OSN April 27, 2021

Fortify Security Team
Apr 27, 2021

Title: DC Police Confirms Cyberattack After Ransomware Gang Leaks Data
Date Published:  April 27, 2021


Excerpt:  “The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data.  The Metropolitan Police Department, also known as the DC Police or MPD, is the primary law enforcement agency for Washington, DC, the US capital.  In a statement to BleepingComputer, the DC Police stated that they are aware of a breached server and that the FBI is investigating the matter.”

Title: Ransomware Gang Now Warns They Will Leak New Apple Logos, iPad Plans
Date Published:  April 26, 2021


Excerpt:  “The REvil ransomware gang has mysteriously removed Apple’s schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos.  Earlier this month, the ransomware gang conducted an attack on Quanta, a Taiwan-based original design manufacturer (ODM) that helps manufacture the Apple Watch, Apple Macbook Air, and the Apple Macbook Pro.  As part of this attack, the threat actors stole data belonging to the company, including drawings and schematics for Apple products.”

Title: US Warns of Russian State Hackers Still Targeting US, Foreign Orgs
Date Published:  April 26, 2021


Excerpt:  “The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian Foreign Intelligence Service (SVR) (aka APT29) against US and foreign organizations.  “The SVR activity—which includes the recent SolarWinds Orion supply chain compromise—primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information,” CISA said.  CISA adds that APT29 will “continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks.””

Title: Apple Patches macOS Zero-day Exploited by Malware for Months (CVE-2021-30657)
Date Published:  April 27, 2021


Excerpt:  “Apple has patched a critical macOS zero-day (CVE-2021-30657) that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking Transparency feature and policy in iOS, iPadOS and tvOS.  Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper, the macOS’s security feature that verifies downloaded applications before allowing them to run, and bypasses File Quarantine and Application Notarization protections as well.”

Title: 16% of Mobile Devices in Developing Markets Now Infected with Malware
Date Published:  April 27, 2021


Excerpt:  “Mobile users already disadvantaged by an economic and digital divide have suffered the most from digital fraud throughout the COVID-19 pandemic. In emerging markets such as Brazil, Indonesia, South Africa and Thailand, 16 percent of mobile devices that processed a transaction were found to be infected with malware, according to Upstream.  Insights come from Secure-D processing 1 billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets covering nearly 840 million users.  The report reveals the scale of the impact of the COVID-19 pandemic on mobile ad fraud and malware. 46,000 malicious apps were detected in circulation, with a global block rate of 95 percent. This translates as 16 percent of mobile devices carrying at least one infected app.”

Title: 10,000+ Unpatched ABUS Secvest Home Alarms Can be Deactivated Remotely
Date Published:  April 25, 2021


Excerpt:  “Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. A remote attacker could exploit the vulnerability to disable alarm systems and expose homes and corporate buildings to intrusions.  The Secvest FUAA50000 controller costs about EUR400, it is used to control motion sensors, sirens door/window sensors.  Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor. The vendor also recommends as a temporary fix tp remove the port forward to port 4433 in customers’ routers to prevent the remote control of the devices.”

Title: Ransomware Extortion Demands are Growing, And So is the Downtime Caused by Attacks
Date Published:  April 27, 2021


Excerpt:  “The average ransom payment paid by victims of ransomware attacks has risen as cyber criminals exploit vulnerabilities in software and remote desktop protocol (RDP) services as common means of infiltrating networks.  According to analysis by cybersecurity company Coveware’s Quarterly Ransomware Report, the average ransom payment in the first three months of this year was $220,298 – up from $154,108 in the final three months of 2020.  One of the reasons the cost of ransom payments has grown so significantly is a rise in activity by some of the most notorious ransom groups, which demand millions of dollars in Bitcoin from victims in exchange for the decryption key.”

Title: E-commerce Fraud to Exceed $20 Billion in 2021
Date Published:  April 26, 2021


Excerpt:  “E-commerce fraud is set to spike 18% from 2020-2021 to top $20 billion globally this year, according to the latest research from Juniper Research.  The value of online losses will grow from around $17.5 billion in 2020 as scammers continue to target the growing number of internet shoppers forced online by the pandemic.  According to the new report, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2021-2025 Market Research, merchants are increasingly on the back foot when it comes to mitigating online fraud.  It calls out AI-powered behavioral biometrics as an important step forward in technological innovation which could help these businesses fight back without adding extra customer friction to the purchasing journey.”

Title: Defending Against Cryptojacking with Microsoft Defender for Endpoint and Intel TDT
Date Published:  April 26, 2021


Excerpt:  “Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies like Bitcoin, the growth in popularity of different kinds of cryptocurrency (Ethereum, Litecoin, and Dogecoin), and the volatility in these markets. As cryptocurrency prices rise, many opportunistic attackers now prefer to use cryptojacking over ransomware. The risks for organizations have increased, as attackers deploy coin miners as a payload for malware campaigns. According to recent research from Avira Protection Labs, there was a 53 percent increase in coin miner malware attacks in Q4 2020 compared to Q3 2020.  In addition, with malware evolving over the years to evade typical anti-malware defenses, detecting coin miners has become increasingly more challenging.  This rising threat is why Microsoft and Intel have been partnering to deliver technology that uses silicon-based threat detection to enable endpoint detection and response (EDR) capabilities in Microsoft Defender for Endpoint to better detect cryptocurrency mining malware, even when the malware is obfuscated and tries to evade security tools.”

Title: APT Trends Report Q1 2021
Date Published:  April 27, 2021


Excerpt:  “For four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.  This is our latest installment, focusing on activities that we observed during Q1 2021.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...