OSN April 29, 2021

by | Apr 29, 2021 | Open Source News

Title: Security Expert Coalition Shares Actions to Disrupt Ransomware
Date Published:  April 29, 2021

https://www.bleepingcomputer.com/news/security/security-expert-coalition-shares-actions-to-disrupt-ransomware/

Excerpt:  “The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model.  One of the priority recommendations refers to better regulating the cryptocurrency sector, which plays an essential part in obfuscating the threat actors and making ransomware attacks a lucrative endeavor.  In a document released today, the Institute for Security and Technology (IST) provides a list of 48 actions that governments and leaders in the private sector can adopt to seriously curb the ransomware threat.”

Title: DigitalOcean Data Breach Exposes Customer Billing Information
Date Published:  April 28, 2021

https://www.bleepingcomputer.com/news/security/digitalocean-data-breach-exposes-customer-billing-information/

Excerpt:  “Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers’ billing information.  An email sent out to affected customers by DigitalOcean states that a “flaw” allowed an unauthorized user to access customers’ billing details between April 9th, 2021, and April 22nd, 2021.  “An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers,” reads the email sent to customers.”

Title: Q1 2021 Ransomware Trends: Most Attacks Involved Threat to Leak Stolen Data
Date Published:  April 29, 2021

https://www.helpnetsecurity.com/2021/04/29/q1-2021-ransomware/

Excerpt:  “The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal.  The stolen data has likely been held by multiple parties and not secured, and victimized organizations can’t be sure that it has been destroyed and not traded, sold, misplaced, or held for a future extortion attempt, they explained.  Also, the data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.”

Title: Middle Market Companies Facing a Record Number of Data Breaches
Date Published:  April 29, 2021

https://www.helpnetsecurity.com/2021/04/29/middle-market-data-breaches/

Excerpt:  “Middle market companies possess a significant amount of valuable data but continue to lack appropriate levels of protective controls and staffing, according to a report from RSM US and the U.S. Chamber of Commerce.  The results revealed that 28% of middle market leaders claimed that their company experienced data breaches in the last year, a sharp rise from 18% in last year’s survey and the highest level since 2015. Many leaders attributed this increase to challenges created by COVID-19.”

Title: Purple Lambert, A New Malware of CIA-linked Lambert APT Group
Date Published:  April 29, 2021

https://securityaffairs.co/wordpress/117340/apt/purple-lambert-cia-arsenal.html

Excerpt:  “Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency.  Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups.  These malware strains did not present any similarities with malware associated with other APT groups.  A deeper analysis of some of these samples revealed that they were compiled in 2014 and used in the wild between 2014 and 2015. Although the researchers have not found any shared code with any other known malware family, the samples shared coding patterns, style, and techniques with the code belonging to the Lambert families.”

Title: RotaJakiro Linux Backdoor Has Flown Under the Radar Since 2018
Date Published:  April 29, 2021

https://securityaffairs.co/wordpress/117332/breaking-news/rotajakiro-linux-backdoor.html

Excerpt:  “RotaJakiro is a Linux backdoor recently discovered by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab). The malware remained undetected for years while threat actors were employing it in attacks to harvest and exfiltrate sensitive information from infected devices. The name RotaJakiro comes from the fact that the family uses rotate encryption and behaves differently for root/non-root accounts when executing.  The malware uses multiple of encryption algorithms, including AES algorithm to encrypt the resource information within the sample, and a combination of AES, XOR, ROTATE encryption and ZLIB compression for C2 communication.”

Title: Naikon APT Group Uses New Nebulae Backdoor in Attacks Aimed at Military Orgs
Date Published:  April 28, 2021

https://securityaffairs.co/wordpress/117321/apt/naikon-apt-nebulae-backdoor.html

Excerpt:  “The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region.  Organizations targeted by the group were located in multiple countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand.  The Naikon APT group mainly focuses on high-profile orgs, including government entities and military orgs.  Naikon made large use of DLL hijacking to execute the malicious code, while investigating sideloading techniques Bitdefender experts uncovered a long-running campaign associated with the NAIKON cyberespionage group.”

Title: Cancer Patients Diverted After Cyber-Attack on MedTech Firm
Date Published:  April 29, 2021

https://www.infosecurity-magazine.com/news/cancer-patients-diverted-attack/

Excerpt:  “Scores of US hospitals are thought to have been affected after a security breach at a specialist provider of equipment for cancer treatments last week.  Swedish oncology and radiology system provider Elekta explained in a company update this week that a “data security incident” had affected its first-generation cloud-based storage system.  “Immediately upon learning of this incident, Elekta partnered with leading cyber experts and law enforcement to launch an investigation to understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments,” the statement continued.  “We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care.””

Title: US Arrests Alleged Crypto Mixer
Date Published:  April 29, 2021

https://www.infosecurity-magazine.com/news/us-arrests-alleged-crypto-mixer/

Excerpt:  “Law enforcement officers in the United States have arrested a man on suspicion of laundering hundreds of millions of dollars’ worth of Bitcoin (BTC) through a cryptocurrency mixing service.  A crypto-mixing service—also known as a cryptocurrency tumbler—obscures the original source of potentially identifiable or “tainted” cryptocurrency by jumbling it up with other funds in a single pool.   An arrest warrant for Roman Sterlingov was successfully executed in Los Angeles, California, on April 27 and filed in the United States District Court for the District of Columbia on the same day.  The warrant accuses dual Russian and Swedish citizen Sterlingov of unlicensed money transmission, money laundering, and transmitting money without a license.”

Title: FluBot Malware’s Rapid Spread May Soon Hit US Phones
Date Published:  April 28, 2021

https://www.darkreading.com/threat-intelligence/flubot-malwares-rapid-spread-may-soon-hit-us-phones/d/d-id/1340851

Excerpt:  “A type of Android malware known as FluBot has been spreading through multiple European countries and may soon land on smartphones in the United States, security researchers warn.  The operators behind FluBot initially targeted devices in Spain, which made up the majority of attacks when the malware was detected late last year. Now, its campaigns have expanded to affect Android phones in the United Kingdom, Germany, Hungary, Italy, and Poland, Proofpoint researchers learned through the company’s own data and open source intelligence.  FluBot’s English-language campaign, which has almost entirely targeted phones in the UK, has used more than 700 unique domains. The UK campaign started with messages from Germany; these were quickly replaced with messages from UK senders. The German-language messages were turned off once the UK messages were established, indicating a conscious effort to spread FluBot from country to country. Soon, researchers believe it may spread to the US as well.”