in a southeast Asian country from November 2020 to March 2021. Organizations targeted include a water company, a power company, a communications company, and a defense organization, and researchers said they found evidence that the attackers were interested in targeting information about SCADA systems.There is evidence that the attacker behind this campaign is based in China, but there is not enough information available to attribute the activity to a known actor. The threat actors made extensive use of living-off-the-land / dual-use tools, including Windows Management Instrumentation, ProcDump, PsExec, and Mimikatz. Espionage seems like the likeliest motive of these attacks, indicated by the activities of credential stealing, lateral movement, and keylogger deployment as well as the types of machines targeted in some of the organizations - most of which were involved in design and engineering. An attacker gaining access to multiple critical infrastructure organizations in the same country could potentially give them access to a vast amount of sensitive information.

To summarize the threat at a more tactical level, the following sections highlight several of the most recent and notable Chinese state-sponsored campaigns uncovered by cybersecurity researchers. Each section identifies a sample of the countries and sectors targeted by a given group, and the behaviors or tactics, techniques, and procedures (TTPs) utilized to succeed in their objectives. Footnotes provide links to further, more detailed, reading.

Over the next ten years, the internet, digital technology and the infrastructure that underpins it will become ever more fundamental to our interests and to those of our allies and adversaries. As we forge a new role for the UK in a more competitive age, strengthening our cyber power will enable us to lead the way for industry and other countries, get ahead of future changes in technology, mitigate threats and gain strategic advantage over our adversaries and competitors. It will make the UK one of the most secure and attractive digital economies to live, do business and invest in.

Ransomware became the most significant cyber threat facing the UK in 2021. Due to the likely impact of a successful attack on essential services or critical national infrastructure the NCSC assessed ransomware as potentially as harmful as state-sponsored espionage.[footnote 14]

These goals are intended to be mutually reinforcing. For example, achieving higher levels of cyber security and resilience domestically will be a necessary foundation for a more active stance internationally. In turn, our global supply chains and the threats we face from overseas mean we will not be able to assure our own security without more actively shaping the behaviour of international actors. And our ability to influence global debates on cyberspace, the internet and technology will rely on maintaining our technical edge and building an innovation ecosystem that generates genuine advantage in the technologies that matter most.

The UK government is uniquely positioned to bring together the intelligence necessary to understand the most sophisticated threats, make and enforce the law, set national standards, and counter threats from hostile actors including conducting offensive cyber operations. Through this strategy we will invest in strengthening our national cyber capabilities. Government departments and public sector bodies are also responsible for protecting their own networks and systems. As the holder of significant data and a provider of services, the government takes stringent measures to provide safeguards for its information assets. Lastly, the government also has an important responsibility to advise and inform citizens, businesses and organisations what they need to do to protect themselves online. Where necessary this includes setting the standards we expect key companies and organisations to meet in order to protect all of us.

While almost all ransomware infections are opportunistic, disseminated through indiscriminate infection vectors such as those discussed above, in a few very rare instances cyber threat actors specifically target a victim. This may occur after the actors realize that a sensitive entity has been infected or because of specific infection attempts. The Federal Bureau of Investigation (FBI) refers to these instances as extortion, rather than ransomware, as there is almost always a higher ransom amount that coincides with the strategic targeting. This was the case in spring 2016, when several hospitals infected with strategically targeted ransomware made the news.

Despite warnings by the government not to comply, more than half of the companies that hackers targeted paid the ransom, businesses cyber attacks statistics show. Organizations dealing with professional financial and healthcare services suffered the most breaches.

The United States is the most targeted country in the world. Up to 46% of cyberattacks worldwide are directed toward the US. Of these, up to 80% target thinks tanks, government agencies, and other NGOs.

This document highlights the cyber threats facing individuals and organizations in Canada. It provides an update to the National Cyber Threat Assessment 2018 (NCTA 2018) and the National Cyber Threat Assessment 2020 (NCTA 2020), with analysis of the interim years and forecasts until 2024. We recommend reading the NCTA 2023-24 along with the updated Introduction to the Cyber Threat Environment and the tailored advice and guidance that we have released as companions to this assessment.

The availability and ease of access to leaked and stolen information like login credentials, financial information and personal information continues to grow on cybercrime forums. Footnote 9 This stolen data enables further cybercrime, including fraud, scams, and more disruptive cyber activity like ransomware. Ransomware is one of the most impactful cyber threats in Canada, benefiting significantly from the specialized cybercrime economy and the growing availability of stolen information. Cybercriminals leverage cryptocurrencies, use encrypted communications to maintain their anonymity and evade enforcement activity. Footnote 10 Cybercriminals are also quick to adopt and manipulate new technologies for their own gain. For example, cybercriminals have leveraged decentralized finance, which uses cryptocurrencies to enable large-scale borrowing and lending of funds without intermediaries, to steal large sums of money. Footnote 11 The significant payouts of cybercrime, including from ransomware and from fraud and scams such as business email compromise (BEC), will very likely continue to attract interest from new groups of criminal actors even as others are constrained by increased law enforcement activity. 2b1af7f3a8