Latest news with #AgentTesla
New Straits Times
05-08-2025
- Business
- New Straits Times
APAC industries face rising ICS cyber threats
VIETNAM: Key subregions in the Asia Pacific (APAC) continue to face a barrage of cyber attacks on Industrial Control Systems (ICS) computers, according to Kaspersky's latest data. Kaspersky ICS-CERT reported that Southeast Asia ranked second globally by percentage of ICS computers where malicious objects were blocked in the first quarter (1Q) of 2025, while Central Asia ranked third and South Asia sixth. APAC Kaspersky managing director Adrian Hia said ICS computers in the region recorded a higher infection rate of 23 per cent in the second quarter of 2025, nearly three percentage points above the global average of 20.54 per cent. He noted that in 2Q 2025, a new wave of phishing was blocked on ICS computers in the oil and gas sector in APAC. "This time, known spyware families like FormBook, AgentTesla and Noon were directly attached to the emails. Kaspersky solutions blocked all these attacks," he told the Cyber Security Weekend 2025, here today. Citing ICS-CERT data, Hia said APAC is also among the top regions by virus detections, two to three times higher than the world average. The most affected industries include power energy, building automation, oil and gas, manufacturing, as well as ICS engineering and integration. Although viruses are often considered legacy threats, they can cause operations disruption in the event of an outbreak, and they drive up maintenance costs. Hia said the most affected APAC industries by virus threats in 2Q 2025 were power energy, building automation, oil and gas, manufacturing and ICS engineering and integration. "The most affected countries in terms of virus on ICS computers in 2Q 2025 were Vietnam, Afghanistan, China, Bangladesh, Pakistan, Myanmar, Laos, Cambodia, Indonesia and Nepal," he added. To counter the escalating threats to critical infrastructure, Kaspersky urged the adoption of a layered cybersecurity framework, anchored by an intelligence-driven Security Operations Centre (SOC). "This framework should start with prevention by using tools such as brand protection, attribution engines and compromise indicators, while also relying on incident response, penetration testing and cyber drills to minimise damage and accelerate recovery," Hia said. He added that integrating IT and operational technology (OT) security through centralised SOC systems with real-time visibility will be crucial to ensuring resilience as APAC industries move towards greater digital and operational convergence. "With IT and OT integration set to accelerate in the years ahead, cybersecurity strategies in APAC must continue evolving, bridging both domains to secure operations and ensure resilience in an increasingly connected world," he concluded.
Business Mayor
01-05-2025
- Business Mayor
Low-tech phishing attacks are gaining ground
Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security. The report is based on an analysis of global real-world data and highlights the most significant email security trends from the first quarter of 2025. Callback phishing Cybercriminals are taking the sentiment 'work smarter, not harder' to a whole other level with callback phishing scams, a vector that wasn't even part of the equation last year In Q1 2025, it accounts for 16% of phishing attempts. This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware. With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all. SVG files are fast becoming cybercriminals' favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%). By embedding the script tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website. In doing so, they bypass anti-phishing defenses. The US is the most targeted region for such attacks, followed by Europe. The backdoor-type malware, XRed, was responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed. Cybercriminals shift from HTML to PDF In Q1 2025, not only were 92% of all emails classified as spam, but 67% of those were categorised as malicious. The US is the leading source of spam emails, generating 57% of all spam sent, and receiving 75% of malicious emails. The UK and Ireland stand at 8% each for sending and receiving bad emails. HTML attachments took up no more than 12% share of cybercriminals' overall malspam strategy. With heightened awareness about the use of malicious HTML attachments, attackers are looking for less obvious methods, preferring PDFs and SVG files instead. In Q1, Business Email Compromise (BEC) accounted for 37% of all email scam attacks. 73% of all BEC impersonation cases were instances of the CEO or other C-suite players being imitated. Because of the employee-employer power dynamic, making urgent, unexplained requests may be more plausible coming from higher up the hierarchy, as opposed to from a direct supervisor (9%) or even HR (4%). The manufacturing sector remains the most targeted sector in the email threat landscape, holding its lead at 36% vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15% of attackers' attention. 'There's a clear shift in cybercriminals' preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security,' said Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group.
Forbes
20-04-2025
- Forbes
This Tesla Attack Wants Your Data — What You Need To Know
Beware this new Agent Tesla threat. Tesla has undoubtedly been in the news a lot since Elon Musk started implementing the whole DOGE thing, leading to protests against the electric vehicle giant, including some that have been branded as acts of domestic terrorism by the Trump administration. This latest Tesla attack, however, has nothing to do with Musk or his cars, although it does bear some comparison with DOGE, as it does want information. Here's everything you need to know about the new Agent Tesla malware attacks. The primary goal of any threat campaign is to deploy whatever the payload might be, from infostealer malware, ransomware, to flash drive compromise. The secondary goal, I guess, is to do so without anyone being able to detect the attack and intervening to stop it. There is a case for switching those priorities around, as without the latter, the former isn't possible. But that is by the by. Sophisticated multi-stage attack campaigns are fast becoming the norm, not least as they will often use complex delivery mechanisms in the delivery of their payloads in order to evade detection and bypass traditional security protections. One such campaign has been reported by threat intelligence analysts from the Unit 42 research labs at Palo Alto Networks, and it delivers Agent Tesla malware to steal your sensitive information. The campaign begins with victims being sent emails with attached archives. 'These archives contain script-based malware that ultimately infects a host with the final malware,' Unit 42 said, with the phishing lure apparently involving that old chestnut of reviewing an attached order document or invoice for a payment that had supposedly been made. Opening this attachment executes a JavaScript-encoded file that downloads and launches a PowerShell script, executed from the system temp directory to increase stealthiness. There are then two distinct routes that the threat can follow: either a .NET executable or an AutoIt dropper. The type of malware that the user gets infected with will depend on which is used. 'By stacking simple stages instead of focusing on highly sophisticated techniques,' Unit 42 warned, 'attackers can create resilient attack chains that complicate analysis and detection.' The Unit 42 threat intelligence researchers observed Remcos RAT and XLoader being deployed by this particular campaign, but said that multiple Agent Tesla malware family variants were also used. Agent Tesla is a remote access trojan that is capable of harvesting all sorts of sensitive data, making it an extremely effective infostealer tool. The malware has been known to grab everything from usernames and password credentials to contact information and financial data, along with browser history, screenshot captures, data from email clients, and even keystroke recordings. Agent Tessa is also adept at intercepting communications, including email and chat messages. According to Kriti Awasthi at Fidelis Security, you can mitigate Agent Tesla attacks by ensuring email security and phishing awareness, employing multi-layer security, regularly updating software and firmware against known vulnerabilities and using strong authentication and access controls.
