Threat Landscape Briefing – April 2023

This month’s Threat Landscape Briefing will examine how Microsoft’s OneNote is being used to spread malware. The briefing will also look at how scammers are stealing cryptocurrency using “play-to-earn” games. The briefing will also discuss the 2023 US National Cybersecurity Strategy. It will also tell us about the return of Emotet and report on how an Iran-Linked hacking group is targeting women. In this month’s briefing we explore:

• The Growing Cyber Threat of OneNote (01:00)
  
  • As organizations are implementing stricter security methods to mitigate macro-based malware, threat actors are finding new and more effective ways to infiltrate and infect their victims.
  • See Develop a Security Awareness and Training Program That Empowers End Users for some guidance on how to better prepare your users for these kinds of attacks.
• FBI Warns of Cryptocurrency Theft Via “Play-to-Earn” Games (03:11)
  • Gamers especially must be cautious of unsolicited messages or invitations to games promising unrealistic financial rewards and must use a unique wallet for cryptocurrency-based gaming.
  • See Develop a Security Awareness and Training Program That Empowers End Users for some guidance on how to better prepare your users for these kinds of attacks.
• 2023 US National Cybersecurity Strategy (05:37)
  • While the 2023 US National Cybersecurity Strategy increases liability for technology producers, it includes a safe harbor provision for organizations that follow security and privacy best practices such as the NIST secure software development framework. 
  • Organizations can mitigate the impact of impending regulatory changes with targeted investments in their information security strategy, their data privacy program, their cybersecurity workforce development plan, and ransomware resilience plans.
• You’ve Heard of Imhotep, But Have You Heard of Emotet? (08:57)
  
  • Emotet will remain a threat to everyone, but especially small businesses and individuals that typically have less ability to protect themselves.
  • See Threat Preparedness Using MITRE ATT&CK® and Implement Risk-Based Vulnerability Management for guidance on preparing for and defending against these threats.
    
• Iran-Linked Hacking Group Targets Women Working in Human Rights, Politics (10:33)
  • Cobalt Illusion is suspected of working in connection with Iran’s Islamic Revolutionary Guard Corps and has been targeting women working in fields connected to human rights and Middle-Eastern politics.