Criminal Gang NOBELIUM Ramps Up Attacks

Threat researchers detected threat group NOBELIUM conducting several waves of malicious spear phishing email campaigns. Each wave used different technical lures and social engineering to fine-tune which threat performed best against targeted government agencies, consultants, and non-profits in over 20 countries.

What’s at Risk

This most recent spear phishing campaign is attributed to NOBELIUM, the threat group believed responsible for the wide-scale SolarWinds Orion attack. Also known as Cozy Bear and APT29, NOBELIUM demonstrates their stealth and ability to adapt their cyber criminal techniques to evade detection. NOBELIUM phishing emails contain malware that could inflict damage by:

• Infecting endpoint devices on your network or that of your customers
• Propagating to other supply chain partners that you work with
• Waiting silently to strike later when you are less prepared
• Stealing data like intellectual property or privileged login credentials
• Damaging your brand and customer trust
• Paving the way for more complex ransomware that holds organizations hostage

Mitigation Requires Vigilance

Modern threats require organizations to PREVENT, DETECT, and RESPOND to active threats and even PREDICT future attacks before they happen. Effective cybersecurity mitigation uses multiple layers of security controls that combine people, process, and technology.

Cyber attacks have become more sophisticated as technology has become more pervasive and complex. Cyber criminals often tailor their malicious attacks and techniques to specific business victims because the payout outweighs the time spent. Boost your organizational security by taking these recommended steps to reduce NOBELIUM’s impact:

1. Implement deep learning to stop attacks before they do damage
2. Monitor your infrastructure and sensitive data 24/7 with cybersecurity experts
3. Augment anti-virus and perimeter protection with defense-in-depth protection
4. Patch application vulnerabilities as soon as feasible after vendor notification
5. Store data backups off-site on a completely-separate network from production data
6. Create and maintain an incident response plan
7. Disable unnecessary services and apps to reduce your attack surface
8. Use Multi-Factor Authentication (MFA) to mitigate leaked login credentials and password re-use
9. Offer security awareness training to all your employees
10. Run vulnerability scans that help you think like an attacker and pinpoint security gaps

As always, we can help you detect never-before-seen threats and block these new threat variants. Netsurion’s Managed Threat Protection offers extended detection and response (XDR) capabilities such as improved visibility and multiple security controls.

Longer-Term Implications

Constant vigilance is key against cyber criminals that capitalize on our reliance on technology. Attackers vary their malicious techniques, looking for every security gap that they can exploit. Avoid a reactive approach or “check-box mentality” as these threats escalate in volume and complexity; proactive protection can help enterprises overcome cybersecurity pitfalls.

This rise in cyber attack sophistication and scale has also served to raise concerns by world leaders. At the G7 Summit held in the United Kingdom, common initiatives were discussed to protect critical infrastructure, privacy, and financial systems like payments.

We also commit to work together to urgently address the escalating shared threat from criminal ransomware networks. We call on all states to urgently identify and disrupt ransomware criminal networks operating within their borders and hold those networks accountable for their actions.

-G7 member states as quoted in Cyber Defense Magazine
https://www.cyberdefensemagazine.com/g7-calls-on-russia/

Protecting our global infrastructure and supply chains requires an industry-wide effort across government, businesses, and supply chain partners like service providers.

Conclusion

Use a proactive approach to cybersecurity to stay ahead of well-funded and trained cyber criminals. These advanced threats are also increasing faster than the talent pool of security analysts and experts. With Netsurion and our 24/7 SOC, we are an extension of your team and provide coverage around the clock against these ever-present threats. Let us work with your stakeholders to share past outcomes and successes with similar organizations.

Related Resources   

The following references and resources provide insight to avoid falling prey to exploitive cyber criminals.

• Netsurion NOBELIUM advisory
• Cybersecurity & Infrastructure Security Agency (CISA) article: Sophisticated Spear Phishing Campaign Targets Government Organizations, IGOs, and NGOs
• Microsoft blog: New sophisticated email-based attack from NOBELIUM
• NIST: Guide to Malware Incident Prevention and Handling for Desktops and Laptops
• G7 Summit commits to action on ransomware and digital privacy
• Our Security Operations Center (SOC) reviews billions of logs daily to keep our partners and customers safeguarded. Check out the “catches” made by Netsurion’s cybersecurity experts.

Paula Rhea

Paula Rhea, CISSP is a product marketing manager at Netsurion. She is responsible for developing go-to-market strategies for customers and partners regarding managed threat protection and secure edge networking. Paula has extensive cybersecurity experience in managed services, compliance, and endpoint protection.