OSN June 2, 2021

Fortify Security Team
Jun 2, 2021

Title: Internet Domains Used by APT29 in Phishing Attacks Seized by the U.S.
Date Published: June 2, 2021


Excerpt: “The domains seized are theyardservice[.]com and worldhomeoutlet[.]com. The domains were used to receive the data that was exfiltrated from victims of the targeted phishing attacks and to send further commands malware in an attempt to execute on infected machines. Microsoft has disclosed the attacks recently and declared they were conducted by a Russian state-affiliated hacking group known as NOBELIUM (APT29, Cozy Bear, and The Dukes), with the group supposedly being affiliated with the Russian Foreign Intelligence Service (SVR).”

Title: U.S. Schools Land IBM Grants to Protect Themselves Against Ransomware
Date Published: June 2, 2021


Excerpt: “The grants, worth $500,000 each, have been awarded to school districts in Florida (Brevard Public Schools), New York (Poughkeepsie City School District), Georgia (KIPP Metro Atlanta Schools), Texas (Sheldon Independent School District), California (Newhall School District), and Colorado (Denver Public Schools). IBM says that applicants were judged on their “cybersecurity needs and experiences, community resources and potential risks”.

Title: Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites
Date Published: June 2, 2021


Excerpt: “Armed with this capability, an attacker can achieve remote code execution on an affected website, allowing full site takeover, the researchers noted. Wordfence has not shared the technical specifics of the vulnerability as it’s under active attack. Wordfence said that the critical zero-day could be exploited in select configurations even if the plugin has been deactivated, urging users to completely uninstall Fancy Product Designer until a patched version becomes available.”

Title: China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
Date Published: June 1, 2021


Excerpt: “This successful, sophisticated attack targeted CI on a national scale, denied service across the country, interrupted the daily life of the common citizen, and brought brief but significant economic turmoil. On May 15, (ten days after the CPC incident), the Investigation Bureau of the Ministry of Justice (MJIB) released an investigation report stating that the CPC was one of more than ten victims in this sophisticated and organized ColdLock ransomware attack. The unnamed ten included other organizations in Taiwan’s critical infrastructure, even a large multinational semiconductor vendor.”

Title: Visualizing U.S. Petroleum Pipeline Networks
Date Published: June 2, 2021


Excerpt: “There is much we can learn through multidimensional data sources and connecting the dots during disasters, so that in the future, we are more prepared as a society. In the case of the Colonial pipeline cyber-attack: pipeline networks, petroleum refinery and storage locations, transport supply chains, and the locations of gas stations with shortages can help understand the chain of events. This understanding will make us better prepared for future cyber-attacks.”

Title: Exploit Broker Zerodium Is Looking for Pidgin 0day Exploits
Date Published: June 2, 2021


Excerpt: “Because Pidgin is used by cybercriminal organizations and terrorist groups, some of them developed specific plugins to add additional protection to the communications. Today the Pidgin client is mainly used to exchange messages via the XMPP (Jabber) protocol. Pidgin also supports plugins that implement Off-the-Record Messaging over any IM network Pidgin supports. Researchers from Trend Micro reported the existence of Asrar al-Dardashah, a plugin released in 2013 that was developed for Pidgin to add encryption to the instant messaging functions, securing instant messaging with the press of a single button.”

Title: Researchers Uncover Hacking Operations Targeting Government Entities in South Korea
Date Published: June 2, 2021


Excerpt: “Kimsuky’s attack infrastructure consists of various phishing websites that mimic well known websites such as Gmail, Microsoft Outlook, and Telegram with an aim to trick victims into entering their credentials. “This is one of the main methods used by this actor to collect email addresses that later will be used to send spear-phishing emails.” In using social engineering as a core component of its operations, the goal is to distribute a malware dropper that takes the form of a ZIP archive file attached to the emails, which ultimately leads to the deployment of an encoded DLL payload called AppleSeed, a backdoor that’s been put to use by Kimusky as early as 2019.”

Title: Cyber-Insurance Fuels Ransomware Payment Surge
Date Published: June 2, 2021


Excerpt: “The sub-limits have become more common as cyber-insurance has drawn concern from security experts about how it will change the overall security landscape. For instance, many argue that falling back on cyber-insurance policies during a ransomware attack could dissuade companies from adopting the security measures that could prevent such an attack in the first place. From a broad perspective, building in ransomware payments to insurance policies will only promote the use of ransomware further and simultaneously disincentivize organizations from taking the proper steps to avoid ransomware fallout.”

Title: White House Puts Russia on Notice Over JBS Ransomware Hit
Date Published: June 1, 2021


Excerpt: “The White House says the U.S. Department of Agriculture is contacting other meat suppliers to ensure they’re aware of the JBS incident and taking steps to defend themselves against similar attacks. Agriculture operations and food processing facilities are designated by CISA as being critical infrastructure. But food plants – similar to manufacturing plants – have often proven to be soft targets for ransomware distributors, says Allan Liska, who is part of cybersecurity firm Recorded Future’s computer security incident response team.”

Title: Scripps Begins Notifying More Than 147,000 People of Ransomware Records Breach
Date Published: June 1, 2021


Excerpt: “Fallout from the incursion took nearly a full month to resolve, forcing medical professionals at all levels of care, from medical offices to hospitals, to document their work on paper charts. Access to important information, such as previous test results, was unavailable for weeks, and Scripps facilities did not begin regaining the ability to create new digital records until late last week when the organization’s MyScripps patient portal also returned to service.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...