OSN June 21, 2021

by | Jun 21, 2021 | Open Source News

Title: Fake DarkSide Campaign Targets Energy and Food Sectors

Date Published: June 18, 2021

https://www.trendmicro.com/en_us/research/21/f/fake-darkside-campaign-targets-energy-and-food-sectors.html

Excerpt: “Several companies in the energy and food industry have recently received threatening emails supposedly from DarkSide. In this email, the threat actor claims that they have successfully hacked the target’s network and gained access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid. However, the content used on the emails has led us to believe that they did not come from the said threat group, but from an opportunistic low-level attacker trying to profit off the current situation around DarkSide ransomware activities.”

Title: State-sponsored or Financially Motivated: Is There Any Difference Anymore?

Date Published: June 21, 2021

https://www.welivesecurity.com/2021/06/21/state-sponsored-financially-motivated-is-there-any-difference-anymore/

Excerpt: “For threat researchers and CISOs caught in the middle this may not be of much comfort. But there is a silver lining. Many C-level execs can be guilty of adopting a fatalistic attitude towards state attacks: feeling that their opponents are so well-resourced and sophisticated there’s no point in even trying to defend against them. Well, the truth is that attackers aren’t necessarily superhumans backed by the apparatus and wealth of an entire nation. They may well be using commodity malware or even hired threat actors.”

Title: Amazon Prime Day – Beware of Phishing Deluge, Experts Warn

Date Published: June 21, 2021

https://www.infosecurity-magazine.com/news/amazon-prime-day-phishing-deluge/

Excerpt: “Tessian urged shoppers not to click on Prime Day links in unsolicited emails and double-check senders’ email addresses rather than their display names. “Scammers take advantage of the fact that, on mobile, emails only show a display name which makes it easier for a bad actor to impersonate Amazon and send a message from an unknown email address,” it said.”

Title: Over 30,000 Fertility Clinic Patients Hit by Ransomware Data Breach

Date Published: June 21, 2021

https://www.infosecurity-magazine.com/news/30000-fertility-clinic-patients/

Excerpt: “In a new breach notification, RBA claimed to have first become aware of a cyber-incident on April 16 this year, when it discovered that a file server containing embryology data had been encrypted. “We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day. Based on our investigation, we believe the actor first gained access to our system on April 7, 2021 and subsequently to a serve containing protected health information on April 10, 2021,” it continued.

Title: Nuclear Research Institute Breached by Suspected North Korean Hackers

Date Published: June 21, 2021

https://www.infosecurity-magazine.com/news/nuclear-research-institute/

Excerpt: “A South Korean nuclear power research organization has admitted it’s currently investigating a security breach after reports suggested its neighbor to the north may be responsible. Lawmaker Ha Tae-keung, who sits on the parliamentary intelligence committee, cited third-party research attributing the May 14 attack to Pyeongyang-backed APT group Kimsuky. One of 13 IP addresses used to attack the Korea Atomic Energy Research Institute (KAERI) was traced back to the group, which has been in operation since around 2012, according to Reuters.”

Title: DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

Date Published: June 21, 2021

https://thehackernews.com/2021/06/droidmorph-shows-popular-android.html

Excerpt: “In a test conducted using 1,771 morphed APK variants generated through DroidMorph, the researchers found that 8 out of 17 leading commercial anti-malware programs failed to detect any of the cloned applications, with an average detection rate of 51.4% for class morphing, 58.8% for method morphing, and 54.1% for body morphing observed across all programs.”

Title: New Windows 11 Registry Hacks to Customize Your Device

Date Published: June 20, 2021

https://www.bleepingcomputer.com/news/microsoft/new-windows-11-registry-hacks-to-customize-your-device/

Excerpt: “Below we have gathered the new Windows 11 Registry keys that allow you to customize the behavior and appearance of the operating system’s new features. It should be noted that other new Registry entries do not perform any observable behavior. This is likely due to the leaked Windows 11 build being an early preview without the latest Windows Feature Experience Pack, enhancing the operating system’s functionality. We will update this list as new Registry hacks are discovered.”

Title: Norway Blames China-Linked APT31 for 2018 Government Hack

Date Published: June 20, 2021

https://securityaffairs.co/wordpress/119161/apt/norway-blames-china-apt31.html

Excerpt: “APT31 (aka Zirconium) is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after CheckPoint Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers. APT31 is also believed to be behind an attack on the Parliament of Finland that took place in 2020, according to the government experts, the hackers breached some parliament email accounts in December 2020.”

Title: Law Enforcement’s Cybercrime Honeypot Maneuvers Paying Off

Date Published: June 18, 2021

https://www.bankinfosecurity.com/blogs/law-enforcements-cybercrime-honeypot-maneuvers-paying-off-p-3060

Excerpt: “The operation, also led by Australia, the Netherlands, New Zealand and Sweden, and backed by the EU’s law enforcement agency, Europol, and the U.S. The Drug Enforcement Agency, also delivered another important type of disruption: sowing long-term mistrust and doubt. Anom was the latest in a long line of services supposedly built by criminals, for criminals, that were in turn used by authorities against criminals. For whatever reason, criminals appear to mistrust mainstream encrypted communications services, perhaps fearing that they have been backdoored or otherwise co opted by law enforcement or intelligence agencies.”

Title: Attackers Take Advantage of New Google Docs Exploit

Date Published: June 17, 2021

https://www.avanan.com/blog/attackers-take-advantage-of-new-google-doc-exploit

Excerpt: “This Google Docs page may look familiar to those who share Google Docs outside of their organization. This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page.  The attacker wants the victim to “Click here to download the document” and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another web page made to look like the Google Login portal. As you can see, that is not Google’s website.”