OSN July 26, 2021

Fortify Security Team
Jul 27, 2021

Title: Even After Emotet Takedown, Office Docs Deliver 43% of All Malware Downloads Now
Date Published: July 23, 2021

https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/

Excerpt: “The rapid adoption of enterprise cloud apps has continued into 2021, with data showing adoption is up 22% for the first half of the year. But, the report notes that “97% of cloud apps used in the enterprise are shadowing IT, unmanaged and often freely adopted by business units and users.” There are also issues raised in the report about employee habits, both at the workplace and at home. The report raises concerns about the nearly universal trend of employees authorizing at least one third-party app in Google Workspace.”

Title: Disrupting Ransomware by Disrupting Bitcoin
Date Published: July 26, 2021

https://www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html

Excerpt: “Effectively, all cryptocurrency exchanges avoid transferring cryptocurrencies between customers. Instead, they simply record entries in a central database. This makes sense because actual “on chain” transactions can be particularly expensive for cryptocurrencies like bitcoin or Ethereum. If all speculators needed to actually receive their bitcoins, it would make clear that its value proposition as a currency simply doesn’t exist, as the already strained system would grind to a halt.”

Title: Defi Protocol Thorchain Loses $8 Million in “Seemingly Whitehat” Attack
Date Published: July 26, 2021

https://www.hackread.com/defi-protocol-thorchain-hacked-whitehat-attack/

Excerpt: “The unidentified hacker (s) warned the exchange that they have identified multiple critical vulnerabilities and could have caused greater damage like taking away larger amounts of Bitcoins, Binance Coin, Lycancoin, and other cryptocurrencies. THORChain stated that they are concerned about the repeated cyber attacks as it impacts its reputation in the community and affects the project’s reliability. Though the lost funds can be covered by its treasury, the DeFi protocol would want to end this problem.”

Title: New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
Date Published: July 26, 2021

https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html

Excerpt: “Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor’s control using the MS-EFSRPC interface and share its authentication information. This is done by connecting to LSARPC, resulting in a scenario where the target server connects to an arbitrary server and performs NTLM authentication. To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing,” Microsoft noted. “PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.””

Title: A Record Year for Cyber-Attacks That Impacted Society
Date Published: July 25, 2021

https://medium.com/emergent-phenomena/a-record-year-for-cyber-attacks-that-impacted-society-75a04bb75cdd

Excerpt: “2021 is already proving to be a record year for cyber-attacks. It’s not so much that the cyber-attacks are particularly sophisticated, but that these attacks are having societal consequences that no-one anticipated. There is also the rise in geopolitical tensions that is evident through the enablers of these cyber-attacks. The SolarWinds attack in which the attackers obtained access to U.S. governmental networks was attributed to Russian state actors. DarkSide is a Russia based ransomware organization, which took responsibility for the Colonial Pipeline attacks. The Biden administration recently came out with a statement accusing China of the recent Exchange cyber-attacks.”

Title: Did a Quantum Hacker Withdraw $25 Million From a Sleeping Bitcoin Wallet?
Date Published: July 25, 2021

https://medium.com/geekculture/did-a-quantum-hacker-withdraw-25-million-from-a-sleeping-bitcoin-wallet-73b69be82d8b

Excerpt: “There is a theory that in five to ten years we will have quantum computers capable of breaking the elliptical curve encryption that underpins modern financial transactions. There is another theory that suggests this has already happened. If a threat actor had access to this technology and was using it in the wild we should expect to see some quantum crimes taking place around us. Perhaps one of the first malicious activities we would notice is when a long-forgotten bitcoin wallet suddenly had its contents withdrawn. If this happened it would be a sure sign that hackers had taken a quantum leap. But this hasn’t happened — has it?”

Title: Microsoft 365 Drops Support for Internet Explorer 11 in August
Date Published: July 25, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-drops-support-for-internet-explorer-11-in-august/

Excerpt: Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. After the end of support is reached, those still trying to connect to Microsoft 365 may face degraded user experience or connection failures. “These apps and services will phase out over weeks and months to ensure a smooth end of support, with each app and service phasing out on independent schedules,” the Microsoft 365 team said earlier this week.”

Title: Japanese Computers Hit by a Wiper Malware Ahead of 2021 Tokyo Olympics
Date Published: July 24, 2021

https://securityaffairs.co/wordpress/120513/malware/2021-tokyo-olympics-wiper.html

Excerpt: “The malicious code was designed to wipe certain file types (DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE, LOG) in the user’s personal Windows folder. The malware only targets data under the Users folder, likely because it was designed to infect users who do not have administrator privileges. Experts also discovered that the malware targets files created with the Ichitaro Japanese word processor, a circumstance that suggests it was developed to target Japanese users.”

Title: The New Era of Warfare and Where India Stands
Date Published: July 25, 2021

https://medium.com/@Mr_7i74N/the-new-era-of-warfare-and-where-india-stands-25958dfbb610

Excerpt: “This is not the first time that attacks on such a massive scale happened “The Russians [carried out] a massive cyberattack on Estonia some years ago,” said Rifkind, referring to the 2007 attack on the Estonian parliament, banking system, and other critical infrastructure. And it would not be the last. The 2016 Russian interference in the US presidential election, and possibly in the Brexit referendum, indicated what is at stake. A full-scale cyberwar would be orders of magnitude more serious than this.”

Title: Avoslocker Enters the Ransomware Scene, Asks for Partners
Date Published: July 23, 2021

https://blog.malwarebytes.com/threat-analysis/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners/

Excerpt: “Avos is a relatively new ransomware that was observed in late June and early July. Its authors started searching for affiliates through various underground forums. They announced a recruitment for “pentesters with Active Directory network experience” and “access brokers” which suggests that they want to cooperate with people who have remote access to hacked infrastructure. AvosLocker is run manually by the attacker who remotely accessed the machine. For this reason, it is not trying to be stealthy during its run. In default mode, it works as a console application reporting details about its progress on screen.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...