November 22, 2021

Fortify Security Team
Nov 22, 2021

Title: Wind Turbine Giant Vestas Says Data Was Compromised in Security Incident

Date Published: November 22, 2021

https://www.cyberscoop.com/vestas-cyberattack-it-shutdown-wind-turbine/

Excerpt: “There is no indication that the incident has impacted third party operations, including customer and supply chain operations,” the company’s Monday update states. “Vestas’ manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has already initiated a gradual and controlled reopening of all IT systems.”

Title: Guidance for Retailers To Prevent Websites Becoming Black Friday Cyber Traps

Date Published: November 22, 2021

https://www.zdnet.com/article/hackers-targeted-thousands-of-online-retailers-to-steal-credit-card-details/

Excerpt: “In total, the National Cyber Security Centre (NCSC) has identified a total of 4,151 retailers that had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. One of the key things that online retailers can do to help prevent payments and personal data being stolen is to apply the available security patches that stop cyber criminals from being able to exploit known vulnerabilities in Magento and any other software they use.”

Title: Iran’s Mahan Air Claims It Has Failed a Cyber Attack, Hackers Say the Opposite

Date Published: November 22, 2021

https://securityaffairs.co/wordpress/124880/hacking/mahan-air-cyberattack.html

Excerpt: “Hooshyarane Vatan hacker group claimed responsibility for the attack and added that it was able to access internal documents, emails and reports that linked the airline to the IRGC. The group explained that the company was able to detect the security breach, but did not stop it. The tension is high between Teheran and the Western countries, the latter are blaming Iran for a series of attacks against organizations worldwide.”

Title: SEC Warning as Phishing and Vishing Attacks Mount

Date Published: November 22, 2021

https://www.infosecurity-magazine.com/news/sec-warning-phishing-attacks-mount/

Excerpt: “Con artists have used the names of real SEC employees and email messages that falsely appear to be from the SEC to trick victims into sending the fraudsters money. Impersonation of US government agencies and employees (as well as of legitimate financial services entities) is one common feature of advance fee solicitations and other fraudulent schemes,” it continued. The SEC extended the warning to any form of unsolicited communication, including emails and letters, claiming it will never ask for payments related to enforcement actions, offer to confirm trades, or seek detailed personal and financial information.”

Title: Conti Ransomware Group In-Depth Analysis

Date Published: November 18, 2021

https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf

Excerpt: “Ransomware attacks work by encrypting the victim’s business-critical data, rendering it
inaccessible. After triggering the attack, cybercriminals will offer to sell a decryption key to
the victim. If the victim doesn’t comply, they simply have to accept the catastrophic loss of
their most valuable data. Some ransomware attacks use a two-pronged strategy. Attackers will demand a ransom payment for decrypting data, and threaten to publicly publish sensitive data if the ransom
is not paid by a certain deadline. (”Double Extortion”).”

Title: Why the ‘Basement Hacker’ Stereotype Is Wrong — and Dangerous

Date Published: November 22, 2021

https://www.darkreading.com/attacks-breaches/why-the-basement-hacker-stereotype-is-wrong-and-dangerous

Excerpt: “At its core, the Basement Hacker represents a fundamental and ongoing misunderstanding of the modern cyber adversary. As Sun Tzu wrote in The Art of War, “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.” The Basement Hacker myth gives organizations of all sizes a false sense of superiority over threat actors, whom they perceive as untrained, benign, and weird. Gone unchecked, this sense of superiority can spur complacency among risk managers and executives who determine security budgets, leading to underinvestment in security teams, overreliance on automation, or both.”

Title: Emotet Botnet Comeback Orchestrated by Conti Ransomware Gang

Date Published: November 19, 2021

https://www.bleepingcomputer.com/news/security/emotet-botnet-comeback-orchestrated-by-conti-ransomware-gang/

Excerpt: “The botnet operators provided initial access at an industrial scale, so many malware operations depended on Emotet for their attacks, especially those in the so-called Emotet-TrickBot-Ryuk triad. Ryuk is the predecessor of Conti ransomware. The switch occurred last year when Conti activity started to increase and Ryuk detections dwindled. The operators of both ransomware strains have a long history of attacks hitting organizations in the healthcare and education sector. AdvIntel researchers say that once Emotet disappeared from the scene, top-tier cyber criminal groups, like Conti (loaded by TrickBot and BazarLoader) and DoppelPaymer (loaded by Dridex) were left without a viable option for high-quality initial access.”

Title: Human Error Behind 5 ‘High-profile’ Healthcare Data Breaches

Date Published: November 22, 2021

https://threatcop.medium.com/human-error-behind-5-high-profile-healthcare-data-breaches-5b85bc844b95

Excerpt: “Yes, you read that right. According to a study by IBM, 95% of cyber security breaches are primarily caused by human error. Being unaware of the proper security protocols and cyber security best practices, your employees can inadvertently grant hackers access to your network and systems. Despite having cutting-edge IT security infrastructure, several renowned healthcare organizations have fallen victim to devastating cyber attacks and data breaches due to human error.”

Title: DMARC and the Prevention of World Health Organization Phishing Scams

Date Published: November 22, 2021

https://cybersecurity.att.com/blogs/security-essentials/dmarc-and-the-prevention-of-world-health-organization-phishing-scams

Excerpt: “One tool that may have been useful in the prevention of these phishing attempts and subsequent data breaches is Domain-based Message Authentication, Reporting, & Conformance, or DMARC. While DMARC does not completely prevent phishing attempts, it does provide increased protection by increasing safety protocols and authentication checks, adding author linkage, increasing transparency regarding sender and recipient, and providing the monitoring and protection of a domain from fraudulent email creation1. DMARC can be a powerful tool in preventing phishing sources from using spoof emails that mirror that of the intended target or organization, therefore making it easier to recognize phishing attempts or completely blocking them from arriving at the sender.”

Title: Sudan Was Cut Off From the Internet for 25 Days

Date Published: November 22, 2021

https://blog.cloudflare.com/sudan-internet-back-25-days/

Excerpt: “The country’s longest recorded network disruption was back in 2018, when Sudanese authorities cut off access to social media (and messaging apps like WhatsApp) for 68 consecutive days from December 21, 2018, to February 26, 2019. After that, there was a full mobile Internet shutdown reported from June 3 to July 9, 2019, that lasted 36 days. This time, in 2021, it was 25 days when the Internet access was reduced to just a trickle of traffic getting through.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...