February 9, 2022

Fortify Security Team
Feb 9, 2022

Title: Molerats Hackers Deploy New Malware in Highly Evasive Campaign
Date Published: February 9, 2022

https://www.bleepingcomputer.com/news/security/molerats-hackers-deploy-new-malware-in-highly-evasive-campaign/

Excerpt: “The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named ‘NimbleMamba’ in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites. The campaign was discovered by Proofpoint, whose analysts observed three variations of the infection chain, all targeting governments in Middle Eastern countries, foreign policy think tanks, and a state-owned airline. As for the timeline of the recent attacks, the actors first used NimbleMamba in November 2021 and continued the operation until late January 2022.”

Title: Vodafone Portugal Hit by a Massive Cyberattack
Date Published: February 8, 2022

https://securityaffairs.co/wordpress/127799/cyber-crime/vodafone-portugal-massive-cyberattack.html

Excerpt: “Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption of 4G/5G communications and television services. “Vodafone was the target of a network disruption that began on the night of February 7, 2022 due to a deliberate and malicious cyberattack intended to cause damage and disruption. As soon as the first sign of a problem on the network was detected, Vodafone acted immediately to identify and contain the effects and restore services.” reads the announcement published by the company. “This situation is affecting the provision of services based on data networks, namely the 4G/5G network, fixed voice, television, SMS and voice/digital answering services.””

Title: Senate Homeland Leaders Package Trio of Cyber Bills Tied to Incident Reporting, Cloud and Oversight
Date Published: February 8, 2022

https://www.scmagazine.com/analysis/cloud-security/senate-homeland-leaders-package-trio-of-cyber-bills

Excerpt: “Leaders on the Senate Homeland Security Committee reintroduced a combined package of three cyber related bills that missed the cut for last year’s National Defense Authorization Act, saying they intend to push for their passage all at once in a legislative vehicle yet to be determined.Last year, the committee introduced three bills that were viewed as a priority to modernize the government’s cybersecurity operations.”

Title: End of 2021 Witnessed an Explosion of RDP Brute-Force Attacks
Date Published: February 9, 2022

https://www.helpnetsecurity.com/2022/02/09/explosion-rdp-brute-force-attacks/

Excerpt: “RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of 2021 brought a further acceleration, with an increase of 274% (from 55 billion in T2 2021 to 206 billion in T3 2021).”

Title: Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
Date Published: February 9, 2022

https://thehackernews.com/2022/02/russian-apt-hackers-used-covid-19-lures.html

Excerpt: “The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET’s T3 2021 Threat Report shared with The Hacker News, the intrusions paved the way for the deployment of Cobalt Strike Beacon on compromised systems, followed by leveraging the foothold to drop additional malware for gathering information about the hosts and other machines in the same network.”

Title: Google Cuts User Account Compromises in Half With Simple Change
Date Published: February 8, 2022

https://www.darkreading.com/attacks-breaches/google-cuts-account-compromises-in-half-with-simple-change

Excerpt: “More than 150 million Google users have seen their chance of compromise drop by half following the adoption of two-step verification, a process where users logging in to a Google service will be asked to respond to a push notification sent to a second device, the company said today. The result is an early sign that Google’s effort to boost the overall security of its user base and protect accounts from compromise is paying off. Over the past six months or so, Google has turned on the additional security check for 150 million early adopters using its services and another 2 million YouTube creators, who accounts are especially valuable, the post said.”

Title: FBI Warns of Criminals Escalating SIM Swap Attacks to Steal Millions
Date Published: February 9, 2022

https://www.bleepingcomputer.com/news/security/fbi-warns-of-criminals-escalating-sim-swap-attacks-to-steal-millions/

Excerpt: “The Federal Bureau of Investigation (FBI) says criminals have escalated SIM swap attacks to steal millions by hijacking victims’ phone numbers. The number of complaints received from the US public since 2018 and reported losses have increased almost fivefold, according to reports received by the FBI through the Internet Crime Complaint Center (IC3) in 2021. FBI’s warning comes after the US Federal Communications Commission (FCC) announced in October that it started working on rules that would pull the brake on SIM swapping attacks.”

Title: The Pirate Bay Clones Target Millions of Users with Malware and Malicious ad
Date Published: February 9, 2022

https://securityaffairs.co/wordpress/127810/cyber-crime/pirate-bay-clones-malware.html

Excerpt: “Malvertising, also known as malicious advertising, is a type of online advertising used by threat actors to distribute malicious files. It’s also a rapidly growing threat that often includes fraudulent advertising schemes designed to make as much profit as possible from website visitors.According to the report by clean.io, malvertising saw a massive spike of 231% in Q3 2021, especially in terms of malicious landing pages. Worryingly, ads served by malvertisers on websites and mobile apps can make you fall victim to malware with a single misplaced click. Sometimes, you don’t even have to click: merely viewing a malicious ad can result in you losing control of your device and your data.”

Title: U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack
Date Published: February 9, 2022

https://thehackernews.com/2022/02/us-arrests-two-and-seizes-36-million-in.html

Excerpt: “The U.S. Justice Department (DoJ) on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have “stolen funds through a labyrinth of cryptocurrency transactions,” with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the “largest financial seizure ever.” “Bitfinex will work with the DoJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin,” the company said in a statement, adding “We have been cooperating extensively with the DoJ since its investigation began and will continue to do so.”

Title: Fake Windows 11 Upgrade Installers Infect You with RedLine Malware
Date Published: February 9, 2022

https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/

Excerpt: “Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11’s broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation’s success. RedLine stealer is currently the most widely deployed password, browser cookies, credit card, and cryptocurrency wallet info grabber, so its infections can have dire consequences for the victims.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...