September 3, 2021

Fortify Security Team
Sep 3, 2021

Title: FBI Warns of ‘Large Increase’ in Sextortion Attacks, With $8 Million in Reported Losses in 2021
Date Published: September 3, 2021

https://www.cyberscoop.com/fbi-sextortion-scams-losses-2021/

Excerpt: “Hackers and creeps extorted $8 million from Americans over the first seven months of the year by threatening to publish sexual images unless victims paid a fee, according to figures from the Federal Bureau of Investigation. The FBI bulletin published Thursday confirms what many cybercrime researchers may have already feared: Sextortion scams are prevalent, and profitable. More than 16,000 victims reported their issues to the FBI, with nearly half of the complaints coming from people between 20 and 39 years old.”

Title: Over 60,000 Parked Domains Were Vulnerable to AWS Hijacking
Date Published: September 3, 2021

https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/

Excerpt: “An attacker can then take over the vulnerable domain in the sense that they can begin serving their own content at the location where the domain’s dangling DNS entry is pointing to. “If testing.example.com is pointed towards Amazon S3, what will S3 do if that bucket hasn’t been created yet? It will just throw a 404 error—and wait for someone to claim it,” explains Carroll. “If we claim this domain inside S3 before example.com‘s owners do, then we can claim the right to use it with S3 and upload anything we want,” continues the engineer in his writeup. That is exactly what happened when Carroll, along with other researchers, was able to take over more than 800 root domains, as a part of the research.”

Title: Conti Ransomware Now Hacking Exchange Servers With Proxyshell Exploits
Date Published: September 3, 2021

https://www.bleepingcomputer.com/news/security/conti-ransomware-now-hacking-exchange-servers-with-proxyshell-exploits/

Excerpt: “As the threat actors compromised various servers, they would install multiple tools to provide remote access to the devices, such as AnyDesk and Cobalt Strike beacons. After gaining a foothold on the network, the threat actors stole unencrypted data and uploaded it to the MEGA file sharing server. After five days, they began encrypting devices on the network from a server with no antivirus protection using the observed command:start C:\x64.exe -m -net -size 10 -nomutex -p \\[computer Active Directory name]\C$. What made this particular case stand out was the speed and precision the group conducted the attack, where it only took 48 hours from the initial breach to stealing 1 TB of data.”

Title: New Zealand Internet Outage Blamed on Ddos Attack on Nation’s Third Largest Internet Provider
Date Published: September 3, 2021

https://www.infosecurity-magazine.com/news/sacked-employee-deletes-credit/

Excerpt: “Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack. Vocus – the country’s third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre – confirmed the cyberattack originated at one of its customers. According to a network status update, the company said: “This afternoon a Vocus customer was under a DDoS attack. A DDoS mitigation rule was updated to our Arbor DDoS platform to block the attack for the end customer”.”

Title: Critical Facilities and Services Disrupted/Degraded by Foreign Cyber Actors
Date Published: September 3, 2021

https://thescif.org/critical-facilities-and-services-disrupted-degraded-by-foreign-cyber-actors-b9468f461b29

Excerpt: “U.S. private and public cybersecurity teams are detecting an increase in foreign-originated cyber incidents to include SolarWinds, Pulse Secure VPN, Microsoft Exchange server zero-day vulnerabilities, and ransomware infections. All these cyber events are occurring during peacetime and a global pandemic. The COVID-19 pandemic expanded the global digital footprint and introduced vulnerable platforms, while creating labor shortages in key sectors and altering traditional workflows.”

Title: FBI: Spike in Sextortion Attacks Cost Victims $8 Million This Year
Date Published: September 3, 2021

https://www.bleepingcomputer.com/news/security/fbi-spike-in-sextortion-attacks-cost-victims-8-million-this-year/

Excerpt: “Victims over 60 years comprised the third largest reporting age group, while victims under the age of 20 reported the fewest number of complaints,” the IC3 said. Sextortion occurs when criminals threaten potential victims in person or via email, dating sites, and online chats that they will leak sensitive or private videos or photos unless a ransom is not paid. As an email scam, sextortion was first seen in July 2018, when fraudsters started emailing targets claiming that they have them recorded on video while browsing adult sites, also including the victims’ passwords (leaked in data breaches) to increase credibility.”

Title: Brute-Force Attacks Target Inboxes for Gift Card Data
Date Published: September 3, 2021

https://threatpost.com/attacks-inboxes-gift-card/169187/

Excerpt: “Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The actors behind the scam—outlined in a post by Brian Krebs on Krebs on Security—have been “mass-testing millions of usernames and passwords against the world’s major email providers each day” for the past three years, according to the post. “Some of the most successful and lucrative online scams employ a ‘low-and-slow’ approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period,” Krebs noted in the post”.”

Title: Confessions of a Ransomware Negotiator: Well, Somebody’s Got to Talk to the Criminals Holding Data Hostage
Date Published: September 3, 2021

https://www.theregister.com/2021/09/03/how_to_be_a_ransomware/

Excerpt: “Nick Shah got his OBE in 2019. He has dealt with many serious criminals, and has the instinctive blunt circumspection of a 30-year veteran cop about his past work, having worked on more than a thousand kidnap and extortion cases in his career with the National Crime Agency (NCA) and assorted organisations in Africa. He has been a part of investigations tackling criminals and terrorist groups that were intent on causing fear, harm, and in many cases death – somewhat more intimidating than the passive aggressive emails we get from HR. NCA’s director general said of Shah’s work: “Whilst the detail cannot be given here, I can say with confidence that the UK public has been protected as a result. I am delighted that his service is now being formally recognised”.”

Title: FBI Warns of Ransomware Attacks Targeting the Food and Agriculture Sector
Date Published: September 3, 2021

https://securityaffairs.co/wordpress/121794/security/fbi-ransomware-attacks-food-agriculture-sector.html

Excerpt: “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs.” reads the FBI’s PIN. “Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack.”

Title: This New Malware Family Using CLFS Log Files to Avoid Detection
Date Published: September 3, 2021

https://thehackernews.com/2021/09/this-new-malware-family-using-clfs-log.html

Excerpt: “Fashioned as an un-obfuscated 64-bit DLL named “prntvpt.dll,” PRIVATELOG, in contrast, leverages a technique called DLL search order hijacking in order to load the malicious library when it is called by a victim program, in this case, a service called “PrintNotify.” “Similarly to STASHLOG, PRIVATELOG starts by enumerating *.BLF files in the default user’s profile directory and uses the .BLF file with the oldest creation date timestamp,” the researchers noted, before using it to decrypt and store the second-stage payload”.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...