OSN June 22, 2021

Fortify Security Team
Jun 22, 2021

Title: Hit by a Ransomware Attack? Your Payment May Be Deductible

Date Published: June 19, 2021

https://apnews.com/article/technology-business-government-and-politics-d8c1e9958ad1e89eab83f44e6ca70a94

Excerpt: “Officials warn that payments lead to more ransomware attacks. “We’re in this boat we’re in now because over the last several years people have paid the ransom,” Stephen Nix, assistant to the special agent in charge at the U.S. The Secret Service said at a recent summit on cybersecurity. It’s unclear how many companies that pay ransomware payments avail themselves of the tax deductions. When asked at a congressional hearing whether the company would pursue a tax deduction for the payment, Colonial CEO Joseph Blount said he was unaware that was a possibility.”

Title: Attackers in Executive Clothing – BEC Continues to Separate Orgs From Their Money

Date Published: June 22, 2021

https://blog.talosintelligence.com/2021/06/business-email-compromise.html

Excerpt: “The way this works is incredibly simple and requires nothing more than some social engineering skills and persistence to reach enough potential victims. We’ve walked through several examples of how this works and you can see the basic, high level, overview. It starts with an innocuous, simple email asking for help, most times related to a gift card or other quickly monetizable purchase, but that request often doesn’t show up until you initially respond. Once the victim responds, the actor goes into action, requesting very specific amounts of gift cards typically in the $300 – $500 range.”

Title: Mysterious Ransomware Payment Traced to a Sensual Massage Site

Date Published: June 22, 2021

https://www.bleepingcomputer.com/news/security/mysterious-ransomware-payment-traced-to-a-sensual-massage-site/

Excerpt: “Of particular interest is what the researchers discovered after they used CipherTrace to track the ransom payment as it flowed through different bitcoin wallets. While tracing the payment, they found a small portion, 0.01378880 BTC or approximately $590, was sent to a ‘Tip Jar’ on the RubRatings site. RubRatings is a website that allows “massage and body rub providers” in the USA to advertise their services, many of them offering sensual massages and showing barely nude pictures. Each masseuse profile includes a Tip Jar button that allows customers to leave a bitcoin tip for their recent massage.”

Title: U.S. Sec Probing Solarwinds Clients Over Cyber Breach Disclosures

Date Published: June 21, 2021

https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21/

Excerpt: “WASHINGTON, June 21 (Reuters) – The U.S. The Securities and Exchange Commission (SEC) has opened a probe into last year’s SolarWinds (SWI.N) cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said on Monday. The SEC sent investigative letters late last week to a number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations.”

Title: North Korean Hackers’ New Hit: KAERI VPN Vulnerability Puts in Danger Internal Network

Date Published: June 22, 2021

https://heimdalsecurity.com/blog/kaeri-vpn-vulnerability-network-breach/

Excerpt: “A representative of the main opposition party of South Korea, by his name Ha Tae-keung declared that the KAERI VPN vulnerability permitted hackers’ access to the agency’s internal network through 13 unauthorized IP addresses. It was discovered that one of the addresses belonged to the Kimsuky threat actors’ group that is believed to be working for the North Korean Reconnaissance General Bureau which stands for North Koreas’ Intelligence organization.”

Title: Tracking Vulnerability Fixed on Tor Browser

Date Published: June 22, 2021

https://heimdalsecurity.com/blog/tracking-vulnerability-fixed-on-tor-browser/

Excerpt: “This ID can afterward be tracked across different browsers, like Google Chrome, Edge, Tor Browser, Firefox, and Safari, but the vulnerability is especially concerning for Tor users who are using the browser to protect their identity and IP address from being logged with the sites they are accessing. As this specific vulnerability is managed to track the users across browsers, it can allow websites, and even law enforcement, to track a user’s real IP address when they switch to a non-anonymizing browser, such as Google Chrome.”

Title: Darkside RaaS in Linux version

Date Published: June 22, 2021

https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version

Excerpt: “AT&T Alien Labs recently analyzed the Linux version of the Darkside ransomware, one of the most active ransomware in the last quarter. Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Unlike common Linux ransomwares which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible without the encryption key, if properly implemented.”

Title: Bash Ransomware DarkRadiation Targets RedHat- and Debian-based Linux Distributions

Date Published: June 17, 2021

https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat–and-debian-based-linux-distributions.html

Excerpt: “A recently discovered Bash ransomware piqued our interest in multiple ways. Upon investigating, we found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development. Most components of this attack mainly target RedHat and CentOS Linux distributions; however, in some scripts Debian-based Linux distributions are included as well. The worm and ransomware scripts also use the API of the messaging application Telegram for command-and-control (C&C) communication.”

Title: Do You Want Speed or Security as Expected? Spectre CPU Defenses Can Cripple Performance on Linux in Tests

Date Published: June 22, 2021

https://www.theregister.com/2021/06/22/spectre_linux_performance_test_analysis/

Excerpt: “Disclosed in 2018 and affecting designs by Intel, Arm, AMD and others to varying degrees, these speculative execution flaws encompass multiple variants. They can be potentially exploited by malware via various techniques to extract sensitive information, such as cryptographic keys and authentication tokens, from operating systems and application memory that should be off limits. Therein lies the rub; does one keep the protections on and take whatever performance hit arises (it does depend enormously on the type of workload running) or switch them off because the risk is low? Or, from another point of view, put speed promised by chip manufacturers over security that was supposed to be present.”

Title: Have We Reached Peak Ransomware? How the Internet’s Biggest Security Problem Has Grown and What Happens Next

Date Published: June 22, 2021

https://www.zdnet.com/article/have-we-reached-peak-ransomware-how-the-internets-biggest-security-problem-has-grown-and-what-happens-next/

Excerpt: “Cyber criminals take heed of this warning, with many coding their ransomware with instructions to terminate if a scan reveals that it’s on a Russian language system. On top of this, it’s against the Russian constitution to extradite Russian citizens, so even if authorities in the West were able to identify members of a ransomware operation, they’re unlikely to be able to make arrests. Meanwhile, a ransomware group would be unlikely to succeed for long if it was working out of a western nation because law enforcement would quickly take action.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...