OSN June 22, 2021

Fortify Security Team
Jun 22, 2021

Title: Hit by a Ransomware Attack? Your Payment May Be Deductible

Date Published: June 19, 2021

https://apnews.com/article/technology-business-government-and-politics-d8c1e9958ad1e89eab83f44e6ca70a94

Excerpt: “Officials warn that payments lead to more ransomware attacks. “We’re in this boat we’re in now because over the last several years people have paid the ransom,” Stephen Nix, assistant to the special agent in charge at the U.S. The Secret Service said at a recent summit on cybersecurity. It’s unclear how many companies that pay ransomware payments avail themselves of the tax deductions. When asked at a congressional hearing whether the company would pursue a tax deduction for the payment, Colonial CEO Joseph Blount said he was unaware that was a possibility.”

Title: Attackers in Executive Clothing – BEC Continues to Separate Orgs From Their Money

Date Published: June 22, 2021

https://blog.talosintelligence.com/2021/06/business-email-compromise.html

Excerpt: “The way this works is incredibly simple and requires nothing more than some social engineering skills and persistence to reach enough potential victims. We’ve walked through several examples of how this works and you can see the basic, high level, overview. It starts with an innocuous, simple email asking for help, most times related to a gift card or other quickly monetizable purchase, but that request often doesn’t show up until you initially respond. Once the victim responds, the actor goes into action, requesting very specific amounts of gift cards typically in the $300 – $500 range.”

Title: Mysterious Ransomware Payment Traced to a Sensual Massage Site

Date Published: June 22, 2021

https://www.bleepingcomputer.com/news/security/mysterious-ransomware-payment-traced-to-a-sensual-massage-site/

Excerpt: “Of particular interest is what the researchers discovered after they used CipherTrace to track the ransom payment as it flowed through different bitcoin wallets. While tracing the payment, they found a small portion, 0.01378880 BTC or approximately $590, was sent to a ‘Tip Jar’ on the RubRatings site. RubRatings is a website that allows “massage and body rub providers” in the USA to advertise their services, many of them offering sensual massages and showing barely nude pictures. Each masseuse profile includes a Tip Jar button that allows customers to leave a bitcoin tip for their recent massage.”

Title: U.S. Sec Probing Solarwinds Clients Over Cyber Breach Disclosures

Date Published: June 21, 2021

https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21/

Excerpt: “WASHINGTON, June 21 (Reuters) – The U.S. The Securities and Exchange Commission (SEC) has opened a probe into last year’s SolarWinds (SWI.N) cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said on Monday. The SEC sent investigative letters late last week to a number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations.”

Title: North Korean Hackers’ New Hit: KAERI VPN Vulnerability Puts in Danger Internal Network

Date Published: June 22, 2021

https://heimdalsecurity.com/blog/kaeri-vpn-vulnerability-network-breach/

Excerpt: “A representative of the main opposition party of South Korea, by his name Ha Tae-keung declared that the KAERI VPN vulnerability permitted hackers’ access to the agency’s internal network through 13 unauthorized IP addresses. It was discovered that one of the addresses belonged to the Kimsuky threat actors’ group that is believed to be working for the North Korean Reconnaissance General Bureau which stands for North Koreas’ Intelligence organization.”

Title: Tracking Vulnerability Fixed on Tor Browser

Date Published: June 22, 2021

https://heimdalsecurity.com/blog/tracking-vulnerability-fixed-on-tor-browser/

Excerpt: “This ID can afterward be tracked across different browsers, like Google Chrome, Edge, Tor Browser, Firefox, and Safari, but the vulnerability is especially concerning for Tor users who are using the browser to protect their identity and IP address from being logged with the sites they are accessing. As this specific vulnerability is managed to track the users across browsers, it can allow websites, and even law enforcement, to track a user’s real IP address when they switch to a non-anonymizing browser, such as Google Chrome.”

Title: Darkside RaaS in Linux version

Date Published: June 22, 2021

https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version

Excerpt: “AT&T Alien Labs recently analyzed the Linux version of the Darkside ransomware, one of the most active ransomware in the last quarter. Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Unlike common Linux ransomwares which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible without the encryption key, if properly implemented.”

Title: Bash Ransomware DarkRadiation Targets RedHat- and Debian-based Linux Distributions

Date Published: June 17, 2021

https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat–and-debian-based-linux-distributions.html

Excerpt: “A recently discovered Bash ransomware piqued our interest in multiple ways. Upon investigating, we found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development. Most components of this attack mainly target RedHat and CentOS Linux distributions; however, in some scripts Debian-based Linux distributions are included as well. The worm and ransomware scripts also use the API of the messaging application Telegram for command-and-control (C&C) communication.”

Title: Do You Want Speed or Security as Expected? Spectre CPU Defenses Can Cripple Performance on Linux in Tests

Date Published: June 22, 2021

https://www.theregister.com/2021/06/22/spectre_linux_performance_test_analysis/

Excerpt: “Disclosed in 2018 and affecting designs by Intel, Arm, AMD and others to varying degrees, these speculative execution flaws encompass multiple variants. They can be potentially exploited by malware via various techniques to extract sensitive information, such as cryptographic keys and authentication tokens, from operating systems and application memory that should be off limits. Therein lies the rub; does one keep the protections on and take whatever performance hit arises (it does depend enormously on the type of workload running) or switch them off because the risk is low? Or, from another point of view, put speed promised by chip manufacturers over security that was supposed to be present.”

Title: Have We Reached Peak Ransomware? How the Internet’s Biggest Security Problem Has Grown and What Happens Next

Date Published: June 22, 2021

https://www.zdnet.com/article/have-we-reached-peak-ransomware-how-the-internets-biggest-security-problem-has-grown-and-what-happens-next/

Excerpt: “Cyber criminals take heed of this warning, with many coding their ransomware with instructions to terminate if a scan reveals that it’s on a Russian language system. On top of this, it’s against the Russian constitution to extradite Russian citizens, so even if authorities in the West were able to identify members of a ransomware operation, they’re unlikely to be able to make arrests. Meanwhile, a ransomware group would be unlikely to succeed for long if it was working out of a western nation because law enforcement would quickly take action.”

Recent Posts

January 20, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks Date Published: January 20, 2022 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ Excerpt: "Security analysts have discovered and linked...

January 19, 2022

Title: Office 365 Phishing Attack Impersonates the US Department of Labor Date Published: January 19, 2022 https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ Excerpt: "A new phishing campaign...

January 18, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups Date Published: January 18, 2022 https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/ Excerpt: "Law enforcement authorities from 10 countries took down...

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...