November 16, 2021

Fortify Security Team
Nov 16, 2021

Title: Emotet Malware Is Back and Rebuilding Its Botnet via Trickbot

 Date Published: November 15, 2021

https://www.bleepingcomputer.com/news/security/emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/

Excerpt: “Emotet expert and Cryptolaemus researcher Joseph Roosen told BleepingComputer that they had not seen any signs of the Emotet botnet performing spamming activity or found any malicious documents dropping the malware. This lack of spamming activity is likely due to the rebuilding of the Emotet infrastructure from scratch and new reply-chain emails being stolen from victims in future spam campaigns. The Emotet research group Cryptolaemus has begun analyzing the new Emotet loader and told BleepingComputer that it includes new changes compared to the previous variants.”

Title: NPM Fixes Private Package Names Leak, Serious Authorization Bug

Date Published: November 16, 2021

https://www.bleepingcomputer.com/news/security/npm-fixes-private-package-names-leak-serious-authorization-bug/

Excerpt: “The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. However, GitHub does warn that despite this, the replicate.npmjs.com service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.” To prevent such an issue from recurring, GitHub has made changes to its process of generating the public replication database which is expected to eliminate the possibility of leaking private package names in the future.”

Title: Tiktok Scammers Tried Hacking 125 Targets That Followed Famous Accounts, Researchers Find

Date Published: November 16, 2021

https://www.cyberscoop.com/tiktok-scam-verification-fyp/

Excerpt: “In addition to individual account holders, the latest campaign targeted talent agencies, brand-consultant firms, social media production studios, influencer management firms, according to Rachelle Chouinard, a threat intelligence analyst at email security firm Abnormal Security, which shared its findings with CyberScoop. Crane Hassold, the director of threat intelligence at Abnormal, declined to share the specific names of the people and accounts targeted, but said the accounts in question had “millions to tens of millions of followers.”

Title: Attackers Use Domain Fronting Technique to Target Myanmar With Cobalt Strike

Date Published: November 16, 2021

https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html

Excerpt: “Domain fronting is a technique used by attackers to circumvent protection based on DNS filtering. In this campaign, a malicious Cobalt Strike beacon is configured to take advantage of a mechanism used by Cloudflare and other content distribution networks to instruct the proxy about the host to be used for serving the content. When the beacon is launched, it will submit a DNS request for a legitimate high-reputation domain hosted behind Cloudflare infrastructure and modify the subsequent HTTPs requests header to instruct the CDN to direct the traffic to an attacker-controlled host.”

Title: New Banking Trojan Sharkbot Makes Waves Across Europe, US

Date Published: November 11, 2021

https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe

Excerpt: “Now dubbed SharkBot, the Android malware has been traced in attacks focused on stealing funds from vulnerable handsets running on the Google Android operating system.  So far, infections have been found in the UK, Italy, and the United States.  It is believed that SharkBot is likely a private botnet and is still in the early stages of development. SharkBot is modular malware that the researchers say belongs to the next generation of mobile malware able to perform attacks based on the Automatic Transfer System (ATS) system.”

Title: New ‘Moses Staff’ Hacker Group Targets Israeli Companies With Destructive Attacks

Date Published: November 15, 2021

https://thehackernews.com/2021/11/new-moses-staff-hacker-group-targets.html
https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/

Excerpt: “A new politically-motivated hacker group named “Moses Staff” has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. “The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim’s networks, with no ransom demand,” Check Point Research said in a report published Monday. “In the language of the attackers, their purpose is to ‘Fight against the resistance and expose the crimes of the Zionists in the occupied territories”.”

Title: Chinese Communist Party Official Expelled for Mining Cryptocurrency

Date Published: November 16, 2021

https://www.theregister.com/2021/11/16/china_cryptomining_expulsion/

Excerpt: “Internet companies will also be required to retain records of how personal data was used, for five years. User consent will be required before personal information such as biometrics, health records, or religious affiliation is put to work. Parental approval will be required to use data of children aged 14 or younger. The requirements offer plenty of restrictions on how data can be used outside China. Government approval will be required before info can be shipped offshore, and individuals will need to be notified when their personal information goes overseas.”

Title: The Troubling Rise of Internet Access Brokers

Date Published: November 15, 2021

https://www.darkreading.com/vulnerabilities-threats/the-troubling-rise-of-internet-access-brokers

Excerpt: “Digital Shadows found that IABs most frequently offered compromised Remote Desktop Protocol (RDP) systems and VPNs as initial access points for their customers. In the third quarter of 2021, the average price that IABs charged for access to a compromised VPN was $1,869 — up from $1,446 previously. For RDP systems, the average price was $1,902. IABs most frequently provided access to networks belonging to organizations in the retail, technology, and industrial goods and services sectors.”

Title: Trend Micro: 90% of IT Decision Makers Believe Organizations Compromise on Cybersecurity in Favor of Other Goals

Date Published: November 15, 2021

https://www.darkreading.com/operations/trend-micro-90-of-it-decision-makers-believe-organizations-compromise-on-cybersecurity-in-favor-of-other-goals

Excerpt: “The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understands cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn’t try hard enough (26%) or doesn’t want (20%) to understand. There’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk.”

Title: MacOS Zero-Day Used in Watering-Hole Attacks

Date Published: November 15, 2021

https://www.darkreading.com/attacks-breaches/mac-os-0-day-used-in-watering-hole-attacks

Excerpt: “Watering-hole attacks are a favored technique of China’s cyber-espionage operations. In 2015, an attack with links to China compromised the website of a well-known aerospace firm in an attempt to infect visitors with a common Trojan horse program. In 2018, an attack linked to the Chinese group Emissary Panda infected one Asian country’s data center in an attempt to “gain access to a wide range of government resources.” In 2020, another malware distribution campaign, which security firm Kaspersky dubbed Holy Water, co-opted legitimate websites to infect members of certain Asian religious and ethnic groups.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...