OSN May 10, 2021

Fortify Security Team
May 10, 2021
Title: Ransomware Attack Leads to Shutdown of Major U.S. Pipeline System

Date Published: May 8, 2021


Excerpt: “While it is not expected to have an immediate impact on fuel supply or prices, the attack on Colonial Pipeline, which carries almost half of the gasoline, diesel and other fuels used on the East Coast, underscores the potential vulnerability of industrial sectors to the expanding threat of ransomware strikes. It appears to have been carried out by an Eastern European-based criminal gang — DarkSide, according to a U.S. official and another person familiar with the matter. Federal officials and the private security firm Mandiant, a division of FireEye, are still investigating the matter.”

Title: Cuba Ransomware and Its Partnership With Hancitor

Date Published: May 10, 2021


Excerpt: “Cuba Ransomware was launched in 2019, and since then it has not been particularly active in comparison to other operations, like REvil, Avaddon, Conti, and DoppelPaymer. Specialists believe that now, having their attacks fueled by spam campaigns, we could expect to see an increase in the number of victims soon. As for the origin of the Cuba Ransomware, a report created by the cybersecurity firm Profero believes that they are based out of Russia, researchers stating this based on the fact that the Russian language was found on the gang’s data leak site.”

Title: Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities in New Attacks

Date Published: May 10, 2021


Excerpt: “Lemon Duck operators are incorporating new tools to “maximize the effectiveness of their campaigns” by targeting the high-severity vulnerabilities in Microsoft Exchange Server and telemetry data following DNS queries to Lemon Duck domains indicates that campaign activity spiked in April. The majority of queries came from the US, followed by Europe and SouthEast Asia. A substantial spike in queries to one Lemon Duck domain was also noted in India.”

Title: Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

Date Published: May 9, 2021


Excerpt: “Bulletproof hosting (BPH), also known as abuse-resistant services, is different from regular web hosting in that it allows a content provider more leniency in the kind of data that can be hosted on those servers, thus making it easier to evade law enforcement. Operators of bulletproof hosting services are known to employ a variety of tricks to stay under the radar, while simultaneously acting as a safe haven with the goal of anonymizing cybercrime operations.”

Title: The Apperta Data Breach Fiasco

Date Published: May 9, 2021


Excerpt: “The Apperta Foundation, a non-profit organization originally created by NHS England and funded by taxpayer money, seems to be embroiled in a very public data breach fiasco of their own making. In a classic case of ‘shoot the messenger’ they are threatening the individual who first notified them of the breach with legal action.”

Title: American Family Insurance to Notify 283,734 of Breach Linked to Unemployment Benefits Fraud

Date Published: May 8, 2021


Excerpt: “We believe unauthorized parties may have used an automated bot process to obtain your driver’s license number by entering personal information (such as your name and address) they acquired from unknown sources into the American Family quoting platform. We are notifying you because you may have been affected by this incident. If you did not request an insurance quote using the American Family quoting platform between February 6, 2021 and March 19, 2021, the unauthorized parties may have requested a quote in your name and may have obtained your driver’s license number. If, however, you did request a quote from the American Family quoting platform between February 6, 2021 and March 19, 2021, you are not impacted by this incident.”

Title: Rat Malware Uses Telegram to Avoid Detection

Date Published: May 9, 2021


Excerpt: “ToxicEye is a Remote Access Trojan (RAT) type malware . RATs can give an attacker remote control of an infected machine . This allows the hacker to steal data from the host computer, delete or transfer files, and stop running processes on the infected computer. This type of attack also allows the computer’s microphone and camera to be hijacked to record audio and video without the user’s knowledge.”

Title: Ransomware Gangs Have Leaked the Stolen Data of 2,100 Companies So Far

Date Published: May 8, 2021


Excerpt: “A massive cache of tens of thousands of hacked emails detailing the inner workings of Mayor Lori Lightfoot’s administration was leaked to the public last month apparently in response to the fatal police shooting of 13-year-old Adam Toledo. The emails were posted online on April 19 by Distributed Denial of Secrets, a nonprofit whistleblower group similar to WikiLeaks that’s facilitated other recent high-profile data dumps. An unrelated hacker gang initially stole the files during a series of data breaches that swept up sensitive information from corporations, universities and government bodies.”

Title: Millions Put at Risk by Old, out of Date Routers

Date Published: May 7, 2021


Excerpt: “Which? is a proponent of ISP transparency with regard to routers receiving firmware and security updates, a requirement of the Secure by Design proposal. The company also calls for the government to ban the use of default passwords, or ISPs allowing users to set weak passwords on their routers. This is a good move. Although convenient, setting a weak password isn’t going to strengthen anyone’s security. On top of that, ISPs allowing users to always take the convenient and insecure route misses a good opportunity to educate their customers on good computers—and password creation and management—practices.”

Title: Russia-Linked APT29 Group Changes TTPs Following April Advisories

Date Published: May 6, 2021


Excerpt: “The NCSC, NSA, CISA, and CSE have previously issued a joint report regarding the group’s campaigns aimed at organizations involved in COVID-19 vaccine development throughout 2020 using WellMess and WellMail malware. The news joint repost, speculates the SVR has reacted to the report by changing their TTPs. These changes reported by the government experts include the deployment of the open-source tool Sliver to gain persistence on the compromised infrastructure and the use of multiple vulnerabilities, including Microsoft Exchange ProxyLogon vulnerability CVE-2021-26855.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...