OSN July 26, 2021

Fortify Security Team
Jul 27, 2021

Title: Even After Emotet Takedown, Office Docs Deliver 43% of All Malware Downloads Now
Date Published: July 23, 2021


Excerpt: “The rapid adoption of enterprise cloud apps has continued into 2021, with data showing adoption is up 22% for the first half of the year. But, the report notes that “97% of cloud apps used in the enterprise are shadowing IT, unmanaged and often freely adopted by business units and users.” There are also issues raised in the report about employee habits, both at the workplace and at home. The report raises concerns about the nearly universal trend of employees authorizing at least one third-party app in Google Workspace.”

Title: Disrupting Ransomware by Disrupting Bitcoin
Date Published: July 26, 2021


Excerpt: “Effectively, all cryptocurrency exchanges avoid transferring cryptocurrencies between customers. Instead, they simply record entries in a central database. This makes sense because actual “on chain” transactions can be particularly expensive for cryptocurrencies like bitcoin or Ethereum. If all speculators needed to actually receive their bitcoins, it would make clear that its value proposition as a currency simply doesn’t exist, as the already strained system would grind to a halt.”

Title: Defi Protocol Thorchain Loses $8 Million in “Seemingly Whitehat” Attack
Date Published: July 26, 2021


Excerpt: “The unidentified hacker (s) warned the exchange that they have identified multiple critical vulnerabilities and could have caused greater damage like taking away larger amounts of Bitcoins, Binance Coin, Lycancoin, and other cryptocurrencies. THORChain stated that they are concerned about the repeated cyber attacks as it impacts its reputation in the community and affects the project’s reliability. Though the lost funds can be covered by its treasury, the DeFi protocol would want to end this problem.”

Title: New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
Date Published: July 26, 2021


Excerpt: “Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor’s control using the MS-EFSRPC interface and share its authentication information. This is done by connecting to LSARPC, resulting in a scenario where the target server connects to an arbitrary server and performs NTLM authentication. To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing,” Microsoft noted. “PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.””

Title: A Record Year for Cyber-Attacks That Impacted Society
Date Published: July 25, 2021


Excerpt: “2021 is already proving to be a record year for cyber-attacks. It’s not so much that the cyber-attacks are particularly sophisticated, but that these attacks are having societal consequences that no-one anticipated. There is also the rise in geopolitical tensions that is evident through the enablers of these cyber-attacks. The SolarWinds attack in which the attackers obtained access to U.S. governmental networks was attributed to Russian state actors. DarkSide is a Russia based ransomware organization, which took responsibility for the Colonial Pipeline attacks. The Biden administration recently came out with a statement accusing China of the recent Exchange cyber-attacks.”

Title: Did a Quantum Hacker Withdraw $25 Million From a Sleeping Bitcoin Wallet?
Date Published: July 25, 2021


Excerpt: “There is a theory that in five to ten years we will have quantum computers capable of breaking the elliptical curve encryption that underpins modern financial transactions. There is another theory that suggests this has already happened. If a threat actor had access to this technology and was using it in the wild we should expect to see some quantum crimes taking place around us. Perhaps one of the first malicious activities we would notice is when a long-forgotten bitcoin wallet suddenly had its contents withdrawn. If this happened it would be a sure sign that hackers had taken a quantum leap. But this hasn’t happened — has it?”

Title: Microsoft 365 Drops Support for Internet Explorer 11 in August
Date Published: July 25, 2021


Excerpt: Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. After the end of support is reached, those still trying to connect to Microsoft 365 may face degraded user experience or connection failures. “These apps and services will phase out over weeks and months to ensure a smooth end of support, with each app and service phasing out on independent schedules,” the Microsoft 365 team said earlier this week.”

Title: Japanese Computers Hit by a Wiper Malware Ahead of 2021 Tokyo Olympics
Date Published: July 24, 2021


Excerpt: “The malicious code was designed to wipe certain file types (DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE, LOG) in the user’s personal Windows folder. The malware only targets data under the Users folder, likely because it was designed to infect users who do not have administrator privileges. Experts also discovered that the malware targets files created with the Ichitaro Japanese word processor, a circumstance that suggests it was developed to target Japanese users.”

Title: The New Era of Warfare and Where India Stands
Date Published: July 25, 2021


Excerpt: “This is not the first time that attacks on such a massive scale happened “The Russians [carried out] a massive cyberattack on Estonia some years ago,” said Rifkind, referring to the 2007 attack on the Estonian parliament, banking system, and other critical infrastructure. And it would not be the last. The 2016 Russian interference in the US presidential election, and possibly in the Brexit referendum, indicated what is at stake. A full-scale cyberwar would be orders of magnitude more serious than this.”

Title: Avoslocker Enters the Ransomware Scene, Asks for Partners
Date Published: July 23, 2021


Excerpt: “Avos is a relatively new ransomware that was observed in late June and early July. Its authors started searching for affiliates through various underground forums. They announced a recruitment for “pentesters with Active Directory network experience” and “access brokers” which suggests that they want to cooperate with people who have remote access to hacked infrastructure. AvosLocker is run manually by the attacker who remotely accessed the machine. For this reason, it is not trying to be stealthy during its run. In default mode, it works as a console application reporting details about its progress on screen.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...