CTI Weekly: NSA warns of sophisticated Russian cyber espionage tool ‘Snake’; new phishing tool ‘Greatness’ bypasses MFA; financial fraud campaign targets Italian banks; Akira ransomware hits corporate networks and more

Key Issue:

Security agencies release joint Cybersecurity Advisory tracking Russian Snake Malware globally

The NSA and other international partner agencies have released a joint advisory warning of the Russian malware infrastructure known as Snake, which has been in development for 20 years and is used by Russia’s Federal Security Service for long-term intelligence collection on sensitive targets. Snake is a sophisticated cyber espionage tool that uses a peer-to-peer network of infected computers worldwide to route disguised traffic to and from Snake implants on the FSB’s targets.

Snake has been observed targeting high-priority targets to Russian leadership, including government networks, research facilities, and journalists, and has been identified in over 50 countries. While this advisory is a significant step in defending against Russian cyber espionage efforts, the FSB has been known to adapt Snake quickly when its capabilities are publicly disclosed.

Other news:

Malware-as-a-service

A new phishing tool called ‘Greatness’ has been observed, allowing low-level threat actors to create convincing Microsoft login pages for sophisticated phishing campaigns. This tool is capable of bypassing Multi-Factor Authentication.

Financial Services

A financial fraud campaign is targeting corporate banks in Italy using a web-inject toolkit called DrIBAN to alter payment transfers in real-time. In a separate incident, Anonymous Sudan conducted a DDoS campaign that temporarily disrupted the online banking portals of three major financial institutions in the UAE.

Ransomware

A new type of ransomware called Akira is targeting corporate networks in various sectors and its operators are willing to reduce demands if a decryption key is not required. In a separate incident, the Swiss manufacturer ABB was hit by Black Basta ransomware, affecting their Windows Active Directory services and hundreds of devices

Subscribe below for more and to discover other significant cyber criminals, nation-state and hacktivist news.