OSN FEBRUARY 17, 2021

Fortify Security Team
Feb 17, 2021

Title: Centreon Says That Recently Disclosed Campaigns Only Targeted Obsolete Versions of Its Open-Source Software

Date Published: February 17, 2021

https://securityaffairs.co/wordpress/114680/apt/centreon-software-attack.html?utm_source=rss&utm_medium

Excerpt: “Now the French software vendor announced that its paid customers were not impacted by the cyber attack. The first compromises identified by ANSSI date from the end of 2017 and continued until 2020. This campaign mainly affected IT service providers, particularly web hosting. Expert at the ANSSI observed that the threat actors deployed a webshell on the compromised Centreon servers that were exposed on the internet, along with a backdoor dubbed Exaramel first spotted by ESET researchers in 2018.”

Title: More Bosses Are Using Software to Monitor Remote Workers. Not Everyone Is Happy About It

Date Published: February 17, 2021

https://www.zdnet.com/article/more-bosses-are-using-software-to-monitor-remote-workers-not-everyone-is-happy-about-it/

Excerpt: “While businesses may have legitimate reasons for wanting to introduce activity-tracking software, particularly in those industries that handle high-value data on a day-to-day basis, some have raised concerns over what the slow creep of this technology into the remote-working environment means for employee privacy, particularly as the boundaries that separate work and private life become even more blurred.”

Title: Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

Date Published: February 17,  2021

https://thehackernews.com/2021/02/researchers-unmask-hackers-behind.html

Excerpt: “The tool — dubbed “APOMacroSploit” — is a macro exploit generator that allows the user to create an Excel document capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection.APOMacroSploit is believed to be the work of two French-based threat actors “Apocaliptique” and “Nitrix,” who are estimated to have made at least $5000 in less than two months selling the product on HackForums.net. About 40 hackers in total are said to be behind the operation, utilizing 100 different email senders in a slew of attacks targeting users in more than 30 different countries. The attacks were spotted for the first time at the end of November 2020, according to cybersecurity firm Check Point.”

Title: North Korea Allegedly Targets Pfizer to Steal #COVID19 Vaccine Data

https://www.infosecurity-magazine.com/news/north-korea-pfizer-vaccine-data/

Date Published: February 17, 2021

Excerpt: “North Korea has attempted to hack into COVID-19 vaccine data from US pharma giant Pfizer, it has been claimed. As reported by the BBC, South Korea’s National Intelligence Agency has briefed lawmakers about the alleged cyber-attack, although it is unclear whether any data has been stolen. The latest incident highlights the constant threats being faced across the vaccine supply chain as countries rush to get their populations injected.”

Title: Compromised Credentials Show That Abuse Happens in Multiple Phases

Date Published: February 16,  2021

https://www.darkreading.com/attacks-breaches/compromised-credentials-show-that-abuse-happens-in-multiple-phases/d/d-id/1340179

Excerpt: “F5’s analysis showed that when attackers first had access to spilled credentials, they used it on average between 15 and 20 times per day in attacks against the four organizations. By stage three, the credentials were being used up to 130 times a day, and by the fourth stage it had dropped back again to around 28 times per day. “The overarching conclusion is that credential stuffing is a very large problem,” Vinberg says. “It manifests in different ways, but at this stage, no one can afford to downplay the risk it represents.”

Title: DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence

https://threatpost.com/ddos-attacks-q4-cryptomining-resurgence/163998/

Date Published: February 16,  2021

Excerpt: “The DDoS attack market is currently affected by two opposite trends. On the one hand, people still highly rely on stable work of online resources, which can make DDoS attacks a common choice for malefactors. However, with a spike in cryptocurrency prices, it may be more profitable for them to infect some devices with miners. As a result, we see that the total number of DDoS attacks in Q4 remained quite stable. And we can predict that this trend will continue in 2021.”

Title: RDP, the Ransomware Problem That Won’t Go Away

Date Published: February 16,  2021

https://blog.malwarebytes.com/malwarebytes-news/2021/02/rdp-the-ransomware-problem-that-wont-go-away/

Excerpt: “While many organizations can benefit from a wider selection of job candidates and reduced maintenance and facility costs, for security professionals, work-from-home environments expand the attack surface they have to protect, and increase the risks for phishing, malware, and ransomware. The target for today’s organized and sophisticated cybercriminals, like the ones operating Maze or Ryuk, isn’t a single computer, but an organization’s entire network. A majority of all ransomware attacks gain access to a victim’s network  through a “backdoor” approach that exploits weaknesses in Remote Desktop Protocol (RDP) software, or the way it is deployed.”

Title: Qnap Patches Critical Vulnerability in Surveillance Station NAS App

Date Published: February 17,  2021

https://www.bleepingcomputer.com/news/security/qnap-patches-critical-vulnerability-in-surveillance-station-nas-app/

Excerpt: “The critical security flaw patched today by QNAP is a stack-based buffer overflow vulnerability impacting QNAP NAS devices running Surveillance Station. “If exploited, this vulnerability allows attackers to execute arbitrary code,” QNAP explains in a security advisory from today. When successfully exploiting it for arbitrary code execution, the attackers will also regularly subvert any security service or anti-malware solutions running on the compromised device.”

Title: Owner of App That Hijacked Millions of Devices With One Update Exposes Buy-to-Infect Scam

Date Published: February 17,  2021

https://www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/

Excerpt: “From my analysis, what appears to have happened is a clever social engineering feat in which malware developers purchased an already popular app and exploited it.” “In doing so, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections.  And by being able to modify the app’s code before full purchase and transfer, they were able to test if their malware went undetected by Google Play on another company’s account”.”

Title: Bloomberg’s Supermicro Follow-Up: Still No Chip
https://www.bankinfosecurity.com/blogs/bloombergs-supermicro-follow-up-still-no-chip-p-2997
Date Published: February 16,  2021

Please also see: The Long Hack: How China Exploited a U.S. Tech Supplier
https://www.bloomberg.com/features/2021-supermicro/

Excerpt: “It was portrayed as a sensational supply chain hack: China subverted motherboards made by San Jose, California-based Supermicro, installing spying chips the size of rice grains and opening a door to remote espionage. In a follow-up report published Friday, Bloomberg stands by its original report and attempts to bolster its foundation. The follow-up report repeats Bloomberg’s unconvincing assertion, adds mushy new sourcing and recounts peripheral incidents in an attempt to shift the focus from its unproven contention.”

Recent Posts

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...