March 2, 2022

Fortify Security Team
Mar 2, 2022

Title: TeaBot Malware Slips Back into Google Play Store to Target US Users
Date Published: March 1, 2022

https://www.bleepingcomputer.com/news/security/teabot-malware-slips-back-into-google-play-store-to-target-us-users/

Excerpt: “The TeaBot banking trojan was spotted once again in Google Play Store where it posed as a QR code app and spread to more than 10,000 devices. This is a trick that its distributors used before, in January, and even though Google ousted these entries, it appears that the malware can still find a way into the official Android app repository.”

Title: IsaacWiper, the Third Wiper Spotted Since the Beginning of the Russian Invasion
Date Published: March 1, 2022

https://securityaffairs.co/wordpress/128553/malware/isaacwiper-data-wiper.html

Excerpt: “ESET researchers uncovered a new data wiper, tracked as IsaacWiper, that was used against an unnamed Ukrainian government network after Russia’s invasion of Ukraine. The wiper was first spotted on February 24 within an organization that was not infected with the HermeticWiper malware (aka KillDisk.NCV), which infected hundreds of machines in the country on February 23. According to cybersecurity firms ESET and Broadcom’s Symantec discovered, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.”

Title: Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Date Published: March 1, 2022

https://threatpost.com/daxin-espionage-backdoor-chinese-malware/178706/

Excerpt: “The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. The Symantec Threat Hunter team noticed the advanced persistent threat (APT) weapon in action in November, noting that it’s “the most advanced piece of malware Symantec researchers have seen from China-linked actors…exhibiting technical complexity previously unseen by such actors.””

Title: Security Leaders Want Legal Action for Failing to Patch for Log4j
Date Published: March 2, 2022

https://www.helpnetsecurity.com/2022/03/02/log4j-vulnerability-security-professionals/

Excerpt: “The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world. 61% of organizations responding to the latest Neustar International Security Council (NISC) survey, conducted in January 2022, said they had fielded attacks targeting this vulnerability. An even greater share (75%) reported having been impacted by Log4j, with one in five (21%) stating that impact had been significant.”

Title: US Officials Tracking Russian Cyberattack Escalation Risk
Date Published: March 1, 2022

https://www.bankinfosecurity.com/us-officials-tracking-russian-cyberattack-escalation-risk-a-18638

Excerpt: “Amid what is now a prolonged struggle in Ukraine, cybersecurity officials in the U.S. and European Union have expressed some surprise over Russia’s lack of pervasive cyber strikes to date. But they warn that these actions could follow as its economy reels from sanctions.”

Title: Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks
Date Published: March 2, 2022

https://thehackernews.com/2022/03/hackers-begin-weaponizing-tcp-middlebox.html

Excerpt: “Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. “The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack,” Akamai researchers said in a report published Tuesday.”

Title: Russian-based Phishing Attacks Increased Eight-fold Since Feb. 27
Date Published: March 1, 2022

https://www.scmagazine.com/analysis/critical-infrastructure/russian-based-phishing-attacks-increased-eight-fold-since-feb-27

Excerpt: “Email cybersecurity firm Avanan said it has seen a sudden and significant uptick in Russian-based phishing attacks and credential harvesting over the past few days targeting U.S. and European customers. Avanan officials told SC Media they began analyzing the 2 million-plus customer email inboxes they protect for signs of increased Russian phishing shortly after the Cybersecurity and Infrastructure Security Agency (CISA) warned on Feb. 16 about an ongoing two-year Russian-led campaign targeting cleared U.S. defense contractors with similar attacks. The sharp increase began on Feb. 27 and is approximately eight times larger than the volume they normally see under baseline conditions.”

Title: Phishing Attacks Target Countries Aiding Ukrainian Refugees
Date Published: March 2, 2022

https://www.bleepingcomputer.com/news/security/phishing-attacks-target-countries-aiding-ukrainian-refugees/

Excerpt: “A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees. According to American cybersecurity firm Proofpoint, the attackers use “possibly compromised” email accounts of Ukrainian armed service members to deliver the phishing message.”

Title: Ukrainian Researcher Leaked the Source Code of Conti Ransomware
Date Published: March 2, 2022

https://securityaffairs.co/wordpress/128563/data-breach/conti-ransomware-source-code-leaked.html

Excerpt: “Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group.”

Title: Bad Actors are Becoming More Successful at Evading AI/ML Technologies
Date Published: March 2, 2022

https://www.helpnetsecurity.com/2022/03/02/attack-volumes-types/

Excerpt: “Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...