November 22, 2021

Fortify Security Team
Nov 22, 2021

Title: Wind Turbine Giant Vestas Says Data Was Compromised in Security Incident

Date Published: November 22, 2021

https://www.cyberscoop.com/vestas-cyberattack-it-shutdown-wind-turbine/

Excerpt: “There is no indication that the incident has impacted third party operations, including customer and supply chain operations,” the company’s Monday update states. “Vestas’ manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has already initiated a gradual and controlled reopening of all IT systems.”

Title: Guidance for Retailers To Prevent Websites Becoming Black Friday Cyber Traps

Date Published: November 22, 2021

https://www.zdnet.com/article/hackers-targeted-thousands-of-online-retailers-to-steal-credit-card-details/

Excerpt: “In total, the National Cyber Security Centre (NCSC) has identified a total of 4,151 retailers that had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. One of the key things that online retailers can do to help prevent payments and personal data being stolen is to apply the available security patches that stop cyber criminals from being able to exploit known vulnerabilities in Magento and any other software they use.”

Title: Iran’s Mahan Air Claims It Has Failed a Cyber Attack, Hackers Say the Opposite

Date Published: November 22, 2021

https://securityaffairs.co/wordpress/124880/hacking/mahan-air-cyberattack.html

Excerpt: “Hooshyarane Vatan hacker group claimed responsibility for the attack and added that it was able to access internal documents, emails and reports that linked the airline to the IRGC. The group explained that the company was able to detect the security breach, but did not stop it. The tension is high between Teheran and the Western countries, the latter are blaming Iran for a series of attacks against organizations worldwide.”

Title: SEC Warning as Phishing and Vishing Attacks Mount

Date Published: November 22, 2021

https://www.infosecurity-magazine.com/news/sec-warning-phishing-attacks-mount/

Excerpt: “Con artists have used the names of real SEC employees and email messages that falsely appear to be from the SEC to trick victims into sending the fraudsters money. Impersonation of US government agencies and employees (as well as of legitimate financial services entities) is one common feature of advance fee solicitations and other fraudulent schemes,” it continued. The SEC extended the warning to any form of unsolicited communication, including emails and letters, claiming it will never ask for payments related to enforcement actions, offer to confirm trades, or seek detailed personal and financial information.”

Title: Conti Ransomware Group In-Depth Analysis

Date Published: November 18, 2021

https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf

Excerpt: “Ransomware attacks work by encrypting the victim’s business-critical data, rendering it
inaccessible. After triggering the attack, cybercriminals will offer to sell a decryption key to
the victim. If the victim doesn’t comply, they simply have to accept the catastrophic loss of
their most valuable data. Some ransomware attacks use a two-pronged strategy. Attackers will demand a ransom payment for decrypting data, and threaten to publicly publish sensitive data if the ransom
is not paid by a certain deadline. (”Double Extortion”).”

Title: Why the ‘Basement Hacker’ Stereotype Is Wrong — and Dangerous

Date Published: November 22, 2021

https://www.darkreading.com/attacks-breaches/why-the-basement-hacker-stereotype-is-wrong-and-dangerous

Excerpt: “At its core, the Basement Hacker represents a fundamental and ongoing misunderstanding of the modern cyber adversary. As Sun Tzu wrote in The Art of War, “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.” The Basement Hacker myth gives organizations of all sizes a false sense of superiority over threat actors, whom they perceive as untrained, benign, and weird. Gone unchecked, this sense of superiority can spur complacency among risk managers and executives who determine security budgets, leading to underinvestment in security teams, overreliance on automation, or both.”

Title: Emotet Botnet Comeback Orchestrated by Conti Ransomware Gang

Date Published: November 19, 2021

https://www.bleepingcomputer.com/news/security/emotet-botnet-comeback-orchestrated-by-conti-ransomware-gang/

Excerpt: “The botnet operators provided initial access at an industrial scale, so many malware operations depended on Emotet for their attacks, especially those in the so-called Emotet-TrickBot-Ryuk triad. Ryuk is the predecessor of Conti ransomware. The switch occurred last year when Conti activity started to increase and Ryuk detections dwindled. The operators of both ransomware strains have a long history of attacks hitting organizations in the healthcare and education sector. AdvIntel researchers say that once Emotet disappeared from the scene, top-tier cyber criminal groups, like Conti (loaded by TrickBot and BazarLoader) and DoppelPaymer (loaded by Dridex) were left without a viable option for high-quality initial access.”

Title: Human Error Behind 5 ‘High-profile’ Healthcare Data Breaches

Date Published: November 22, 2021

https://threatcop.medium.com/human-error-behind-5-high-profile-healthcare-data-breaches-5b85bc844b95

Excerpt: “Yes, you read that right. According to a study by IBM, 95% of cyber security breaches are primarily caused by human error. Being unaware of the proper security protocols and cyber security best practices, your employees can inadvertently grant hackers access to your network and systems. Despite having cutting-edge IT security infrastructure, several renowned healthcare organizations have fallen victim to devastating cyber attacks and data breaches due to human error.”

Title: DMARC and the Prevention of World Health Organization Phishing Scams

Date Published: November 22, 2021

https://cybersecurity.att.com/blogs/security-essentials/dmarc-and-the-prevention-of-world-health-organization-phishing-scams

Excerpt: “One tool that may have been useful in the prevention of these phishing attempts and subsequent data breaches is Domain-based Message Authentication, Reporting, & Conformance, or DMARC. While DMARC does not completely prevent phishing attempts, it does provide increased protection by increasing safety protocols and authentication checks, adding author linkage, increasing transparency regarding sender and recipient, and providing the monitoring and protection of a domain from fraudulent email creation1. DMARC can be a powerful tool in preventing phishing sources from using spoof emails that mirror that of the intended target or organization, therefore making it easier to recognize phishing attempts or completely blocking them from arriving at the sender.”

Title: Sudan Was Cut Off From the Internet for 25 Days

Date Published: November 22, 2021

https://blog.cloudflare.com/sudan-internet-back-25-days/

Excerpt: “The country’s longest recorded network disruption was back in 2018, when Sudanese authorities cut off access to social media (and messaging apps like WhatsApp) for 68 consecutive days from December 21, 2018, to February 26, 2019. After that, there was a full mobile Internet shutdown reported from June 3 to July 9, 2019, that lasted 36 days. This time, in 2021, it was 25 days when the Internet access was reduced to just a trickle of traffic getting through.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...