OSN May 14, 2021

Fortify Security Team
May 14, 2021

Title: Colonial Pipeline Likely Paid a $5m Ransom to Darkside
Date Published: May 14, 2021


Excerpt: “Colonial Pipeline made the ransom payment to the hacking group DarkSide after the cybercriminals last week held up the company’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. According to the media, once the company has obtained the decryption key used it along with its backup system to quickly restore the impacted systems and resume pipeline operations.”

Title: FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks
Date Published: May 13, 2021


Excerpt: “This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur.  It is the first of many ambitious steps the Administration is taking to modernize national cyber defenses.  However, the Colonial Pipeline incident is a reminder that federal action alone is not enough.”

Title: Security by Design and NIST 800-160, Part 2: Life Cycle Processes
Date Published: May 13, 2021


Excerpt: “NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid out in chapter three can help your organization position itself well to minimize risk and have a resilient cybersecurity and information security program.”

Title: NSA and ODNI Analyze Potential Risks to 5G Networks
Date Published: May 12, 2021


Excerpt: “The analysis provides a list of known and potential threats to the 5G networks, sample scenarios of the adoption of 5G technologies and assesses risks to 5G core technologies. The improper definition and implementation of 5G policies could pose serious risks, for example, states contributing to their drafting could attempt to influence standards into benefiting their proprietary technologies. In other cases, states could fall into defining optional controls, which are not implemented by operators.”

Title: Who is DarkSide – The Group Behind the Colonial Pipeline Breach?
Date Published: May 14, 2021


Excerpt: “In the March 2021 forum post, darksupp outlined the group’s criteria for whom it partners with and who it allows partners to target. darksupp specified that DarkSide exclusively seeks experienced, Russian-speaking partners and does not wish to work with English-speaking individuals or individuals linked to security services or cybersecurity companies. Additionally, the group stated its service is aimed at targeting only large corporations and listed the criteria for the types of entities that partners should not target.”

Title: QNAP Warns of Ech0raix Ransomware Attacks, Roon Server Zero-Day
Date Published: May 14, 2021


Excerpt: “QNAP devices were previously targeted by eCh0raix ransomware (also known as QNAPCrypt) in June 2019 and June 2020. A massive Qlocker ransomware campaign also hit QNAP devices starting mid-April, with the threat actors behind the attacks making $260,000 in just five days by remotely encrypting data using the 7zip archive program. Additionally, QNAP removed a backdoor account (aka hardcoded credentials) in the HBS 3 Hybrid Backup Sync backup and disaster recovery app.”

Title: Ransomware’s New Swindle: Triple Extortion
Date Published: May 14, 2021


Excerpt: “As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency. Researchers said the first case of triple extortion they observed in the wild was in October, when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.”

Title: Toshiba Unit Hacked by Darkside, Conglomerate to Undergo Strategic Review
Date Published: May 14, 2021


Excerpt: “Screenshots of DarkSide’s post provided by the cybersecurity firm said more than 740 gigabytes of information was compromised and included passports and other personal information. Reuters could not access DarkSide’s public-facing website on Friday. Security researchers said DarkSide’s multiple websites had stopped being accessible. Ransomware attacks have increased in number and amount of demands, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They increasingly release stolen data as well, or threaten to unless they are paid more.”

Title: Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
Date Published: May 14, 2021


Excerpt: “Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other malicious domains posing as file-sharing sites to host malicious artifacts.”

Title: Hackers Abuse Microsoft’s MSBuild Platform to Deploy Malware
Date Published: May 14, 2021


Excerpt: “MSBuild (msbuild.exe) is a Microsoft platform for building applications. This engine provides an XML schema for a project file that controls how the build platform processes and builds software. The RedLine Stealer exfiltrates data from browsers such as login, autocomplete, passwords, and credit cards. It also collects information about the user and their system such as the username, their location, hardware configuration, and installed security software. The last year’s update to RedLine Stealer also added the ability to steal cryptocurrency cold wallets.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...