OSN June 15, 2021

Fortify Security Team
Jun 15, 2021

Title: Hades Ransomware Operators Use Distinctive Tactics and Infrastructure

Date Published: June 15, 2021


Excerpt: “Hades’ absence on underground forums and marketplaces suggests that it is operated as private ransomware rather than ransomware as a service (RaaS). GOLD WINTER “names and shames” victims after stealing their data but does not use a centralized leak site to expose the exfiltrated data. Instead, Tor-based Hades websites appear to be customized for each victim (see Figure 1). Each website includes a victim-specific Tox chat ID for communications (see Figure 1). Using Tox instant messaging for communications is a novel technique that CTU researchers have not observed with other ransomware families.”

Title: Andariel Evolves to Target South Korea With Ransomware

Date Published: June 15, 2021


Excerpt: “Our attribution is based on the code overlaps between the second stage payload in this campaign and previous malware from the Andariel group. Apart from the code similarity, we found an additional connection with the Andariel group. Each threat actor has characteristics when they interactively work with a backdoor shell in the post-exploitation phase. The way Windows commands and their options were used in this campaign is almost identical to previous Andariel activity.”

Title: Largest U.S. Propane Distributor Discloses ‘8-Second’ Data Breach

Date Published: June 15, 2021


Excerpt: “During the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees’ information, including Lab IDs, social security numbers, driver’s license numbers, and dates of birth. This incident marks the second data breach incident concerning AmeriGas this year. In March 2021, AmeriGas had disclosed an attempted data breach, in which a company customer service agent was fired for potentially misusing customer credit card information.”

Title: Critical Entities Targeted in Suspected Chinese Cyber Spying

Date Published: June 15, 2021


Excerpt: “Mandiant said it found signs of data extraction from some of the targets. The company and BAE have identified targets of the hacking campaign in several fields, including financial, technology and defense firms, as well as municipal governments. Some targets were in Europe, but most in the U.S. At least one major local government has disputed it was a target of the Pulse Secure hack. Montgomery County, Maryland, said it was advised by CISA that its Pulse Secure devices were attacked. But county spokesman Scott Peterson said the county found no evidence of a compromise and told CISA they had a “false report”.”

Title: Nato Summit Communiqué Compares Repeat Cyberattacks to Armed Attacks – and Stops Short of Saying ‘One-In, All-In’ Rule Will Always Apply

Date Published: June 15, 2021


Excerpt: “The document treats both Russia and China as threats. Russia earns 63 mentions and is labelled as “aggressive.” China is mentioned ten times, and its behaviour is described as “assertive” and “presenting systemic challenges.” The document vows to engage China to defend Alliance security interests, referring specifically to China’s cyberattacks, disinformation campaigns and actions in the space domain, among others.”

Title: When Security Gets Physical: Mossad Boss Hints at Less-Than-Subtle Stuxnet Followup

Date Published: June 15, 2021


Excerpt: “This kinetic approach is a far cry from a decade or more ago, when a combined US and Israeli operation covertly installed the Stuxnet malware on the air-gapped computer systems used to control some of Iran’s centrifuges. The sophisticated malware surreptitiously interfered with the centrifuge speed to derail Iran’s uranium fuel enrichment process.”

Title: Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

Date Published: June 15, 2021


Excerpt: “Though it is appears that giving LinkedIn another chance to argue its case could be a reversal of opinion about the scope of the CFAA, it could actually be a case of the court making a difference between the act of one single person versus the power of bots that companies like hiQ Labs use to scrape data at a much higher volume than any humans can do, said one expert.”

Title: Research Identifies the Clear Benefits of Strong Observability

Date Published: June 15, 2021


Excerpt: “Clearly, adoption of observability strategies has real, tangible benefits. Faster root cause analysis leads to shorter downtime and better performance. Meeting performance commitments enables development to accelerate, knowing that the application will remain performant and operational. Additional products and revenue streams speak for themselves — being able to launch additional products with confidence is key to ensuring survival in today’s dynamic and competitive market.”

Title: Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire

Date Published: June 15, 2021


Excerpt: “Upon attempting to download the alleged document template, users are redirected, unknowingly, to a malicious website where the RAT malware is hosted. eSentire’s Threat Response Unit (TRU) discovered over 100,000 unique web pages that contain popular business terms/particular keywords: template, invoice, receipt, questionnaire, and resume. In a precursory search, 70,000 unique web pages included the mention of either template or invoice. These common business terms serve as keywords for the threat actors’ search optimization strategy, convincing Google’s web crawler that the intended content meets conditions for a high PageRank score.”

Title: Apple Hurries Patches for Safari Bugs Under Active Attack

Date Published: June 15, 2021


Excerpt: “Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that “may have been actively exploited,” according to a Monday security bulletin by the company. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018. “Apple is aware of a report that this issue may have been actively exploited,” the company wrote. Technical details of the two bugs, Apple said, will not be released, “until an investigation has occurred and patches or releases are available”.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...