January 5, 2022

Fortify Security Team
Jan 5, 2022

Title: ‘Elephant Beetle’ Spends Months in Victim Networks to Divert Transactions

Date Published:  January 5, 2022

https://www.bleepingcomputer.com/news/security/elephant-beetle-spends-months-in-victim-networks-to-divert-transactions/

Excerpt:  “A financially-motivated actor dubbed ‘Elephant Beetle’ is stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts.  The group is very sophisticated and patient, spending months studying the victim’s environment and financial transaction processes, and only then moves to exploit flaws in the operation.  The actors inject fraudulent transactions into the network and steal small amounts over long periods, leading to an overall theft of millions of dollars. If they are spotted, they lay low for a while and return through a different system.”

Title: iOS Malware Can Fake iPhone Shut Downs to Snoop on Camera, Microphone

Date Published:  January 5, 2022

https://www.bleepingcomputer.com/news/security/ios-malware-can-fake-iphone-shut-downs-to-snoop-on-camera-microphone/

Excerpt:  “Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.  Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory.  However, this technique hooks the shutdown and reboot routines to prevent them from ever happening, allowing malware to achieve persistence as the device is never actually turned off.”

Title: Microsoft Code-sign Check Bypassed to Drop Zloader Malware

Date Published:  January 5, 2022

https://www.bleepingcomputer.com/news/security/microsoft-code-sign-check-bypassed-to-drop-zloader-malware/

Excerpt:  “A new Zloader campaign exploits Microsoft’s digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries.  The campaign orchestrated by a threat group known as MalSmoke appears to have started in November 2021, and it’s still going strong, according to Check Point researchers who have spotted it.  Zloader (aka Terdot and DELoader) is a banking malware first spotted back in 2015 that can steal account credentials and various types of sensitive private information from infiltrated systems.”

Title: FTC Warns Legal Action Against Businesses Who Fail to Mitigate Log4J Attacks

Date Published:  January 5, 2022

https://securityaffairs.co/wordpress/126342/laws-and-regulations/ftc-log4j-log4shell-attacks.html

Excerpt:  “The US Federal Trade Commission (FTC) warns legal action against companies who protect their systems against Log4Shell (CVE-2021-44228) attacks.  The move aims at urging organizations in protecting their infrastructure while both nation-state actors and cybercriminals are exploiting Log4J flaws in their campaigns.  “When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. The duty to take reasonable steps to mitigate known software vulnerabilities implicates?laws including, among others, the Federal Trade Commission Act?and the Gramm Leach Bliley Act.?It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.” reads the announcement published by the US FTC.”

Title: Researchers Used Electromagnetic Signals to Classify Malware Infecting IoT Devices

Date Published:  January 5, 2022

https://securityaffairs.co/wordpress/126312/malware/electromagnetic-signals-iot-malware-classification.html

Excerpt:  “A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) devices to detect highly evasive malware.  The team of experts presented their technique at the Annual Computer Security Applications Conference (ACSAC) that took place in December.  The Internet of Things (IoT) devices are privileged targets of threat actors due to the lack of security requirements and the numerous customized firmware and hardware that make it difficult to propose a standardized approach to cyber security.  The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. The technique could allow analysts to determine malware type and identity, even when the malicious code is heavily obfuscated to prevent static or symbolic binary analysis.”

Title: Attackers Abused Cloud Video Platform to Inject an E-skimmer into 100 Real Estate Sites

Date Published:  January 4, 2022

https://securityaffairs.co/wordpress/126305/malware/cloud-video-platform-served-e-skimmer.html

Excerpt:  “Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging to the same parent company.  In e-skimming attacks, attackers inject malicious JavaScript code into e-stores to financial data while visitors are purchasing products. Researchers from Palo Alto Networks documented a supply chain attack in which the attackers abused a cloud video platform to inject an e-skimmer hidden into video.  Every website importing the video from the platform was compromised due to the presence of the e-skimmer.”

Title: Morgan Stanley Agrees to $60 Million Settlement in Data Breach Lawsuit

Date Published:  January 5, 2021

https://www.zdnet.com/article/morgan-stanley-agrees-to-60-million-settlement-in-data-breach-lawsuit/

Excerpt:  “Morgan Stanley has agreed to a settlement figure of $60 million to resolve a data breach lawsuit.  The US bank and financial services giant was subject to a class-action suit following two data exposure incidents involving approximately 15 million current and former clients.  According to the motion (.PDF), legacy equipment was decommissioned in 2016 and 2019 that contained the personally identifiable information (PII) of clients. However, the equipment was not wiped clean of this sensitive information prior to sale and the datasets may have then been exposed, in an unencrypted fashion, and available to view by the purchasing parties.  Court documents suggest the retired equipment included old servers and other data center technology.  In 2017, Morgan Stanley was contacted by one of these vendors who told the company that they had access to client data.”

Title: Cybersecurity Trends for 2022

Date Published:  January 5, 2022

https://www.infosecurity-magazine.com/opinions/cybersecurity-trends-for-2022/

Excerpt:  “With the Omicron variant now sweeping through the population at pace and booster jabs well underway, we are expecting 2022 to cement the hybrid working we put in place this year by continuing to work remotely as well as in the office.  This emphasizes, rather than changes, the focus for cybersecurity in 2022 – but that’s not to say it will be ‘just like last year.’  The similarities are likely to be a continued targeting of the supply chain and ransomware still prevalent, with cyber an enabler for conventional crime. It is likely, however, that operational technology (for example, in the critical national infrastructure) and internet of things (IoT) (the soft underbelly of our ‘convenience software’) will be more of a target as the software they run on is often old and unpatched. We may also see a significant SaaS compromise, either through attacks or accidents, as cloud proliferates and there is a mismatch between provider and consumer security expectations.  There are some critical areas we have begun to make inroads in 2021 that we need to build on in 2022:”

Title: McMenamins Breach Affected 23 Years of Employee Data

Date Published:  January 4, 2022

https://www.darkreading.com/attacks-breaches/mcmenamins-breach-affected-23-years-of-employee-data

Excerpt:  “McMenamins, an Oregon-based operator of restaurants, hotels, movie theaters, concert venues, and other events, has confirmed a December 2021 ransomware attack that compromised employee data going back to Jan. 1, 1998.  Stolen data potentially included names, addresses, phone numbers, email addresses, birthdates, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution amounts, according to a breach disclosure.  “It’s possible that the thieves accessed files containing direct deposit bank account information, as well, but McMenamins does not have a clear indication they did so,” the disclosure states.”

Title: 5 Ways Hackers Steal Passwords (and how to stop them)

Date Published:  January 5, 2022

https://www.welivesecurity.com/2022/01/05/5-ways-hackers-steal-passwords-how-stop-them/

Excerpt:  “The concept of the password has been around for centuries and passwords were introduced into computing way sooner than most of us can remember. One reason for the enduring popularity of passwords is that people know instinctively how they work. But there’s also a problem. Passwords are the Achilles’ heel of the digital lives of many people, especially as we live in an age when the average person has 100 login credentials to remember, with the number only trending upwards in recent years. It’s little wonder many people cut corners and security suffers as a result.  Given that the password is often the only thing standing between a cybercriminal and your personal and financial data, crooks are more than eager to steal or crack these logins. We must put at least the same amount of effort into protecting our online accounts.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...