OSN May 10, 2021

Fortify Security Team
May 10, 2021
Title: Ransomware Attack Leads to Shutdown of Major U.S. Pipeline System

Date Published: May 8, 2021

https://www.washingtonpost.com/business/2021/05/08/cyber-attack-colonial-pipeline/

Excerpt: “While it is not expected to have an immediate impact on fuel supply or prices, the attack on Colonial Pipeline, which carries almost half of the gasoline, diesel and other fuels used on the East Coast, underscores the potential vulnerability of industrial sectors to the expanding threat of ransomware strikes. It appears to have been carried out by an Eastern European-based criminal gang — DarkSide, according to a U.S. official and another person familiar with the matter. Federal officials and the private security firm Mandiant, a division of FireEye, are still investigating the matter.”

Title: Cuba Ransomware and Its Partnership With Hancitor

Date Published: May 10, 2021

https://heimdalsecurity.com/blog/cuba-ransomware-partners-hancitor/

Excerpt: “Cuba Ransomware was launched in 2019, and since then it has not been particularly active in comparison to other operations, like REvil, Avaddon, Conti, and DoppelPaymer. Specialists believe that now, having their attacks fueled by spam campaigns, we could expect to see an increase in the number of victims soon. As for the origin of the Cuba Ransomware, a report created by the cybersecurity firm Profero believes that they are based out of Russia, researchers stating this based on the fact that the Russian language was found on the gang’s data leak site.”

Title: Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities in New Attacks

Date Published: May 10, 2021

https://www.zdnet.com/article/lemon-duck-hacking-group-adopts-microsoft-exchange-server-vulnerabilities-in-new-attacks/

Excerpt: “Lemon Duck operators are incorporating new tools to “maximize the effectiveness of their campaigns” by targeting the high-severity vulnerabilities in Microsoft Exchange Server and telemetry data following DNS queries to Lemon Duck domains indicates that campaign activity spiked in April. The majority of queries came from the US, followed by Europe and SouthEast Asia. A substantial spike in queries to one Lemon Duck domain was also noted in India.”

Title: Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

Date Published: May 9, 2021

https://thehackernews.com/2021/05/four-plead-guilty-to-aiding-cyber.html

Excerpt: “Bulletproof hosting (BPH), also known as abuse-resistant services, is different from regular web hosting in that it allows a content provider more leniency in the kind of data that can be hosted on those servers, thus making it easier to evade law enforcement. Operators of bulletproof hosting services are known to employ a variety of tricks to stay under the radar, while simultaneously acting as a safe haven with the goal of anonymizing cybercrime operations.”

Title: The Apperta Data Breach Fiasco

Date Published: May 9, 2021

https://www.secjuice.com/apperta-data-breach-fiasco/

Excerpt: “The Apperta Foundation, a non-profit organization originally created by NHS England and funded by taxpayer money, seems to be embroiled in a very public data breach fiasco of their own making. In a classic case of ‘shoot the messenger’ they are threatening the individual who first notified them of the breach with legal action.”

Title: American Family Insurance to Notify 283,734 of Breach Linked to Unemployment Benefits Fraud

Date Published: May 8, 2021

https://www.databreaches.net/american-family-insurance-to-notify-283734-of-breach-linked-to-unemployment-benefits-fraud/

Excerpt: “We believe unauthorized parties may have used an automated bot process to obtain your driver’s license number by entering personal information (such as your name and address) they acquired from unknown sources into the American Family quoting platform. We are notifying you because you may have been affected by this incident. If you did not request an insurance quote using the American Family quoting platform between February 6, 2021 and March 19, 2021, the unauthorized parties may have requested a quote in your name and may have obtained your driver’s license number. If, however, you did request a quote from the American Family quoting platform between February 6, 2021 and March 19, 2021, you are not impacted by this incident.”

Title: Rat Malware Uses Telegram to Avoid Detection

Date Published: May 9, 2021

https://next-technologies-news.medium.com/rat-malware-uses-telegram-to-avoid-detection-80faa7c2ed0f

Excerpt: “ToxicEye is a Remote Access Trojan (RAT) type malware . RATs can give an attacker remote control of an infected machine . This allows the hacker to steal data from the host computer, delete or transfer files, and stop running processes on the infected computer. This type of attack also allows the computer’s microphone and camera to be hijacked to record audio and video without the user’s knowledge.”

Title: Ransomware Gangs Have Leaked the Stolen Data of 2,100 Companies So Far

Date Published: May 8, 2021

https://chicago.suntimes.com/city-hall/2021/5/7/22403816/email-hack-lori-lightfoot-jones-day-susan-lee-ddosecrets-lucy-parsons-cpd-police-wikileaks

Excerpt: “A massive cache of tens of thousands of hacked emails detailing the inner workings of Mayor Lori Lightfoot’s administration was leaked to the public last month apparently in response to the fatal police shooting of 13-year-old Adam Toledo. The emails were posted online on April 19 by Distributed Denial of Secrets, a nonprofit whistleblower group similar to WikiLeaks that’s facilitated other recent high-profile data dumps. An unrelated hacker gang initially stole the files during a series of data breaches that swept up sensitive information from corporations, universities and government bodies.”

Title: Millions Put at Risk by Old, out of Date Routers

Date Published: May 7, 2021

https://blog.malwarebytes.com/awareness/2021/05/millions-put-at-risk-by-old-out-of-date-routers/

Excerpt: “Which? is a proponent of ISP transparency with regard to routers receiving firmware and security updates, a requirement of the Secure by Design proposal. The company also calls for the government to ban the use of default passwords, or ISPs allowing users to set weak passwords on their routers. This is a good move. Although convenient, setting a weak password isn’t going to strengthen anyone’s security. On top of that, ISPs allowing users to always take the convenient and insecure route misses a good opportunity to educate their customers on good computers—and password creation and management—practices.”

Title: Russia-Linked APT29 Group Changes TTPs Following April Advisories

Date Published: May 6, 2021

https://securityaffairs.co/wordpress/117667/apt/apt29-changes-ttps.html

Excerpt: “The NCSC, NSA, CISA, and CSE have previously issued a joint report regarding the group’s campaigns aimed at organizations involved in COVID-19 vaccine development throughout 2020 using WellMess and WellMail malware. The news joint repost, speculates the SVR has reacted to the report by changing their TTPs. These changes reported by the government experts include the deployment of the open-source tool Sliver to gain persistence on the compromised infrastructure and the use of multiple vulnerabilities, including Microsoft Exchange ProxyLogon vulnerability CVE-2021-26855.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...