This Month in Cyber Security: May 2023

Discover the latest news, findings and critical updates in cyber security from May 2023!

This Month in Cyber Security: May 2023

This month we’ve seen a failed extortion scheme against Dragos, controversial debates over ZIP domains, a critical flaw in Windows API, a new risk report from SoSafe, and the launch of our hugely popular Red Team Capstone Challenge Network!

Continue reading to learn more about the cyber security headlines from May!

Failed extortion scheme against Dragos

On the 8th of May, a known cyber criminal group attempted an extortion scheme against Dragos, an industrial cyber security company on a mission to protect critical infrastructure. Fortunately, no Dragos systems were breached, and the threat actor was prevented from compromising information resources.

After impersonating a new Dragos employee before their start date, the group accessed resources presented to new sales employees during onboarding. In one instance, a report with IP addresses associated with a customer was accessed.

Security staff at Dragos investigated alerts in their corporate Security Information & Event Management (SIEM) and blocked the compromised account. Employees also promptly activated the incident response retainer with Crowdstrike and engaged third-party Monitoring, Detection & Response (MDR) providers to manage incident response efforts.

The failed attempt demonstrates the importance of layered security controls in preventing threat actors from launching ransomware, escalating privileges, establishing persistent access, or making any changes to the infrastructure.

TryHackMe’s Security Operations & Monitoring module explores how to configure and utilise tooling to ensure that suspicious activity is quickly identified and dealt with, while our Security Information and Event Management module dives into SIEM and how to create simple and advanced search queries from the ingested logs.

New ZIP domains spark controversial debate

In early May, Google introduced eight new top-level domains (TLD), including .dad, .esq, .prof, .phd, .nexus, .foo, .zip and .mov.

Cyber security researchers have since raised concerns over ZIP and MOV TLDs, warning that threat actors could take advantage and use them for phishing and delivering malware. For example, if a threat actor owned a .zip domain with the same name as a filename, users may mistakenly assume it came from a trusted source and fall victim to phishing scams or malware attacks.

Exposure to these links will likely increase as more applications automatically turn ZIP and MOV filenames into links. Stay careful online, and never click on links from unknown users or download files from sites you do not trust.

Outlook patch analysis uncovers important flaw in Windows API

Ben Barnea, a researcher at Akamai, discovered a new critical vulnerability in an Internet Explorer component, assigned CVE-2023-29324 with a CVSS base score of 6.5. The vulnerability causes a Windows API function — MapUrlToZone — to incorrectly think that a remote path is a local one.

MapUrlToZone was used to mitigate the critical Outlook vulnerability CVE-2023-23397 patched in April’s Patch Tuesday. All versions of Windows are affected by the zero-click vulnerability, resulting in client versions of Outlook being left exploitable.

According to Microsoft, Exchange servers with the March update omit the vulnerable feature, preventing vulnerable clients from being exploited. The vulnerability was addressed in May 2023 Patch Tuesday.

SoSafe’s Human Risk Review for 2023

With the cyber threat landscape rapidly changing, keeping up with new innovative channels, tools, and tactics is critical for remaining secure. Earlier this month, SoSafe published its Human Risk Review for 2023.

As a must-read for businesses, the report dives into in-depth social engineering tactics used by cyber criminals, the cyber risk in Europe, key priorities to maintain a robust security culture and informative interviews from renowned security experts lending their expertise.

Some of the alarming data highlighted in the report include:

  • Malware, phishing and ransomware were the top three tactics in successful attacks
  • IT, Finance and Security were the top three departments targeted by attackers
  • 8 in 10 say their organisation’s security is increasingly dependent on the security of their partners and suppliers
  • In successful ransomware attacks, 39% of companies paid the ransom (among smaller companies, 47% of companies were forced to pay)

With the increasing volume and complexity of attacks, businesses can no longer turn a blind eye to cyber security. Here are a few reasons why cyber security needs to be a priority for your business!

Red Team Capstone Challenge Network!

On the 11th of May, we released our biggest challenge yet - the Red Team Capstone Challenge Network.

The challenge consists of a real end-to-end red team engagement testing your knowledge of key red teaming and network security testing topics! This includes OSINT, Enumeration & Fuzzing, Phishing, Anti-Virus Evasion, Lateral Movement, Active Directory Exploitation, Linux and Windows Security Testing, Privilege Escalation, and Post-Compromise Exploitation.

As the largest and most comprehensive challenge network created by TryHackMe, there are 20 flags for you to collect, spread across 10 different phases, with 6912 possible path combinations!

The challenge is available to premium users until the 5th of June before becoming exclusive to business users.

We’ve even added some epic swag to the TryHackMe Store to celebrate the challenge launch 😉