January 28, 2022

Fortify Security Team
Jan 28, 2022

Title: Conti, DeadBolt Target Delta, QNAP
Date Published: January 28, 2022


Excerpt: “Delta officials said in their statement that the company reacted quickly to the attack, which has had “no significant impact on operations.” Delta is working with Trend Micro and Microsoft as well as the appropriate authorities to investigate the attack and restore the systems affected, according to reports. However, the Taiwanese news outlet CTWANT painted a far more dire picture, claiming that attackers – identified as the Conti Group – encrypted more than 1,500 servers and more than 12,000 of the company’s 65,000 computers and demanded a ransom of $15 million to decrypt the data.”

Title: Microsoft Azure Customer Hit by Largest Ever 3.47 TBPS DDoS Attack
Date Published: January 28, 2022


Excerpt: “The DDoS attack lasted approximately 15 minutes and included a botnet of more than 10,000 compromised IoT (Internet of Things) devices from countries across the globe. These included Iran, India, China, Russia, Taiwan, Vietnam, Thailand, Indonesia, South Korea, and the United States. Although it is unclear who was behind the attack, Microsoft’s report titled “Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends” dug deeper into the attack. According to the company, the attack was mitigated however the attacker employed different methods to boost the DDoS attack.”

Title: Phishing Simulation Study Shows Why These Attacks Remain Pervasive
Date Published: January 27, 2022


Excerpt: “In one organization, 26% of DevOps team members and 24% of IT team members clicked on the test phishing payload, compared with 25% for the organization overall, while 30% from DevOps and 21% from IT clicked on the phishing payload in the second organization, compared with 11% overall. The results likely show the difference between those workers who have been trained in IT security and those who have a suspicious nature that complements a position in IT security. “Phishing gets lumped into the category of information-security problems — and it is — but it is also just a vessel for a scam,” Connor says. “It is just the same as having something snatched from you when you are looking elsewhere. And there is a mentality to defend against that”.”

Title: 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
Date Published: January 27, 2022


Excerpt: “Users with the malicious application, straightforwardly called “2FA Authenticator,” are advised by researchers at Pradeo to delete it from their device immediately since they still remain at risk — both from banking-login theft and other attacks made possible by the app’s extensive over permissions. The threat actors developed an operational and convincing application to disguise the malware dropper, using open-source Aegis authentication code injected with malicious add-ons. That helped it spread via Google Play undetected, according to a Pradeo report released on Thursday.”

Title: Lazarus Hackers Use Windows Update to Deploy Malware
Date Published: January 27, 2022


Excerpt: “In the next stage, the LNK file is used to launch the WSUS / Windows Update client (wuauclt.exe) to execute a command that loads the attackers’ malicious DLL. “This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client to bypass security detection mechanisms,” Malwarebytes said. The researchers linked these attacks to Lazarus based on several pieces of evidence, including infrastructure overlaps, document metadata, and targeting similar to previous campaigns.”

Title: Microsoft Warns of Multi-Stage Phishing Campaign Leveraging Azure Ad
Date Published: January 27, 2022


Excerpt: “Microsoft’s telemetry data indicates that the first phase of the attacks focused mainly on firms located in Australia, Singapore, Indonesia, and Thailand. The actors attempted to compromise remote working employees, poorly protected managed service points, and other infrastructure that may operate outside strict security policies. Microsoft’s analysts were able to spot the threat by detecting anomalous creation of inbox rules, which actors added immediately after gaining control of an inbox to keep out IT notification messages that could trigger suspicions.”

Title: BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices
Date Published: January 27, 2022


Excerpt: “Researchers also found additional hacking tools, from several sources, collected in the same repository. Alien Labs called the malware source code “simple yet efficient,” able to carry out malware attacks with a grand total of a mere 2,891 lines of code (including empty lines and comments). In its November writeup, Alien Labs noted that BotenaGo, written in Google’s open-source Golang programming language, could exploit 33 vulnerabilities for initial access.”

Title: Conti Ransomware Hits Apple, Tesla Supplier
Date Published: January 27, 2022


Excerpt: “The Conti ransomware gang has been linked to an attack on Delta Electronics, a Taiwanese electronics manufacturing company and a major supplier of power components to companies like Apple and Tesla. The attack took place last Friday, on January 21, according to a statement shared by the company with stock market authorities. The company said the attack was detected right away, and its security team intervened to contain infected systems and begin recovery operations.”

Title: There’s Been a Big Rise in Phishing Attacks Using Microsoft Excel Xll Add-Ins
Date Published: January 27, 2022


Excerpt: “Detailed by researchers at HP Wolf Security, the campaigns use malicious Microsoft Excel add-in (XLL) files to infect systems and there was an almost six-fold (588%) increase in attacks using this technique during the final quarter of 2021 compared to the previous three months. XLL add-in files are popular because they enable users to deploy a wide variety of extra tools and functions in Microsoft Excel. But like macros, they’re a tool that can be exploited by cyber criminals.”

Title: Lockbit Ransomware Gang Claims to Have Hacked Ministry of Justice of France
Date Published: January 27, 2022


Excerpt: “The Ministry of Justice of France is a body of the French government, which is responsible for: supervision of the judiciary, its maintenance and administration; participation as Vice President of the Judicial Council; supervision of the prosecutor’s office; prison systems. A few hours ago Lockbit ransomware operators announced that they had stolen data from the Ministry of Justice of France and threatened to leak it. The countdown on the Tor leak site of the gang reveals that the gang gave 14 days to the French government to pay the ransom. The deadline for the payment has been fixed on 10 Feb, 2022 11:20:00.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...