AT GROUND LEVEL embedded SocGholish JavaScript payload . The use of SocGholish is helping criminals by providing a foothold for additional cybercrime groups to follow up after initial access is established .
Mike McPherson , SVP of Technical Operations at ReliaQuest , said : “ Criminals are using any means at their disposal to infiltrate organisations and the exploitation of remote services continues to be the easiest way in . It ’ s essential for organisations to adequately monitor and secure these . Merging vulnerability intelligence with security operations is the best way to thwart the most prevalent cyber-risks .
McPherson continued : “ Ransomware remains the biggest risk facing business in 2023 and the last quarter saw more victims than ever before . Utilising malware such as SocGholish has made their efforts more potent , which is why keeping abreast of the latest developments in tactics , techniques and procedures ( TTPs ) of ransomware activity , in addition to tracking groups known to be targeting your sector , is the best way to stay ahead of the curve from this pernicious activity .”
ReliaQuest further advises :
The only proven way to combat the scourge of ransomware attacks is to improve resilience . overwhelmingly the most active ransomware group and using the SocGholish malware distribution framework is supercharging their efforts to gain access to networks .
The report reveals a close relationship between IAB listings and organisations subsequently falling victim to ransomware attacks . The manufacturing sector was the most targeted by IABs with 142 listings advertised and also the most claimed by ransomware groups with 614 victims . Similarly , professional , scientific and technical services was ranked second for both with 136 IABs listings versus 464 claimed by ransomware groups .
A trend first observed in 2022 and carrying on in recent months is the use of the SocGholish ( aka FakeUpdates ) malware distribution framework . This common initial access method deceives individuals into downloading a fake web-browser update which contains an archive file with an
• Taking a patch-all approach to vulnerability management is an ineffective method of tackling vulnerability risk . Adding vulnerability intelligence can guide security teams in tackling the common vulnerabilities and exposures ( CVEs ) that represent the greatest chance of causing an impact to businesses . Getting a robust , consistent and repeatable vulnerability remediation programme in place can go a long way in raising overall cyber-resilience .
• Vulnerability management platforms discover known vulnerabilities and potential exploits , while breach and attack simulation capabilities highlight configuration weaknesses , detection and prevention gaps , and architectural issues . Organisations should ensure that an effective response and recovery plan is properly evaluated through tabletop exercises and is tested periodically and adjusted as the threat landscape , people , systems and business processes change . By combining threat and vulnerability management , organisations can increase their security confidence and decrease their overall risk .
• Pay attention to email security controls – initial access malware continues to be delivered through the delivery of phishing emails . Increasing resilience to this form of malware is best accomplished through a
30 www . intelligentbuild . tech