January 28, 2022

Fortify Security Team
Jan 28, 2022

Title: Conti, DeadBolt Target Delta, QNAP
Date Published: January 28, 2022

https://threatpost.com/conti-deadbolt-delta-qnap-ransomware/178083/

Excerpt: “Delta officials said in their statement that the company reacted quickly to the attack, which has had “no significant impact on operations.” Delta is working with Trend Micro and Microsoft as well as the appropriate authorities to investigate the attack and restore the systems affected, according to reports. However, the Taiwanese news outlet CTWANT painted a far more dire picture, claiming that attackers – identified as the Conti Group – encrypted more than 1,500 servers and more than 12,000 of the company’s 65,000 computers and demanded a ransom of $15 million to decrypt the data.”

Title: Microsoft Azure Customer Hit by Largest Ever 3.47 TBPS DDoS Attack
Date Published: January 28, 2022

https://www.hackread.com/microsoft-azure-customer-largest-tbps-ddos-attack/

Excerpt: “The DDoS attack lasted approximately 15 minutes and included a botnet of more than 10,000 compromised IoT (Internet of Things) devices from countries across the globe. These included Iran, India, China, Russia, Taiwan, Vietnam, Thailand, Indonesia, South Korea, and the United States. Although it is unclear who was behind the attack, Microsoft’s report titled “Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends” dug deeper into the attack. According to the company, the attack was mitigated however the attacker employed different methods to boost the DDoS attack.”

Title: Phishing Simulation Study Shows Why These Attacks Remain Pervasive
Date Published: January 27, 2022

https://www.darkreading.com/threat-intelligence/simulation-shows-why-phishing-attacks-continue-to-dominate

Excerpt: “In one organization, 26% of DevOps team members and 24% of IT team members clicked on the test phishing payload, compared with 25% for the organization overall, while 30% from DevOps and 21% from IT clicked on the phishing payload in the second organization, compared with 11% overall. The results likely show the difference between those workers who have been trained in IT security and those who have a suspicious nature that complements a position in IT security. “Phishing gets lumped into the category of information-security problems — and it is — but it is also just a vessel for a scam,” Connor says. “It is just the same as having something snatched from you when you are looking elsewhere. And there is a mentality to defend against that”.”

Title: 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
Date Published: January 27, 2022

https://threatpost.com/2fa-app-banking-trojan-google-play/178077/

Excerpt: “Users with the malicious application, straightforwardly called “2FA Authenticator,” are advised by researchers at Pradeo to delete it from their device immediately since they still remain at risk — both from banking-login theft and other attacks made possible by the app’s extensive over permissions. The threat actors developed an operational and convincing application to disguise the malware dropper, using open-source Aegis authentication code injected with malicious add-ons. That helped it spread via Google Play undetected, according to a Pradeo report released on Thursday.”

Title: Lazarus Hackers Use Windows Update to Deploy Malware
Date Published: January 27, 2022

https://www.bleepingcomputer.com/news/security/lazarus-hackers-use-windows-update-to-deploy-malware/

Excerpt: “In the next stage, the LNK file is used to launch the WSUS / Windows Update client (wuauclt.exe) to execute a command that loads the attackers’ malicious DLL. “This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client to bypass security detection mechanisms,” Malwarebytes said. The researchers linked these attacks to Lazarus based on several pieces of evidence, including infrastructure overlaps, document metadata, and targeting similar to previous campaigns.”

Title: Microsoft Warns of Multi-Stage Phishing Campaign Leveraging Azure Ad
Date Published: January 27, 2022

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-multi-stage-phishing-campaign-leveraging-azure-ad/

Excerpt: “Microsoft’s telemetry data indicates that the first phase of the attacks focused mainly on firms located in Australia, Singapore, Indonesia, and Thailand. The actors attempted to compromise remote working employees, poorly protected managed service points, and other infrastructure that may operate outside strict security policies. Microsoft’s analysts were able to spot the threat by detecting anomalous creation of inbox rules, which actors added immediately after gaining control of an inbox to keep out IT notification messages that could trigger suspicions.”

Title: BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices
Date Published: January 27, 2022

https://threatpost.com/botenago-botnet-code-leaked-to-github/178059/

Excerpt: “Researchers also found additional hacking tools, from several sources, collected in the same repository. Alien Labs called the malware source code “simple yet efficient,” able to carry out malware attacks with a grand total of a mere 2,891 lines of code (including empty lines and comments). In its November writeup, Alien Labs noted that BotenaGo, written in Google’s open-source Golang programming language, could exploit 33 vulnerabilities for initial access.”

Title: Conti Ransomware Hits Apple, Tesla Supplier
Date Published: January 27, 2022

https://therecord.media/conti-ransomware-hits-apple-tesla-supplier/

Excerpt: “The Conti ransomware gang has been linked to an attack on Delta Electronics, a Taiwanese electronics manufacturing company and a major supplier of power components to companies like Apple and Tesla. The attack took place last Friday, on January 21, according to a statement shared by the company with stock market authorities. The company said the attack was detected right away, and its security team intervened to contain infected systems and begin recovery operations.”

Title: There’s Been a Big Rise in Phishing Attacks Using Microsoft Excel Xll Add-Ins
Date Published: January 27, 2022

https://www.zdnet.com/article/theres-been-a-big-rise-in-phishing-attacks-using-microsoft-excel-xll-add-ins/

Excerpt: “Detailed by researchers at HP Wolf Security, the campaigns use malicious Microsoft Excel add-in (XLL) files to infect systems and there was an almost six-fold (588%) increase in attacks using this technique during the final quarter of 2021 compared to the previous three months. XLL add-in files are popular because they enable users to deploy a wide variety of extra tools and functions in Microsoft Excel. But like macros, they’re a tool that can be exploited by cyber criminals.”

Title: Lockbit Ransomware Gang Claims to Have Hacked Ministry of Justice of France
Date Published: January 27, 2022

https://securityaffairs.co/wordpress/127267/cyber-crime/ministry-of-justice-of-france-lockbit.html

Excerpt: “The Ministry of Justice of France is a body of the French government, which is responsible for: supervision of the judiciary, its maintenance and administration; participation as Vice President of the Judicial Council; supervision of the prosecutor’s office; prison systems. A few hours ago Lockbit ransomware operators announced that they had stolen data from the Ministry of Justice of France and threatened to leak it. The countdown on the Tor leak site of the gang reveals that the gang gave 14 days to the French government to pay the ransom. The deadline for the payment has been fixed on 10 Feb, 2022 11:20:00.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...