March 2, 2022

Fortify Security Team
Mar 2, 2022

Title: TeaBot Malware Slips Back into Google Play Store to Target US Users
Date Published: March 1, 2022

https://www.bleepingcomputer.com/news/security/teabot-malware-slips-back-into-google-play-store-to-target-us-users/

Excerpt: “The TeaBot banking trojan was spotted once again in Google Play Store where it posed as a QR code app and spread to more than 10,000 devices. This is a trick that its distributors used before, in January, and even though Google ousted these entries, it appears that the malware can still find a way into the official Android app repository.”

Title: IsaacWiper, the Third Wiper Spotted Since the Beginning of the Russian Invasion
Date Published: March 1, 2022

https://securityaffairs.co/wordpress/128553/malware/isaacwiper-data-wiper.html

Excerpt: “ESET researchers uncovered a new data wiper, tracked as IsaacWiper, that was used against an unnamed Ukrainian government network after Russia’s invasion of Ukraine. The wiper was first spotted on February 24 within an organization that was not infected with the HermeticWiper malware (aka KillDisk.NCV), which infected hundreds of machines in the country on February 23. According to cybersecurity firms ESET and Broadcom’s Symantec discovered, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.”

Title: Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Date Published: March 1, 2022

https://threatpost.com/daxin-espionage-backdoor-chinese-malware/178706/

Excerpt: “The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. The Symantec Threat Hunter team noticed the advanced persistent threat (APT) weapon in action in November, noting that it’s “the most advanced piece of malware Symantec researchers have seen from China-linked actors…exhibiting technical complexity previously unseen by such actors.””

Title: Security Leaders Want Legal Action for Failing to Patch for Log4j
Date Published: March 2, 2022

https://www.helpnetsecurity.com/2022/03/02/log4j-vulnerability-security-professionals/

Excerpt: “The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world. 61% of organizations responding to the latest Neustar International Security Council (NISC) survey, conducted in January 2022, said they had fielded attacks targeting this vulnerability. An even greater share (75%) reported having been impacted by Log4j, with one in five (21%) stating that impact had been significant.”

Title: US Officials Tracking Russian Cyberattack Escalation Risk
Date Published: March 1, 2022

https://www.bankinfosecurity.com/us-officials-tracking-russian-cyberattack-escalation-risk-a-18638

Excerpt: “Amid what is now a prolonged struggle in Ukraine, cybersecurity officials in the U.S. and European Union have expressed some surprise over Russia’s lack of pervasive cyber strikes to date. But they warn that these actions could follow as its economy reels from sanctions.”

Title: Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks
Date Published: March 2, 2022

https://thehackernews.com/2022/03/hackers-begin-weaponizing-tcp-middlebox.html

Excerpt: “Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. “The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack,” Akamai researchers said in a report published Tuesday.”

Title: Russian-based Phishing Attacks Increased Eight-fold Since Feb. 27
Date Published: March 1, 2022

https://www.scmagazine.com/analysis/critical-infrastructure/russian-based-phishing-attacks-increased-eight-fold-since-feb-27

Excerpt: “Email cybersecurity firm Avanan said it has seen a sudden and significant uptick in Russian-based phishing attacks and credential harvesting over the past few days targeting U.S. and European customers. Avanan officials told SC Media they began analyzing the 2 million-plus customer email inboxes they protect for signs of increased Russian phishing shortly after the Cybersecurity and Infrastructure Security Agency (CISA) warned on Feb. 16 about an ongoing two-year Russian-led campaign targeting cleared U.S. defense contractors with similar attacks. The sharp increase began on Feb. 27 and is approximately eight times larger than the volume they normally see under baseline conditions.”

Title: Phishing Attacks Target Countries Aiding Ukrainian Refugees
Date Published: March 2, 2022

https://www.bleepingcomputer.com/news/security/phishing-attacks-target-countries-aiding-ukrainian-refugees/

Excerpt: “A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees. According to American cybersecurity firm Proofpoint, the attackers use “possibly compromised” email accounts of Ukrainian armed service members to deliver the phishing message.”

Title: Ukrainian Researcher Leaked the Source Code of Conti Ransomware
Date Published: March 2, 2022

https://securityaffairs.co/wordpress/128563/data-breach/conti-ransomware-source-code-leaked.html

Excerpt: “Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group.”

Title: Bad Actors are Becoming More Successful at Evading AI/ML Technologies
Date Published: March 2, 2022

https://www.helpnetsecurity.com/2022/03/02/attack-volumes-types/

Excerpt: “Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.”

Recent Posts

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 15, 2022

Title: China-Based Campaign Uses 42,000 Phishing Domains Date Published: November 15, 2022 https://www.infosecurity-magazine.com/news/chinabased-campaign-42000-phishing/ Excerpt: “Security researchers have uncovered a sophisticated phishing campaign using tens of...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...