OSN July 26, 2021

Fortify Security Team
Jul 27, 2021

Title: Even After Emotet Takedown, Office Docs Deliver 43% of All Malware Downloads Now
Date Published: July 23, 2021


Excerpt: “The rapid adoption of enterprise cloud apps has continued into 2021, with data showing adoption is up 22% for the first half of the year. But, the report notes that “97% of cloud apps used in the enterprise are shadowing IT, unmanaged and often freely adopted by business units and users.” There are also issues raised in the report about employee habits, both at the workplace and at home. The report raises concerns about the nearly universal trend of employees authorizing at least one third-party app in Google Workspace.”

Title: Disrupting Ransomware by Disrupting Bitcoin
Date Published: July 26, 2021


Excerpt: “Effectively, all cryptocurrency exchanges avoid transferring cryptocurrencies between customers. Instead, they simply record entries in a central database. This makes sense because actual “on chain” transactions can be particularly expensive for cryptocurrencies like bitcoin or Ethereum. If all speculators needed to actually receive their bitcoins, it would make clear that its value proposition as a currency simply doesn’t exist, as the already strained system would grind to a halt.”

Title: Defi Protocol Thorchain Loses $8 Million in “Seemingly Whitehat” Attack
Date Published: July 26, 2021


Excerpt: “The unidentified hacker (s) warned the exchange that they have identified multiple critical vulnerabilities and could have caused greater damage like taking away larger amounts of Bitcoins, Binance Coin, Lycancoin, and other cryptocurrencies. THORChain stated that they are concerned about the repeated cyber attacks as it impacts its reputation in the community and affects the project’s reliability. Though the lost funds can be covered by its treasury, the DeFi protocol would want to end this problem.”

Title: New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
Date Published: July 26, 2021


Excerpt: “Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor’s control using the MS-EFSRPC interface and share its authentication information. This is done by connecting to LSARPC, resulting in a scenario where the target server connects to an arbitrary server and performs NTLM authentication. To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing,” Microsoft noted. “PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.””

Title: A Record Year for Cyber-Attacks That Impacted Society
Date Published: July 25, 2021


Excerpt: “2021 is already proving to be a record year for cyber-attacks. It’s not so much that the cyber-attacks are particularly sophisticated, but that these attacks are having societal consequences that no-one anticipated. There is also the rise in geopolitical tensions that is evident through the enablers of these cyber-attacks. The SolarWinds attack in which the attackers obtained access to U.S. governmental networks was attributed to Russian state actors. DarkSide is a Russia based ransomware organization, which took responsibility for the Colonial Pipeline attacks. The Biden administration recently came out with a statement accusing China of the recent Exchange cyber-attacks.”

Title: Did a Quantum Hacker Withdraw $25 Million From a Sleeping Bitcoin Wallet?
Date Published: July 25, 2021


Excerpt: “There is a theory that in five to ten years we will have quantum computers capable of breaking the elliptical curve encryption that underpins modern financial transactions. There is another theory that suggests this has already happened. If a threat actor had access to this technology and was using it in the wild we should expect to see some quantum crimes taking place around us. Perhaps one of the first malicious activities we would notice is when a long-forgotten bitcoin wallet suddenly had its contents withdrawn. If this happened it would be a sure sign that hackers had taken a quantum leap. But this hasn’t happened — has it?”

Title: Microsoft 365 Drops Support for Internet Explorer 11 in August
Date Published: July 25, 2021


Excerpt: Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. After the end of support is reached, those still trying to connect to Microsoft 365 may face degraded user experience or connection failures. “These apps and services will phase out over weeks and months to ensure a smooth end of support, with each app and service phasing out on independent schedules,” the Microsoft 365 team said earlier this week.”

Title: Japanese Computers Hit by a Wiper Malware Ahead of 2021 Tokyo Olympics
Date Published: July 24, 2021


Excerpt: “The malicious code was designed to wipe certain file types (DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE, LOG) in the user’s personal Windows folder. The malware only targets data under the Users folder, likely because it was designed to infect users who do not have administrator privileges. Experts also discovered that the malware targets files created with the Ichitaro Japanese word processor, a circumstance that suggests it was developed to target Japanese users.”

Title: The New Era of Warfare and Where India Stands
Date Published: July 25, 2021


Excerpt: “This is not the first time that attacks on such a massive scale happened “The Russians [carried out] a massive cyberattack on Estonia some years ago,” said Rifkind, referring to the 2007 attack on the Estonian parliament, banking system, and other critical infrastructure. And it would not be the last. The 2016 Russian interference in the US presidential election, and possibly in the Brexit referendum, indicated what is at stake. A full-scale cyberwar would be orders of magnitude more serious than this.”

Title: Avoslocker Enters the Ransomware Scene, Asks for Partners
Date Published: July 23, 2021


Excerpt: “Avos is a relatively new ransomware that was observed in late June and early July. Its authors started searching for affiliates through various underground forums. They announced a recruitment for “pentesters with Active Directory network experience” and “access brokers” which suggests that they want to cooperate with people who have remote access to hacked infrastructure. AvosLocker is run manually by the attacker who remotely accessed the machine. For this reason, it is not trying to be stealthy during its run. In default mode, it works as a console application reporting details about its progress on screen.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...