Simply Cyber Newsletter #103

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Cybercriminals Exploit DocuSign APIs to Send Fake Invoices. Cybercriminals exploit DocuSign to send authentic-looking fake invoices, bypassing security filters. They use real DocuSign accounts and templates to trick users into authorizing payments, emphasizing the need for heightened awareness among finance and procurement teams.

What you need to know: Ensure this message reaches your procurement, finance, and accounting teams, so they’re aware that threat actors are using DocuSign to imitate legitimate businesses and attempt fraud. Cybercriminals are leveraging real DocuSign accounts to send invoices that appear authentic, often including accurate pricing and brand-like templates to bypass email filters. Your teams should be on the lookout for unexpected invoice requests or payments that lack prior approval. Remind them always to verify sender credentials and confirm invoice legitimacy through internal channels before authorizing any transactions. Establishing a clear, diligent review process for all financial documents is essential in protecting against these increasingly sophisticated scams.

FOR PEERS

Windows infected with backdoored Linux VMs in new phishing attacks. The CRON#TRAP phishing campaign installs a Linux virtual machine via email, embedding a backdoor that enables attackers to stealthily access corporate networks. Using large file attachments and virtual machines, it bypasses detection and persists after reboots.

What you need to know: If your organization permits large email attachments, like the 285MB ZIP file seen in the CRON#TRAP campaign, it’s essential to assess your environment for unauthorized Linux virtual machines, especially if they use legitimate virtualization tools such as QEMU. This tactic, technique, and procedure (TTP) shows how attackers are embedding backdoors within virtual environments, evading traditional antivirus detection. Additionally, engage in discussions about limiting email attachment sizes and consider moving toward secure file transfer services as a preventative measure. Proactively addressing these types of phishing tactics can reduce risk and help prevent threat actors from using oversized files to deliver undetected malicious payloads within corporate networks.

FOR EXECUTIVES

Sophos Warns Chinese Hackers Are Becoming Stealthier. Sophos tracked evolving tactics by Chinese APT groups over five years, noting a shift from broad attacks to highly targeted operations on critical organizations. Enhanced stealth and sophisticated exploits make detection difficult, posing significant risks for high-value entities.

What you need to know: Speak with your business executives around the escalating threat posed by Chinese APT groups and the shift towards targeting high-value assets and critical infrastructure. Sophos’ findings reveal these adversaries are employing advanced, stealthy tactics that evade detection by blocking telemetry and using custom rootkits. This level of sophistication calls for strengthened defenses and transparency around device vulnerabilities. Encourage leadership to support expanded monitoring on critical systems and to establish dedicated threat-response protocols specifically for edge devices. By prioritizing these initiatives, executives can directly mitigate potential operational disruptions, safeguard proprietary data, and reinforce trust with clients and partners who depend on your commitment to robust cybersecurity practices..

Stay current on trending topics, tips, events and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

SIMPLY DEFENSIVE SEASON 1: EPISODE 7

Premieres: Monday, Nov. 11 at 9:30 AM EDT presented by Simply Cyber Media Group

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome Ken, also known as MonkeyDragon, a member of Defcon 858 in San Diego and co-founder of Hard Hat Brigade.

Ken introduces himself and discusses his role in cybersecurity, focusing primarily on incident response, threat detection, and threat hunting. The conversation transitions to the topic of 'war driving,' a practice of searching for wireless networks, which Ken is passionate about. He shares insights into the tools used, such as Kismet, and the community-driven project, Wiggle. youtu.be/7qW0z6J1Ekk

Click below to set your reminder notification and subscribe! Simply Defensive happens after the Daily Cyber Threat Brief on Monday.

SIMPLY CYBER FIRESIDES LIVE WITH BRYSON & JOHN!

Premieres: Thursday, Nov. 14 at 4:30 PM EST presented by Simply Cyber Media Group

John Strand and Bryson Bort have extensive experience in the cyber industry. They also have thoughtful opinions. Join us this Thursday for an hour as we ask straightforward questions and get Bryson and John's answers. youtube.com/live/X3dbmNjMrCk 

Tune in to learn more & subscribe to Simply Cyber to get updates when new episodes drop!

SIMPLY CYBER ACADEMY 30% OFF SALE NOW!

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. Plus, we have TWO NEW COURSES to excel your cyber career.

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Visit academy.simplycyber.io to learn more now.

Use Code: HOLIDAY30 for 30% off your purchase at check out!