OSN July 29, 2021

Fortify Security Team
Jul 29, 2021
Title: Reboot of PunkSpider Tool at DEF CON Stirs Debate

Date Published: July 28, 2021


Excerpt: “Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analytics firm QOMPLX. They fear the tool could be hijacked by hackers to exploit vulnerabilities before companies have time to patch them. “QOMPLX cited the rise of ransomware as one of the reasons for a reboot of PunkSpider, which provides “a simple and massively scalable monitoring tool that quickly identifies gaps in collective defenses by highlighting which websites can easily fall prey to attackers”.”

Title: McAfee: Babuk Ransomware Decryptor Causes Encryption ‘Beyond Repair’
Date Published: July 29, 2021


Excerpt: “Even if a victim gave in to the demands and was forced to pay the ransom, they still could not get their files back. We strongly hope that the bad coding also affects Babuk’s relationship with its affiliates. The affiliates are the ones performing the actual compromise and are now faced with a victim that cannot get their data back even if they pay. This essentially changes the crime dynamic from extortion to destruction which, from a criminal’s point of view, is much less profitable.”

Title: FBI Warns of a Grandparent Fraud Scheme Using Couriers
Date Published: July 29, 2021


Excerpt: “Criminal actors target elderly U.S. citizens in a grandparent fraud scheme in which they arrange for couriers to pick up bail money in person at the victim’s residence. Criminals telephonically contact their victims and pose as a grandchild, or another family member, in distress who has been arrested and needs bail money. They may also pose as a representative of the detained relative, such as an attorney or a bail-bondsman. Criminal actors then send couriers to collect the money in person from the victim’s residence. In some instances, ride share drivers are used to pick up the money.”

Title: Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them
Date Published: July 29, 2021


Excerpt: “Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. Today, attackers are adopting new Linux shell script tactics and techniques to disable firewalls, monitoring agents and modifying access control lists (ACLs). Monitoring agents are the software components that regularly monitor the activities going on in the system related to process and network. Various logs are also created by the monitoring agents, which helps as an aid during any incident investigation.”

Title: MeteorExpress Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
Date Published: July 29, 2021


Excerpt: “On July 9th, 2021 reports began to surface of a wiper attack disrupting service for the Iranian railway system. The attack included epic level trolling as reports suggest that train schedule displays cited “long delay[s] because of cyberattack” along with instructions to contact ‘64411’ –the number for the office of Supreme Leader Ali Khamenei. Early reporting did not pick up much steam as it’s not uncommon for Iranian authorities to vaguely point the finger towards cyber attacks only to retract the claims later. But it doesn’t hurt to check.”

Title: ENISA Threat Landscape for Supply Chain Attacks
Date Published: July 29, 2021


Excerpt: “Supply chain attacks are now expected to multiply by 4 in 2021 compared to last year. Such a new trend stresses the need for policymakers and the cybersecurity community to act now. This is why novel protective measures to prevent and respond to potential supply chain attacks in the future while mitigating their impact need to be introduced urgently. Juhan Lepassaar, EU Agency for Cybersecurity Executive Director said: “Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once. With good practices and coordinated actions at EU level, Member States will be able to reach a similar level of capabilities raising the common level of cybersecurity in the EU”.”

Title: Israeli Government Visits NSO Group Amid Spyware Claims
Date Published: July 29, 2021


Excerpt: “The numbers include those for presidents, such as France’s Emmanuel Macron, Iraq’s Barham Salih and South Africa’s Cyril Ramaphosa. There are also three current prime ministers on the list: Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly and Morocco’s Saad-Eddine El Othmani. Seven former prime ministers are on the list and one king, Morocco’s Mohammed VI. NSO Group says the list does not come from the company and is not a targeting list. The company maintains that it complies with Israel’s export regulations, which controls how cyber weapons are sold. The company has said it has about 45 government customers that each target about 100 people per year.”

Title: Cyber Security Threats Targeting the Healthcare Sector
Date Published: July 29, 2021


Excerpt: “The need for secure e-Healthcare systems will only grow in the future with the adoption of more and more IoT concepts into the healthcare sector. However, the responsibility of preventing potential cyberattacks from targeting the healthcare system not only lies within the employees; it lies with each and every stakeholder varying from the higher management to the nurse that takes medical readings from an IoT device. Threats to the security of the e-Healthcare systems could not only result in massive fines and penalties but could also threaten human life.”

Title: Biden Orders CISA and NIST to Develop Cybersecurity Performance Goals for Critical Infrastructure
Date Published: July 28, 2021


Excerpt: “These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services,” the memorandum said. “That effort may also include an examination of whether additional legal authorities would be beneficial to enhancing the cybersecurity of critical infrastructure, which is vital to the American people and the security of our Nation.”

Title: BlackMatter & Haron: Evil Ransomware Newborns or Rebirths
Date Published: July 28, 2021


Excerpt: “Avaddon is yet another prolific ransomware-as-a-service (RaaS) provider that evaporated in June rather than face the legal heat that followed Colonial Pipeline and other big ransomware attacks. At the time, Avaddon released its decryption keys to BleepingComputer – 2,934 in total – with each key belonging to an individual victim. According to law enforcement, the average extortion fee Avaddon demanded was about $40,000, meaning the ransomware operators and their affiliates quit and walked away from millions.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...