Welcome reader to your CybersecurityHQ report.

Headlines

An unknown actor is currently using a new backdoor (called Agent Racoon) to wreak havoc in organizations across the Middle East, Africa, and the US. This malware, identified by Palo Alto Networks' Unit 42, uses the .NET framework and the DNS protocol for covert operations. Targets include sectors as diverse as education, retail, governments, non-profits, and real estate. The sophisticated nature of the attacks leads Unit 42 to speculate about the involvement of a nation-state, though this can’t be verified.

The exact breach methods and timelines remain unclear. Tools used include Mimilite and Ntospy, with Agent Racoon being particularly prevalent in non-profit and government sectors. This backdoor uses scheduled tasks to carry out command execution, file uploading, and file downloading. It does this while being disguised as Google Update and Microsoft OneDrive Updater binaries. Agent Racoonis not identified with any single threat actor or campaign of attacks.

Hub Cyber Security Ltd (NASDAQ: HUBC) experienced a 30% surge in stock value following the announcement of an expanded collaboration with Blackswan Technologies Ltd. Their partnership aims to provide Confidential Computing cybersecurity solutions, primarily targeting the financial sector's critical data protection needs.

The financial implications of this partnership are substantial for Hub Cyber Security. The company anticipates its share of the revenue from this deal to exceed $25 million within the next 18 months. Noah Hershcovitz, HUB's Chief Strategy Officer, highlighted the significance of this partnership, noting the likely increase to the company’s customer base. The extreme investor reaction repeats a trend throughout 2023 of cybersecurity companies scoring major partnerships, especially in the financial sector.

The US Department of Justice announced on November 30 that Russian hacker Vladimir Dunaev, 40, has pled guilty to charges related to creating and deploying the TrickBot malware. He was arrested in South Korea and extradited to the US in 2021. His involvement led to over $3.4 million in losses for victims in Ohio, crimes for which he now faces up to 35 years in prison. Sentencing is scheduled for March 2024. This case follows global efforts against the TrickBot cybercrime group, including sanctions and the disintegration of the Conti ransomware crew.

Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division, referring to the conviction of Dunaev, said, ““Cybercriminals should know that countries around the world stand ready to bring them to justice and hold them accountable for their crimes.”

Interesting Read

At the end of the year, publications love to publish summaries, and 2023 is proving no different. In his latest piece for Government Technology, Dan Lohrmann covers the most underrated (but possibly most important) cybersecurity story of the year: critical infrastructure attacks.

The article traces the growing, yet often overlooked, rise of cyber attacks against essential infrastructures like healthcare, financial services, and government institutions. He includes examples pulled from the news, all expertly analyzed. It’s a great take on the cybersecurity landscape and one that reminds us just how much work there is to be done going into the new year.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team