OSN June 15, 2021

Fortify Security Team
Jun 15, 2021

Title: Hades Ransomware Operators Use Distinctive Tactics and Infrastructure

Date Published: June 15, 2021

https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure

Excerpt: “Hades’ absence on underground forums and marketplaces suggests that it is operated as private ransomware rather than ransomware as a service (RaaS). GOLD WINTER “names and shames” victims after stealing their data but does not use a centralized leak site to expose the exfiltrated data. Instead, Tor-based Hades websites appear to be customized for each victim (see Figure 1). Each website includes a victim-specific Tox chat ID for communications (see Figure 1). Using Tox instant messaging for communications is a novel technique that CTU researchers have not observed with other ransomware families.”

Title: Andariel Evolves to Target South Korea With Ransomware

Date Published: June 15, 2021

https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/

Excerpt: “Our attribution is based on the code overlaps between the second stage payload in this campaign and previous malware from the Andariel group. Apart from the code similarity, we found an additional connection with the Andariel group. Each threat actor has characteristics when they interactively work with a backdoor shell in the post-exploitation phase. The way Windows commands and their options were used in this campaign is almost identical to previous Andariel activity.”

Title: Largest U.S. Propane Distributor Discloses ‘8-Second’ Data Breach

Date Published: June 15, 2021

https://www.bleepingcomputer.com/news/security/largest-us-propane-distributor-discloses-8-second-data-breach/

Excerpt: “During the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees’ information, including Lab IDs, social security numbers, driver’s license numbers, and dates of birth. This incident marks the second data breach incident concerning AmeriGas this year. In March 2021, AmeriGas had disclosed an attempted data breach, in which a company customer service agent was fired for potentially misusing customer credit card information.”

Title: Critical Entities Targeted in Suspected Chinese Cyber Spying

Date Published: June 15, 2021

https://apnews.com/article/government-and-politics-hacking-technology-business-7350235e07d46ba5afc1238b553ea4b9

Excerpt: “Mandiant said it found signs of data extraction from some of the targets. The company and BAE have identified targets of the hacking campaign in several fields, including financial, technology and defense firms, as well as municipal governments. Some targets were in Europe, but most in the U.S. At least one major local government has disputed it was a target of the Pulse Secure hack. Montgomery County, Maryland, said it was advised by CISA that its Pulse Secure devices were attacked. But county spokesman Scott Peterson said the county found no evidence of a compromise and told CISA they had a “false report”.”

Title: Nato Summit Communiqué Compares Repeat Cyberattacks to Armed Attacks – and Stops Short of Saying ‘One-In, All-In’ Rule Will Always Apply

Date Published: June 15, 2021

https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/

Excerpt: “The document treats both Russia and China as threats. Russia earns 63 mentions and is labelled as “aggressive.” China is mentioned ten times, and its behaviour is described as “assertive” and “presenting systemic challenges.” The document vows to engage China to defend Alliance security interests, referring specifically to China’s cyberattacks, disinformation campaigns and actions in the space domain, among others.”

Title: When Security Gets Physical: Mossad Boss Hints at Less-Than-Subtle Stuxnet Followup

Date Published: June 15, 2021

https://www.theregister.com/2021/06/15/in_brief_security/

Excerpt: “This kinetic approach is a far cry from a decade or more ago, when a combined US and Israeli operation covertly installed the Stuxnet malware on the air-gapped computer systems used to control some of Iran’s centrifuges. The sophisticated malware surreptitiously interfered with the centrifuge speed to derail Iran’s uranium fuel enrichment process.”

Title: Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

Date Published: June 15, 2021

https://threatpost.com/court-linkedin-data-scraping/166927/

Excerpt: “Though it is appears that giving LinkedIn another chance to argue its case could be a reversal of opinion about the scope of the CFAA, it could actually be a case of the court making a difference between the act of one single person versus the power of bots that companies like hiQ Labs use to scrape data at a much higher volume than any humans can do, said one expert.”

Title: Research Identifies the Clear Benefits of Strong Observability

Date Published: June 15, 2021

https://www.splunk.com/en_us/blog/devops/research-identifies-the-clear-benefits-of-strong-observability.html

Excerpt: “Clearly, adoption of observability strategies has real, tangible benefits. Faster root cause analysis leads to shorter downtime and better performance. Meeting performance commitments enables development to accelerate, knowing that the application will remain performant and operational. Additional products and revenue streams speak for themselves — being able to launch additional products with confidence is key to ensuring survival in today’s dynamic and competitive market.”

Title: Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire

Date Published: June 15, 2021

https://www.esentire.com/security-advisories/hackers-flood-the-web-with-100-000-malicious-pages-promising-professionals-free-business-forms-but-are-delivering-malware-reports-esentire

Excerpt: “Upon attempting to download the alleged document template, users are redirected, unknowingly, to a malicious website where the RAT malware is hosted. eSentire’s Threat Response Unit (TRU) discovered over 100,000 unique web pages that contain popular business terms/particular keywords: template, invoice, receipt, questionnaire, and resume. In a precursory search, 70,000 unique web pages included the mention of either template or invoice. These common business terms serve as keywords for the threat actors’ search optimization strategy, convincing Google’s web crawler that the intended content meets conditions for a high PageRank score.”

Title: Apple Hurries Patches for Safari Bugs Under Active Attack

Date Published: June 15, 2021

https://threatpost.com/apple-patch-safari-active-attack/166922/

Excerpt: “Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that “may have been actively exploited,” according to a Monday security bulletin by the company. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018. “Apple is aware of a report that this issue may have been actively exploited,” the company wrote. Technical details of the two bugs, Apple said, will not be released, “until an investigation has occurred and patches or releases are available”.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...