OSN May 14, 2021

Fortify Security Team
May 14, 2021

Title: Colonial Pipeline Likely Paid a $5m Ransom to Darkside
Date Published: May 14, 2021


Excerpt: “Colonial Pipeline made the ransom payment to the hacking group DarkSide after the cybercriminals last week held up the company’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. According to the media, once the company has obtained the decryption key used it along with its backup system to quickly restore the impacted systems and resume pipeline operations.”

Title: FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks
Date Published: May 13, 2021


Excerpt: “This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur.  It is the first of many ambitious steps the Administration is taking to modernize national cyber defenses.  However, the Colonial Pipeline incident is a reminder that federal action alone is not enough.”

Title: Security by Design and NIST 800-160, Part 2: Life Cycle Processes
Date Published: May 13, 2021


Excerpt: “NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid out in chapter three can help your organization position itself well to minimize risk and have a resilient cybersecurity and information security program.”

Title: NSA and ODNI Analyze Potential Risks to 5G Networks
Date Published: May 12, 2021


Excerpt: “The analysis provides a list of known and potential threats to the 5G networks, sample scenarios of the adoption of 5G technologies and assesses risks to 5G core technologies. The improper definition and implementation of 5G policies could pose serious risks, for example, states contributing to their drafting could attempt to influence standards into benefiting their proprietary technologies. In other cases, states could fall into defining optional controls, which are not implemented by operators.”

Title: Who is DarkSide – The Group Behind the Colonial Pipeline Breach?
Date Published: May 14, 2021


Excerpt: “In the March 2021 forum post, darksupp outlined the group’s criteria for whom it partners with and who it allows partners to target. darksupp specified that DarkSide exclusively seeks experienced, Russian-speaking partners and does not wish to work with English-speaking individuals or individuals linked to security services or cybersecurity companies. Additionally, the group stated its service is aimed at targeting only large corporations and listed the criteria for the types of entities that partners should not target.”

Title: QNAP Warns of Ech0raix Ransomware Attacks, Roon Server Zero-Day
Date Published: May 14, 2021


Excerpt: “QNAP devices were previously targeted by eCh0raix ransomware (also known as QNAPCrypt) in June 2019 and June 2020. A massive Qlocker ransomware campaign also hit QNAP devices starting mid-April, with the threat actors behind the attacks making $260,000 in just five days by remotely encrypting data using the 7zip archive program. Additionally, QNAP removed a backdoor account (aka hardcoded credentials) in the HBS 3 Hybrid Backup Sync backup and disaster recovery app.”

Title: Ransomware’s New Swindle: Triple Extortion
Date Published: May 14, 2021


Excerpt: “As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency. Researchers said the first case of triple extortion they observed in the wild was in October, when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.”

Title: Toshiba Unit Hacked by Darkside, Conglomerate to Undergo Strategic Review
Date Published: May 14, 2021


Excerpt: “Screenshots of DarkSide’s post provided by the cybersecurity firm said more than 740 gigabytes of information was compromised and included passports and other personal information. Reuters could not access DarkSide’s public-facing website on Friday. Security researchers said DarkSide’s multiple websites had stopped being accessible. Ransomware attacks have increased in number and amount of demands, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They increasingly release stolen data as well, or threaten to unless they are paid more.”

Title: Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
Date Published: May 14, 2021


Excerpt: “Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other malicious domains posing as file-sharing sites to host malicious artifacts.”

Title: Hackers Abuse Microsoft’s MSBuild Platform to Deploy Malware
Date Published: May 14, 2021


Excerpt: “MSBuild (msbuild.exe) is a Microsoft platform for building applications. This engine provides an XML schema for a project file that controls how the build platform processes and builds software. The RedLine Stealer exfiltrates data from browsers such as login, autocomplete, passwords, and credit cards. It also collects information about the user and their system such as the username, their location, hardware configuration, and installed security software. The last year’s update to RedLine Stealer also added the ability to steal cryptocurrency cold wallets.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...