The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
The VMware Carbon Black’s Global Incident Response Threat Report (GIRTR): Ongoing geopolitical tensions involving China, Russia, North Korea and Iran are leading to cyber attacks
Ongoing geopolitical tensions involving China, Russia, North Korea and Iran are leading to cyber attacks. It has been revealed by the last VMware Carbon Black’s Global Incident Response Threat Report (GIRTR). According to the cyber security experts, the majority of today’s cyber attacks now include tactics such as lateral movement, island hopping and destructive attacks. Advanced hacking capabilities and services for sale on the dark web compound the issue, as does an unprecedented collaboration among nation-states. These realities pose a tremendous risk to targets with decentralized systems protecting high-value assets, including money, intellectual property and state secrets. Financial gain drove most attacks in 2019, the research found, but Incident Response (IR) professionals said they are also concerned about these same tools being deployed to interfere with the U.S. elections in 2020.
Russia and China are responsible for most of the cyber attacks and financial gain was the primary motivation. There is a rise in the use of island hopping and cybercrime actors are adapting with custom malware
The cyber security experts research highlighted that China and Russia are responsible for the lion’s share of cyber attacks in 2019 and financial gain was the primary motivation for 90% of the aggressions in the first six months of the year ( in 2018 they were 61%). Furthermore, IR professionals experienced destructive/integrity attacks in 41% of the cases and there is a continued rise of island hopping. Cybercrime and state-sponsored actors are adapting. Custom malware was used in 41% of there attacks (33% in Q1 of 2019) and there’s been a significant increase in use of outside threat intelligence feeds this quarter.
The cyber security experts: There are growing risks for the U.S. 2020 elections. Voter databases from previous elections are readily available on Dark Web
Moreover, there are growing risks of foreign influence in the 2020 U.S. elections. Among the GIRTR respondents working in the United States, 59% said risk around election process and security has increased to a significant extent since 2016. Within that same group, 65% said they believe the 2020 U.S. elections will be influenced by an outside entity. In facts, voter databases from previous elections are readily available from 8 high-reputation vendors on the dark web for less than $100. In total, from a single listing, information on more than 81 million voters is currently available for sale.