Threat intelligence report, Qatar - October 2022
We are notifying significant new trends or developments regarding the threat to an organization's information systems. This notification may include analytical insights into an adversary's intentions, technologies, or tactics targeting information systems.
Reported cyber threats
The National Cyber Security Agency has initiated programs to increase employees' productivity and specialists in information technology and security to protect Qatar from Cyber Attacks.
Remote Desktop Services Under Attack from Venus Ransomware
- The new Venus ransomware encrypts Windows devices and compromises publicly exposed Remote Desktop services to gain access to a victim's corporate network.
- Researchers suggest that these services should be placed behind a firewall. Additionally, no Remote Desktop services should be publicly exposed and only be accessed via VPN.
SQLite Database Vulnerability Leaves Millions of Users at Risk
- An attacker can use this issue on the affected SQLite database to execute arbitrary code.
- Update the impacted entities to version SQLite Database Library 3.39.2 and follow the vendor recommendations.
Magniber ransomware
- The Magniber ransomware has been targeting Windows home users by delivering fake security updates, such as an antivirus update for Windows 10.
- According to researchers, the best practice to defend against a ransomware attack is to back up all files regularly and keep them on an offline storage device.
BlackByte Ransomware
- A BlackByte ransomware affiliate uses a new custom data stealing tool, ExByte, to quickly steal data from compromised Windows devices.
- Track the drivers installed on the systems and ensure they are up-to-date, or blocklist drivers known to be exploitable to prevent a ransomware attack.
FIFA and the Possibility of Cyber Attacks
- Fans should be cautious about any social media links that offer free streaming of matches. In the past, Sports-ISAO has uncovered massive click-fraud schemes that began with lures offering free streaming. After clicking on the link, the user’s device would become compromised and exploited to become part of a large botnet which engaged in advertising fraud. Once compromised, the device could be exploited further, such as credential harvesting leading to identity theft and other thefts against the device owner.
Recommendations
All the clients are advised to patch as soon as a vulnerability is identified and comply with National Information Assurance (NIA), Qatar 2022 Cybersecurity Framework (QCSF), and other organizational standards as per Qatar law.
Download the report below to learn more.