OSN August 10, 2021

Fortify Security Team
Aug 10, 2021

Title: eCh0raix Ransomware Now Targets Both QNAP and Synology NAS Devices
Date Published:  August 10, 2021


Excerpt:  “A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.  This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic.  The ransomware hit QNAP NAS devices in multiple waves, with two large-scale ones were reported in June 2019 and in June 2020. eCh0raix also encrypted devices made by Synology in 2019, with Anomali researchers finding that the attackers brute-forced administrator credentials using default credentials or dictionary attacks.  At the time, the NAS maker warned its customers to secure their data from an ongoing and large-scale ransomware campaign. However, it did not name the ransomware operation responsible for the attacks.”

Title: One Million Stolen Credit Cards Leaked to Promote Carding Market
Date Published:  August 10, 2021


Excerpt:  “A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums.  Carding is the trafficking and use of stolen credit cards. These credit cards are stolen through point-of-sale malware, magecart attacks on websites, and information stealing trojans.  These stolen credit cards are then sold on criminal carding marketplaces where other threat actors purchase them to make online purchases, or more commonly, to buy hard-to-trace prepaid gift cards.”

Title: FlyTrap Malware Hijacks Thousands of Facebook Accounts
Date Published:  August 9, 2021


Excerpt:  “A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies.  FlyTrap campaigns rely on simple social engineering tactics to trick victims into using their Facebook credentials to log into malicious apps that collected data associated with the social media session.  Researchers at mobile security company Zimperium detected the new piece of malware and found that the stolen information was accessible to anyone who discovered FlyTrap’s command and control (C2) server.”

Title: Microsoft Azure Sentinel Uses Fusion ML to Detect Ransomware Attacks
Date Published:  August 10, 2021


Excerpt:  “Microsoft Azure Sentinel cloud-native SIEM is using the Fusion machine learning model to analyze data across enterprise environments and detect the activity associated with potential threats, including ransomware attacks.  When a potential ransomware attack is detected by the Fusion machine learning model, a high severity incident titled “Multiple alerts possibly related to Ransomware activity detected” will be triggered in the Azure Sentinel workspace.  According to Microsoft, Fusion detection model for ransomware allows detecting malicious activities at the defense evasion and execution stages of an attack, allowing security analysts to quickly identify the threat and neutralize it.”

Title: Hackers Netting Average of Nearly $10,000 for Stolen Network Access
Date Published:  August 10, 2021


Excerpt:  “A new report from cybersecurity company Intsights has spotlighted the thriving market on the dark web for network access that nets cybercriminals thousands of dollars.  Paul Prudhomme, cyber threat intelligence advisor at IntSights, examined network access sales on underground Russian and English-language forums before compiling a study on why criminals sell their network access and how criminals transfer their network access to buyers.  More than 37% of all victims in a sample of the data were based in North America while there was an average price of $9,640 and a median price of $3,000.”

Title: ASPI Suggests Government Work with Platforms to Fight Disinformation for Hire
Date Published:  August 10, 2021


Excerpt:  “Political candidates should formally commit to treating campaigning as a mode that’s distinct from engagement with citizens when in government, a report from the Australian Strategic Policy Institute (ASPI) says.  “A healthy online public sphere requires political will,” ASPI’s latest report [PDF], Influence for hire: The Asia-Pacific’s online shadow economy, says.  “Transparency about government funding of public messaging when in office would allow citizens and civil society to engage with trust in the digital public sphere.  “Political representatives should commit to not using networks of inauthentic, fake, or repurposed social media accounts to manipulate political discourse.”  But it isn’t just political, with ASPI recommending for platforms to take on some of the accountability.”

Title: Chinese Espionage Group UNC215 Targeted Israeli Government Networks
Date Published:  August 10, 2021


Excerpt:  “Chinese espionage group UNC215 leveraged remote desktop protocols (RDP) to access an Israeli government network using stolen credentials from trusted third parties, according to research published today.  Mandiant, part of cybersecurity firm FireEye, analyzed data gathered from their telemetry and the information shared by Israeli entities in collaboration with the authorities. The data revealed multiple concurrent operations against Israeli government institutions, IT providers and telecommunications entities beginning in January 2019.  FireEye has published the findings in a blog detailing the post-compromise tradecraft and operational tactics, techniques and procedures (TTPs) of UNC215. The group has targeted private companies, governments and various organizations in the Middle East, Europe, Asia and North America.  Mandiant’s research comes after a joint announcement by governments in North America, Europe, Asia and organizations such as NATO and the EU on July 19 2021. The announcement condemned widespread cyber espionage conducted on behalf of the Chinese government.”

Title: The Looming Threat of Deepfakes
Date Published:  August 9, 2021


Excerpt:  “The increasing sophistication of deepfake technologies and their potentially terrifying future applications were the subject of a recent webinar session by Cato Networks.  One of the presenters, Etay Maor, associate professor of cybersecurity at Boston College and senior director of security strategy at Cato Networks, began by outlining the various ways in which audio and video can be manipulated to spread misinformation.  One of the earliest versions of deepfakes is “faceswap,” in which “pretty simple software” can be used to essentially place someone’s face on another’s in a video. “This can be done today on your phone; this is not super-computer, AI futuristic stuff,” commented Maor.”

Title: 14 Vulnerabilities Found in Widely Used TCP/IP Stack
Date Published:  August 9, 2021


Excerpt:  “Security analysts at Forescout Research and JFrog Security Research have discovered 14 vulnerabilities in NicheStack, a proprietary TCP/IP stack used in a wide range of operational technology (OT) devices from more than 200 manufacturers, including most major industrial automation vendors.  The vulnerabilities — which the researchers have collectively named Infra:Halt — enable remote code execution attacks, denial-of-service attacks, information leaks, DNS cache poisoning, and TCP spoofing. While many of the affected devices are likely to have one or more of the vulnerabilities present in their NicheStack implementation, few are likely to have all of them at the same time.  Forescout Research and JFrog Security Research discovered the vulnerabilities in NicheStack as part of a broader investigation into security weaknesses in widely used TCP/IP stacks that the former has been leading over the past year under an initiative called Project Memoria.”

Title: SMBs Increasingly Vulnerable to Ransomware, Despite the Perception They Are Too Small to Target
Date Published:  August 10, 2021


Excerpt:  “Acronis released a report which gives an in-depth review of the cyberthreat trends the company’s experts are tracking. The report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.  The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.  While that represents a major financial hit to any organization, those amounts would sound the death-knell for most SMBs, which is a major concern for the second half of 2021.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...