Get the TIGR Threat Watch and Bulletin

Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc Threat Bulletins in case of critical and time-sensitive vulnerabilities or threats. Threat Bulletins include details and recommendations for mitigation/remediation.

Threat Watch Feed

U.K. Government Plans to Release Nmap Scripts for Finding Vulnerabilities

The United Kingdom National Cyber Security Centre (NCSC), in a joint effort with Industry 100 (i100), plans to release Nmap scripts to assist system administrators in scanning their networks for unpatched and vulnerable devices in a project titled Scanning Made Easy (SME). The SME project was created to make safe and effective tools, developed from cybersecurity experts in both the government and public sector, that will defend networks against a vulnerability.

Impact: The NCSC and i100 plans on releasing Nmap scripts to help scan vulnerable networks through the SME project.

Recommendation: No immediate action is required.

Canada’s Foreign Affairs Ministry Hit with Cyber-Attack, Some Services Down

Global Affairs Canada (GAC), the Canadian government department for foreign and consular relations, was hit with a cyber-attack that disabled access to some online services. After being detected on January 19, 2022, mitigation measures were put in place, and no other government departments were impacted. Critical services of GAC continue to be available.

Impact: Global Affairs Canada faced a network disruption after being cyber-attacked last week.

Recommendation: Review the CISA ransomware prevention best practices, https://www.cisa.gov/stopransomware/ransomware-guide

Segway Store Compromised to Steal Customers’ Credit Cards

The maker of the two-wheeled self-balancing human transportation product, Segway, had their online store compromised with a malicious Magecart script that could allow threat actors to steal credit card and customer information. According to researchers, the threat actors added the JavaScript into the website’s copyright display that loaded an external favicon, or small icon, that contained the script that stole credit card information at checkout. The Magecart Group 12, a financially motivated threat group, is responsible for the attack, and their code on Segway has been active since at least January 6, 2021.

Impact: Since January 6, 2021, a malicious Magecart script has been embedded into Segway’s online store to steal payment information from customers.

Recommendation: To learn more about e-skimming, please visit https://www.cisa.gov/sites/default/files/publications/NCSAM_ESkimming_2020.pdf

Threat Actors Targeting Instagram Accounts of Companies and Influencers, Demanding Ransom

Threat actors are gaining unauthorized access into the Instagram accounts of companies and influencers through a new phishing campaign. The attackers craft a message regarding copyright infringement and impersonate Instagram to send to the targeted accounts, and they redirect the user to a malicious site to steal their login credentials. The credentials have been found being sold on underground forums for as high as $40,000. Due to the phone numbers offered from the threat actors, researchers believe the attacks originate from Turkey and Russia.

Impact: Instagram accounts of businesses and influencers are being targeted in phishing campaigns aimed at stealing their login credentials.

Recommendation: Practice best cybersecurity protocols such as not interacting with suspicious messages, monitoring emails from suspicious login attempts, and enable multi-factor authentication.

FBI Warns of Malicious QR Codes Used to Steal Money

The Federal Bureau of Investigation (FBI) is warning that cybercriminals are abusing Quick Response (QR) codes to steal credentials and financial information of users. Threat actors may tamper with the QR codes used by businesses to redirect victims to malicious sites to install malware, steal information, or divert payment to other accounts.

Impact: FBI warns of threat actors changing QR codes commonly found in businesses to redirect traffic away towards malicious sites.

Recommendation: Be cautious when scanning QR codes. Verify the URL, and be vigilant when entering personal data onto the site.

FSB Detains Administrator of UniCC Carding Forum

Russia’s Federal Security Service (FSB) has arrested Andrey Sergeevich Novak for committing computer crimes and money laundering. Novak was known as the administrator for the UniCC carding forum where threat actors bought and sold stolen payment card data. Novak was wanted by the U.S. Federal Bureau of Investigation (FBI) for being a member of the Infraud cybercrime cartel focused on financial fraud.

Impact: The Russian FSB has arrested a threat actor for being involved in cybercrime and money laundering.

Recommendation: No immediate action is required.

Sign up here!

To receive the threat bulletin and critical vulnerability notifications, simply complete the form below.

 

Subscribe to the RSS!

Just copy and add this link to your RSS app and be notified immediately when new intel is posted.

How to use RSS

Following the RSS feed is easy. RSS can be added in your Outlook desktop app, and there are many free RSS readers available for your mobile device.

To follow using Outlook:

(click here for detailed instructions and additional options for Outlook)

Popular mobile RSS reader apps include:

  • Feedly
  • NewsBlur
  • RSS Reader
  • Inoreader

After installing your preferred RSS reader, you will be able to add this feed by entering the URL: https://sra.io/blog/category/tigr/feed

Interested in what we do?

Explore our Advisory Services to learn how our team can help improve your cyber program.