💰 Finance industry, a top target for #cybercrime due to eg lots of sensitive PII and data systems critical for economy.
Lazarus, Cobalt, and FIN7 top threat actors. Top attacks phishing, BEC, malware (also PoS), card skimmers and DDoS.
⚠️ FIN7 cybercrime group targets US defense industry by posting them malicious USB devices.
Hackers impersonate authorities to trick connecting the drive. Once plugged in, device injects keystrokes to install malware.
🔺 Google Drive, Microsoft OneDrive and Box are (unsurprisingly) also cyber criminals favourites for #malware hosting.
🔺 On delivery side weaponized MS Office documents count for 37% of all malware downloads (nearly +100% from 2020)
⚠️ A cautionary tale
During 5y period, this malicious insider was able to create fake email accounts and impersonate publishing industry people, to steal prepublication manuscripts from famous authors - for own benefit.
⚠️ Microsoft again released numerous vulnerability fixes on "Patch Tuesday". Of these, the http.sys vulnerability CVE-2022-21907 stands out for its criticality.
Perform a corrective software update as soon as possible.