OSN May 19, 2021

Fortify Security Team
May 19, 2021

Title: Mountlocker Ransomware Uses Windows API to Worm Through Networks

Date Published: May 19, 2021


Excerpt: “Using this API, the ransomware can find all devices that are part of the compromised Windows domain and encrypt them using stolen domain credentials. Many corporate environments rely on complex active directory forests and computers within them. Now MountLocker is the first known ransomware to leverage unique corporate architectural insight for the benefit of identifying additional targets for encryption operation outside of the normal network and share scan. This is the quantum shift of professionalizing ransomware development for corporate network exploitation.”

Title: Colonial Pipeline Says Ransomware Recovery Efforts Caused Network Outage for Shippers

Date Published: May 18, 2021


Excerpt: “Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process, Colonial Pipeline said in a statement. “These issues were not related to ransomware or any type of reinfection.” Shippers told Reuters and Bloomberg News that they were unable to access the communication system, which allows Colonial Pipeline customers to “nominate,” or make formal requests for gasoline and other fuel, and to receive updates on fuel shipments.”

Title: Identifying and Addressing Critical OT Asset Vulnerabilities in 24/7 Industrial Operations

Date Published: May 18, 2021


Excerpt: “The knowledge for identifying the “crown jewels” (critical assets) is derived from a process known as Hazard and Operability (HAZOP) study in the petrochemical and other industries handling highly hazardous chemicals. HAZOP study is a structured and systematic assessment of a manufacturing operation designed to identify specific process safety risks to equipment and personnel. The resulting output is a prioritized list of mitigation measures to address such risks.”

Title: How Ransomware Encourages Opportunists to Become Criminals

Date Published: May 19, 2021


Excerpt: “In March, The Record interviewed Unknown from the REvil/Sodinokibi group, which offers ransomware-as-a-service to criminals to carry out extortion, data theft, and system destruction attacks to gain money from victims and/or buyers. In response to the question of whether it targets those carrying cybersecurity insurance policies, Unknown responded, “Yes, this is one of the tastiest morsels. Especially to hack the insurers first — to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves”.”

Title: Scams Target Families of Missing Persons, FBI Warns

Date Published: May 18, 2021


Excerpt: “In its announcement, the FBI also described three cases of families being targeted using the information they shared on social media. One family posted information about a missing 13-year-old along with their phone number, which the scammer then used to contact the mother and demand a ransom. However, the girl was never abducted and ultimately returned home of her own accord.”

Title: Ransomware Attack on Health Sector (IOCs)

Date Published: May 16, 2021


Excerpt: “On 14/05/21 the Health Service Executive (HSE) was impacted by a Ransomware attack which has affected multiple services on their network. The NCSC along with the HSE and partners are currently investigating this incident and an Incident Response process is ongoing. Malicious cyber activity was also detected on the Department of Health (DoH) network early on Friday morning (14th May 2021), however due to the deployment of tools during the investigation process an attempt to execute ransomware was detected and stopped. These attacks are believed to be part of the same campaign targeting the Irish health sector.”

Title: Hackers Scan for Vulnerable Devices Minutes After Bug Disclosure

Date Published: May 19, 2021


Excerpt: “The researchers found that companies take an average of 12 hours to find a new, serious vulnerability. Almost a third of all identified issues related to the Remote Desktop Protocol, a common target for ransomware actors as they can use it to gain admin access to servers. Misconfigured database servers, zero-day vulnerabilities in critical products from vendors like Microsoft and F5, and insecure remote access (Telnet, SNMP, VNC) complete the list of high-priority flaws. According to Palo Alto Networks, companies identified one such issue every 12 hours, in stark contrast with the threat actors’ mean time to inventory of just one hour.”

Title: It’s Time to Prepare for a Rise in Insider Threats

Date Published: May 18, 2021


Excerpt: “Earlier this year, Tesla discovered that an employee had stolen more than 6,000 files containing sensitive code. The software engineer, who was only employed for two weeks, had been hired as one of the few people who could access these files. This incident highlights the danger that insider threats pose to enterprises. This is not a problem that is unique to Tesla or any one industry. Employees, whether through careless or malicious actions, can pose a significant risk to any organization. A survey from the Ponemon Institute recently found that insider threats increased by 47 percent from 2018 to 2020. The cost of insider threat incidents also rose by 31 percent from $8.76 to $11.45 million during the same time period.”

Title: Introducing Site Isolation in Firefox

Date Published: May 18, 2021


Excerpt: “This fundamental redesign of Firefox’s Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop,” Mozilla said in a statement. “Isolating each site into a separate operating system process makes it even harder for malicious sites to read another site’s secret or private data.”

Title: Try This One Weird Trick Russian Hackers Hate

Date Published: May 17, 2021


Excerpt: “In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...