OSN May 14, 2021

Fortify Security Team
May 14, 2021

Title: Colonial Pipeline Likely Paid a $5m Ransom to Darkside
Date Published: May 14, 2021

https://securityaffairs.co/wordpress/117892/cyber-crime/colonial-pipeline-paid-ransom.html

Excerpt: “Colonial Pipeline made the ransom payment to the hacking group DarkSide after the cybercriminals last week held up the company’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. According to the media, once the company has obtained the decryption key used it along with its backup system to quickly restore the impacted systems and resume pipeline operations.”

Title: FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks
Date Published: May 13, 2021

https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/

Excerpt: “This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur.  It is the first of many ambitious steps the Administration is taking to modernize national cyber defenses.  However, the Colonial Pipeline incident is a reminder that federal action alone is not enough.”

Title: Security by Design and NIST 800-160, Part 2: Life Cycle Processes
Date Published: May 13, 2021

https://securityintelligence.com/articles/security-by-design-nist-800-16-part-2/

Excerpt: “NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid out in chapter three can help your organization position itself well to minimize risk and have a resilient cybersecurity and information security program.”

Title: NSA and ODNI Analyze Potential Risks to 5G Networks
Date Published: May 12, 2021

https://securityaffairs.co/wordpress/117802/security/5g-networks-risks.html

Excerpt: “The analysis provides a list of known and potential threats to the 5G networks, sample scenarios of the adoption of 5G technologies and assesses risks to 5G core technologies. The improper definition and implementation of 5G policies could pose serious risks, for example, states contributing to their drafting could attempt to influence standards into benefiting their proprietary technologies. In other cases, states could fall into defining optional controls, which are not implemented by operators.”

Title: Who is DarkSide – The Group Behind the Colonial Pipeline Breach?
Date Published: May 14, 2021

https://geminiadvisory.io/who-is-darkside/

Excerpt: “In the March 2021 forum post, darksupp outlined the group’s criteria for whom it partners with and who it allows partners to target. darksupp specified that DarkSide exclusively seeks experienced, Russian-speaking partners and does not wish to work with English-speaking individuals or individuals linked to security services or cybersecurity companies. Additionally, the group stated its service is aimed at targeting only large corporations and listed the criteria for the types of entities that partners should not target.”

Title: QNAP Warns of Ech0raix Ransomware Attacks, Roon Server Zero-Day
Date Published: May 14, 2021

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ech0raix-ransomware-attacks-roon-server-zero-day/

Excerpt: “QNAP devices were previously targeted by eCh0raix ransomware (also known as QNAPCrypt) in June 2019 and June 2020. A massive Qlocker ransomware campaign also hit QNAP devices starting mid-April, with the threat actors behind the attacks making $260,000 in just five days by remotely encrypting data using the 7zip archive program. Additionally, QNAP removed a backdoor account (aka hardcoded credentials) in the HBS 3 Hybrid Backup Sync backup and disaster recovery app.”

Title: Ransomware’s New Swindle: Triple Extortion
Date Published: May 14, 2021

https://threatpost.com/ransomwares-swindle-triple-extortion/166149/

Excerpt: “As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency. Researchers said the first case of triple extortion they observed in the wild was in October, when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.”

Title: Toshiba Unit Hacked by Darkside, Conglomerate to Undergo Strategic Review
Date Published: May 14, 2021

https://www.databreaches.net/jp-toshiba-unit-hacked-by-darkside-conglomerate-to-undergo-strategic-review/

Excerpt: “Screenshots of DarkSide’s post provided by the cybersecurity firm said more than 740 gigabytes of information was compromised and included passports and other personal information. Reuters could not access DarkSide’s public-facing website on Friday. Security researchers said DarkSide’s multiple websites had stopped being accessible. Ransomware attacks have increased in number and amount of demands, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They increasingly release stolen data as well, or threaten to unless they are paid more.”

Title: Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
Date Published: May 14, 2021

https://thehackernews.com/2021/05/pakistan-linked-hackers-added-new.html

Excerpt: “Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other malicious domains posing as file-sharing sites to host malicious artifacts.”

Title: Hackers Abuse Microsoft’s MSBuild Platform to Deploy Malware
Date Published: May 14, 2021

https://heimdalsecurity.com/blog/hackers-abuse-microsofts-msbuild-platform-to-deploy-malware/

Excerpt: “MSBuild (msbuild.exe) is a Microsoft platform for building applications. This engine provides an XML schema for a project file that controls how the build platform processes and builds software. The RedLine Stealer exfiltrates data from browsers such as login, autocomplete, passwords, and credit cards. It also collects information about the user and their system such as the username, their location, hardware configuration, and installed security software. The last year’s update to RedLine Stealer also added the ability to steal cryptocurrency cold wallets.”

Recent Posts

January 20, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks Date Published: January 20, 2022 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ Excerpt: "Security analysts have discovered and linked...

January 19, 2022

Title: Office 365 Phishing Attack Impersonates the US Department of Labor Date Published: January 19, 2022 https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ Excerpt: "A new phishing campaign...

January 18, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups Date Published: January 18, 2022 https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/ Excerpt: "Law enforcement authorities from 10 countries took down...

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...