February 15, 2022

Fortify Security Team
Feb 15, 2022

Title: BlackCat (ALPHV) Claims Swissport Ransomware Attack, Leaks Data
Date Published: February 15, 2022


Excerpt: “The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on Swissport that caused flight delays and service disruptions. The €3 billion revenue firm, Swissport, has a presence across 310 airports in 50 countries and provides cargo handling, maintenance, cleaning, and lounge hospitality services. BlackCat has now been seen by BleepingComputer to leak a minuscule set of terabytes of data supposedly obtained from the recent ransomware attack.”

Title: SSU: Russia-Linked Actors are Targeting Ukraine with ‘Massive Wave of Hybrid Warfare’
Date Published: February 14, 2022


Excerpt: “The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious actors. Threat actors aim at destabilizing the social contest in the country and instilling fear and untrust in the country’s government. “Ukraine is facing attempts to systemically sow panic, spread fake information and distort the real state of affairs. All this combined is nothing more than another massive wave of hybrid warfare,” states the SSU. “The SSU is seeing such manifestations of hybrid warfare in social networks, some mass media, in the spread of narratives of the aggressor state by certain politicians, etc. The SSU is not just observing these, but also actively counteracting to them.””

Title: ‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware
Date Published: February 14, 2022


Excerpt: “The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to deliver malware to anybody who downloaded them.”

Title: Soaring Losses Accelerate Investments in Anti-Fraud Tech
Date Published: February 15, 2022


Excerpt: “The pandemic has opened a Pandora’s box of global fraud. Faced with a seemingly endless onslaught of schemes and scams, anti-fraud pros have doubled down on analytics, finds the latest anti-fraud technology study by the Association of Certified Fraud Examiners (ACFE) and SAS. Based on survey responses from nearly 900 ACFE members worldwide, the report illuminates how organizations across sectors are using technology to fight fraud.”

Title: CISA Warns Orgs to Prep for Potential Russian Cyberattacks
Date Published: February 14, 2022


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency has issued a “Shields Up” alert to U.S. organizations to protect against potential retaliatory cyberattacks at the hands of the Russians – especially if the Biden administration intervenes in the country’s conflict with Ukraine, where Russia has massed some 100,000 troops.”

Title: New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin
Date Published: February 15, 2022


Excerpt: “A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems.”

Title: South Shore Hospital Network Hack Impacts Data of 116K Patients
Date Published: February 14, 2022


Excerpt: “South Shore Hospital in Chicago recently notified 115,670 current and former patients and employees that their data was affected after a hack of the non profit’s network in early December. On Dec. 10, 2021, SSH discovered suspicious activity on its network and “activated its emergency operating protocols to continue providing safe patient- and family-centered care.” While the incident sounds like a ransomware attack, the notice provides no further details into the hack.”

Title: Hackers Use Simple Methods to Target Orgs in the Aviation Sector
Date Published: February 15, 2022


Excerpt: “For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries. The threat actor has been active since at least 2017, targeting entities in the aviation, aerospace, transportation, manufacturing, and defense industries. Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in analysis of separate campaigns.”

Title: Google Fixes A Chrome Zero-Day Flaw Actively Exploited in Attacks
Date Published: February 15, 2022


Excerpt: “Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. This is the first Chome zero-day fixed this year by Google. The zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.”

Title: Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA
Date Published: February 15, 2022


Excerpt: “Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country’s civilian and military intelligence agencies. “ShadowPad is decrypted in memory using a custom decryption algorithm,” researchers from Secureworks said in a report shared with The Hacker News. “ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality.” ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...