March 2, 2022

Fortify Security Team
Mar 2, 2022

Title: TeaBot Malware Slips Back into Google Play Store to Target US Users
Date Published: March 1, 2022

Excerpt: “The TeaBot banking trojan was spotted once again in Google Play Store where it posed as a QR code app and spread to more than 10,000 devices. This is a trick that its distributors used before, in January, and even though Google ousted these entries, it appears that the malware can still find a way into the official Android app repository.”

Title: IsaacWiper, the Third Wiper Spotted Since the Beginning of the Russian Invasion
Date Published: March 1, 2022

Excerpt: “ESET researchers uncovered a new data wiper, tracked as IsaacWiper, that was used against an unnamed Ukrainian government network after Russia’s invasion of Ukraine. The wiper was first spotted on February 24 within an organization that was not infected with the HermeticWiper malware (aka KillDisk.NCV), which infected hundreds of machines in the country on February 23. According to cybersecurity firms ESET and Broadcom’s Symantec discovered, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.”

Title: Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Date Published: March 1, 2022

Excerpt: “The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. The Symantec Threat Hunter team noticed the advanced persistent threat (APT) weapon in action in November, noting that it’s “the most advanced piece of malware Symantec researchers have seen from China-linked actors…exhibiting technical complexity previously unseen by such actors.””

Title: Security Leaders Want Legal Action for Failing to Patch for Log4j
Date Published: March 2, 2022

Excerpt: “The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world. 61% of organizations responding to the latest Neustar International Security Council (NISC) survey, conducted in January 2022, said they had fielded attacks targeting this vulnerability. An even greater share (75%) reported having been impacted by Log4j, with one in five (21%) stating that impact had been significant.”

Title: US Officials Tracking Russian Cyberattack Escalation Risk
Date Published: March 1, 2022

Excerpt: “Amid what is now a prolonged struggle in Ukraine, cybersecurity officials in the U.S. and European Union have expressed some surprise over Russia’s lack of pervasive cyber strikes to date. But they warn that these actions could follow as its economy reels from sanctions.”

Title: Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks
Date Published: March 2, 2022

Excerpt: “Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. “The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack,” Akamai researchers said in a report published Tuesday.”

Title: Russian-based Phishing Attacks Increased Eight-fold Since Feb. 27
Date Published: March 1, 2022

Excerpt: “Email cybersecurity firm Avanan said it has seen a sudden and significant uptick in Russian-based phishing attacks and credential harvesting over the past few days targeting U.S. and European customers. Avanan officials told SC Media they began analyzing the 2 million-plus customer email inboxes they protect for signs of increased Russian phishing shortly after the Cybersecurity and Infrastructure Security Agency (CISA) warned on Feb. 16 about an ongoing two-year Russian-led campaign targeting cleared U.S. defense contractors with similar attacks. The sharp increase began on Feb. 27 and is approximately eight times larger than the volume they normally see under baseline conditions.”

Title: Phishing Attacks Target Countries Aiding Ukrainian Refugees
Date Published: March 2, 2022

Excerpt: “A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees. According to American cybersecurity firm Proofpoint, the attackers use “possibly compromised” email accounts of Ukrainian armed service members to deliver the phishing message.”

Title: Ukrainian Researcher Leaked the Source Code of Conti Ransomware
Date Published: March 2, 2022

Excerpt: “Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group.”

Title: Bad Actors are Becoming More Successful at Evading AI/ML Technologies
Date Published: March 2, 2022

Excerpt: “Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...