OSN June 15, 2021

Fortify Security Team
Jun 15, 2021

Title: Hades Ransomware Operators Use Distinctive Tactics and Infrastructure

Date Published: June 15, 2021


Excerpt: “Hades’ absence on underground forums and marketplaces suggests that it is operated as private ransomware rather than ransomware as a service (RaaS). GOLD WINTER “names and shames” victims after stealing their data but does not use a centralized leak site to expose the exfiltrated data. Instead, Tor-based Hades websites appear to be customized for each victim (see Figure 1). Each website includes a victim-specific Tox chat ID for communications (see Figure 1). Using Tox instant messaging for communications is a novel technique that CTU researchers have not observed with other ransomware families.”

Title: Andariel Evolves to Target South Korea With Ransomware

Date Published: June 15, 2021


Excerpt: “Our attribution is based on the code overlaps between the second stage payload in this campaign and previous malware from the Andariel group. Apart from the code similarity, we found an additional connection with the Andariel group. Each threat actor has characteristics when they interactively work with a backdoor shell in the post-exploitation phase. The way Windows commands and their options were used in this campaign is almost identical to previous Andariel activity.”

Title: Largest U.S. Propane Distributor Discloses ‘8-Second’ Data Breach

Date Published: June 15, 2021


Excerpt: “During the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees’ information, including Lab IDs, social security numbers, driver’s license numbers, and dates of birth. This incident marks the second data breach incident concerning AmeriGas this year. In March 2021, AmeriGas had disclosed an attempted data breach, in which a company customer service agent was fired for potentially misusing customer credit card information.”

Title: Critical Entities Targeted in Suspected Chinese Cyber Spying

Date Published: June 15, 2021


Excerpt: “Mandiant said it found signs of data extraction from some of the targets. The company and BAE have identified targets of the hacking campaign in several fields, including financial, technology and defense firms, as well as municipal governments. Some targets were in Europe, but most in the U.S. At least one major local government has disputed it was a target of the Pulse Secure hack. Montgomery County, Maryland, said it was advised by CISA that its Pulse Secure devices were attacked. But county spokesman Scott Peterson said the county found no evidence of a compromise and told CISA they had a “false report”.”

Title: Nato Summit Communiqué Compares Repeat Cyberattacks to Armed Attacks – and Stops Short of Saying ‘One-In, All-In’ Rule Will Always Apply

Date Published: June 15, 2021


Excerpt: “The document treats both Russia and China as threats. Russia earns 63 mentions and is labelled as “aggressive.” China is mentioned ten times, and its behaviour is described as “assertive” and “presenting systemic challenges.” The document vows to engage China to defend Alliance security interests, referring specifically to China’s cyberattacks, disinformation campaigns and actions in the space domain, among others.”

Title: When Security Gets Physical: Mossad Boss Hints at Less-Than-Subtle Stuxnet Followup

Date Published: June 15, 2021


Excerpt: “This kinetic approach is a far cry from a decade or more ago, when a combined US and Israeli operation covertly installed the Stuxnet malware on the air-gapped computer systems used to control some of Iran’s centrifuges. The sophisticated malware surreptitiously interfered with the centrifuge speed to derail Iran’s uranium fuel enrichment process.”

Title: Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

Date Published: June 15, 2021


Excerpt: “Though it is appears that giving LinkedIn another chance to argue its case could be a reversal of opinion about the scope of the CFAA, it could actually be a case of the court making a difference between the act of one single person versus the power of bots that companies like hiQ Labs use to scrape data at a much higher volume than any humans can do, said one expert.”

Title: Research Identifies the Clear Benefits of Strong Observability

Date Published: June 15, 2021


Excerpt: “Clearly, adoption of observability strategies has real, tangible benefits. Faster root cause analysis leads to shorter downtime and better performance. Meeting performance commitments enables development to accelerate, knowing that the application will remain performant and operational. Additional products and revenue streams speak for themselves — being able to launch additional products with confidence is key to ensuring survival in today’s dynamic and competitive market.”

Title: Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire

Date Published: June 15, 2021


Excerpt: “Upon attempting to download the alleged document template, users are redirected, unknowingly, to a malicious website where the RAT malware is hosted. eSentire’s Threat Response Unit (TRU) discovered over 100,000 unique web pages that contain popular business terms/particular keywords: template, invoice, receipt, questionnaire, and resume. In a precursory search, 70,000 unique web pages included the mention of either template or invoice. These common business terms serve as keywords for the threat actors’ search optimization strategy, convincing Google’s web crawler that the intended content meets conditions for a high PageRank score.”

Title: Apple Hurries Patches for Safari Bugs Under Active Attack

Date Published: June 15, 2021


Excerpt: “Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that “may have been actively exploited,” according to a Monday security bulletin by the company. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018. “Apple is aware of a report that this issue may have been actively exploited,” the company wrote. Technical details of the two bugs, Apple said, will not be released, “until an investigation has occurred and patches or releases are available”.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...