Cybersecurity threat landscape in Lithuania for November 2023

In the month of November, the cybersecurity threat landscape and trends remained in line with trends of the whole year. As part of the SOCShare project, co-financed by the European Union, the NRD CS CyberSOC and City of Vilnius Municipality SOC teams actively exchange information regarding noticed threat indicators and trends, aiming to strengthen the region’s cybersecurity posture. Based on the teams’ analyzed threat and incident data, the largest number of attempted attacks are related to a few key attack types:

1. Social engineering attacks (phishing)
2. Constant and automated attacks, either:
   1. Automated attempts to exploit external facing web applications.
   2. Automated attempts to login to user accounts
3. Attempts to download and install malware

On the 9^th of November, the NRD CS CyberSOC team analyzed a coordinated phishing attack aimed at various sectors in the region. Hundreds of emails were sent out at the same time, from already compromised accounts in other Lithuanian and global organizations. Sending emails from good-reputation domains, the email asked the recipient to sign documents supposedly related to the victim company. However, the link was in fact malicious, and attempted to carry out an account takeover – both by attempting to download malware and prompting victims to enter their login information into a fake Microsoft login page. This attack was mostly stopped by automated measures – email and XDR detected a potentially malicious link and blocked most emails from arriving, while in cases where emails were delivered – EDR and XDR tools blocked either visiting the malicious site or the download of malware.

The project is co-funded by the European Union