Threat Source newsletter (July 14, 2022) — Are virtual IDs worth the security risk of saving a few seconds in the TSA line?

Why do I care? 

Regardless of whether you’re a potential target for this group, it’s clear that everyone in the security space should be following Transparent Tribe. They’ve gone from a relatively unknown group operating on the Indian subcontinent to an actor we’ve continuously followed and has widened their target scope in recent months. Anyone hit with the group’s signature CrimsonRAT malware could have sensitive information stolen, including the attacker being able to take screenshots, log keystrokes and run certain processes on the endpoint. 

So now what? 

Organizations must always be on the lookout for these types of highly motivated adversaries. In-depth defense strategies based on a risk analysis approach can deliver the best prevention results. However, this should always be complemented by a strong incident response plan that's been tested with tabletop exercises and reviewed and improved every time it's put to the test on real engagements. Additionally, there are several Snort rules and ClamAV signatures that protect against this group’s tactics and tools. 

 

Other news of note

A group known as Predatory Sparrow is claiming responsibility for a series of cyber attacks on steel facilities in Iran, one of which caused a fire at a plant. Additionally, they group dumped nearly 20 GBs of documents they claim include information connecting the facilities to Iran’s Revolutionary Guard Corps. Predatory Sparrow also launched a Telegram page, where it posted the message, “These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber-attacks, being carried out carefully to protect innocent individuals." Other attacks from the group came in 2021 when they targeted an Iranian railway system and a state-run gasoline distribution center. (CyberScoop, Yahoo!, BBC) 

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) selected four encryption algorithms it says can withstand threats from quantum computing, with a new standard expected to come in about two years. Current encryption methods are not expected to hold up as other countries develop quantum computing technologies that can break those algorithms. Once the new encryption standards are created, companies will be urged, but not necessarily required, to adopt them. It’s recommended that organizations take inventory of applications that use the current public key encryption standards in preparation for the switch. (VentureBeat, DarkReading, Wired)  

Apple released a new Lockdown Mode for its major operating systems that can help victims respond to spyware attacks. If enabled, Lockdown Mode turns off certain functions on the devices that may be vulnerable to attack and remote monitoring, including message attachments, shared photo albums and mobile device management. The announcement comes as more instances of governments using spyware have come to light, targeting high-profile journalists, politicians and activists. Apple is offering a $2 million bug bounty to anyone who can discover a vulnerability in Lockdown Mode. (CNET, Apple) 

Can’t get enough Talos? 

Upcoming events where you can find Talos 

Most prevalent malware files from Talos telemetry over the past week