OSN July 29, 2021

Fortify Security Team
Jul 29, 2021
Title: Reboot of PunkSpider Tool at DEF CON Stirs Debate

Date Published: July 28, 2021


Excerpt: “Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analytics firm QOMPLX. They fear the tool could be hijacked by hackers to exploit vulnerabilities before companies have time to patch them. “QOMPLX cited the rise of ransomware as one of the reasons for a reboot of PunkSpider, which provides “a simple and massively scalable monitoring tool that quickly identifies gaps in collective defenses by highlighting which websites can easily fall prey to attackers”.”

Title: McAfee: Babuk Ransomware Decryptor Causes Encryption ‘Beyond Repair’
Date Published: July 29, 2021


Excerpt: “Even if a victim gave in to the demands and was forced to pay the ransom, they still could not get their files back. We strongly hope that the bad coding also affects Babuk’s relationship with its affiliates. The affiliates are the ones performing the actual compromise and are now faced with a victim that cannot get their data back even if they pay. This essentially changes the crime dynamic from extortion to destruction which, from a criminal’s point of view, is much less profitable.”

Title: FBI Warns of a Grandparent Fraud Scheme Using Couriers
Date Published: July 29, 2021


Excerpt: “Criminal actors target elderly U.S. citizens in a grandparent fraud scheme in which they arrange for couriers to pick up bail money in person at the victim’s residence. Criminals telephonically contact their victims and pose as a grandchild, or another family member, in distress who has been arrested and needs bail money. They may also pose as a representative of the detained relative, such as an attorney or a bail-bondsman. Criminal actors then send couriers to collect the money in person from the victim’s residence. In some instances, ride share drivers are used to pick up the money.”

Title: Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them
Date Published: July 29, 2021


Excerpt: “Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. Today, attackers are adopting new Linux shell script tactics and techniques to disable firewalls, monitoring agents and modifying access control lists (ACLs). Monitoring agents are the software components that regularly monitor the activities going on in the system related to process and network. Various logs are also created by the monitoring agents, which helps as an aid during any incident investigation.”

Title: MeteorExpress Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
Date Published: July 29, 2021


Excerpt: “On July 9th, 2021 reports began to surface of a wiper attack disrupting service for the Iranian railway system. The attack included epic level trolling as reports suggest that train schedule displays cited “long delay[s] because of cyberattack” along with instructions to contact ‘64411’ –the number for the office of Supreme Leader Ali Khamenei. Early reporting did not pick up much steam as it’s not uncommon for Iranian authorities to vaguely point the finger towards cyber attacks only to retract the claims later. But it doesn’t hurt to check.”

Title: ENISA Threat Landscape for Supply Chain Attacks
Date Published: July 29, 2021


Excerpt: “Supply chain attacks are now expected to multiply by 4 in 2021 compared to last year. Such a new trend stresses the need for policymakers and the cybersecurity community to act now. This is why novel protective measures to prevent and respond to potential supply chain attacks in the future while mitigating their impact need to be introduced urgently. Juhan Lepassaar, EU Agency for Cybersecurity Executive Director said: “Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once. With good practices and coordinated actions at EU level, Member States will be able to reach a similar level of capabilities raising the common level of cybersecurity in the EU”.”

Title: Israeli Government Visits NSO Group Amid Spyware Claims
Date Published: July 29, 2021


Excerpt: “The numbers include those for presidents, such as France’s Emmanuel Macron, Iraq’s Barham Salih and South Africa’s Cyril Ramaphosa. There are also three current prime ministers on the list: Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly and Morocco’s Saad-Eddine El Othmani. Seven former prime ministers are on the list and one king, Morocco’s Mohammed VI. NSO Group says the list does not come from the company and is not a targeting list. The company maintains that it complies with Israel’s export regulations, which controls how cyber weapons are sold. The company has said it has about 45 government customers that each target about 100 people per year.”

Title: Cyber Security Threats Targeting the Healthcare Sector
Date Published: July 29, 2021


Excerpt: “The need for secure e-Healthcare systems will only grow in the future with the adoption of more and more IoT concepts into the healthcare sector. However, the responsibility of preventing potential cyberattacks from targeting the healthcare system not only lies within the employees; it lies with each and every stakeholder varying from the higher management to the nurse that takes medical readings from an IoT device. Threats to the security of the e-Healthcare systems could not only result in massive fines and penalties but could also threaten human life.”

Title: Biden Orders CISA and NIST to Develop Cybersecurity Performance Goals for Critical Infrastructure
Date Published: July 28, 2021


Excerpt: “These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services,” the memorandum said. “That effort may also include an examination of whether additional legal authorities would be beneficial to enhancing the cybersecurity of critical infrastructure, which is vital to the American people and the security of our Nation.”

Title: BlackMatter & Haron: Evil Ransomware Newborns or Rebirths
Date Published: July 28, 2021


Excerpt: “Avaddon is yet another prolific ransomware-as-a-service (RaaS) provider that evaporated in June rather than face the legal heat that followed Colonial Pipeline and other big ransomware attacks. At the time, Avaddon released its decryption keys to BleepingComputer – 2,934 in total – with each key belonging to an individual victim. According to law enforcement, the average extortion fee Avaddon demanded was about $40,000, meaning the ransomware operators and their affiliates quit and walked away from millions.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...