April 28, 2022

Fortify Security Team
Apr 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader’s Ransomware Delivery
Date Published: April 28, 2022

https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/

Excerpt: “A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.”

Title: CloudFlare Blocked a Record HTTPs DDoS Attack Peaking at 15 rps
Date Published: April 28, 2022

https://securityaffairs.co/wordpress/130685/hacking/cloudflare-record-https-ddos.html

Excerpt: “Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS), which is one of the largest HTTPS DDoS attacks blocked by the company. The company blocked the attack earlier this month, the experts pointed out that HTTPS DDoS attacks are more expensive because they require higher computational resources for establishing a secure TLS encrypted connection. On the other side, HTTPS DDoS attacks cost more to the victim to mitigate.”

Title: Emotet is Back From ‘Spring Break’ With New Nasty Tricks
Date Published: April 27, 2022

https://threatpost.com/emotet-back-new-tricks/179410/

Excerpt: “Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. That new approach includes more targeted phishing attacks, different from the previous spray-and-pray campaigns, according to new research. Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a Tuesday report.”

Title: Cybercriminals Deliver IRS Tax Scams and Phishing Campaigns by Mimicking Government Vendors
Date Published: April 28, 2022

https://www.helpnetsecurity.com/2022/04/28/irs-tax-scams-phishing-mimicking-government-vendors/

Excerpt: “Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 – there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates.”

Title: Feds Offer $10 Million Reward for Russia’s Sandworm Hackers
Date Published: April 27, 2022

https://www.bankinfosecurity.com/feds-offer-10-million-reward-for-russias-sandworm-hackers-a-18975

Excerpt: “The U.S. government Tuesday announced a reward of up to $10 million for information pertaining to six alleged Russian military hackers tied to the 2017 NotPetya destructive malware campaign. NotPetya was wiper malware, disguised as ransomware, which was distributed via a legitimate Ukrainian software developer’s update server. The malware spread globally, causing commercial damage of up to $10 billion.”

Title: Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Date Published: April 28, 2022

https://thehackernews.com/2022/04/experts-detail-3-hacking-teams-working.html

Excerpt: “A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that “these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure.””

Title: Microsoft Details Rampant Cyber Warfare Corresponding to Russian Invasion
Date Published: April  27, 2022

https://www.scmagazine.com/analysis/threat-intelligence/microsoft-details-rampant-cyber-warfare-corresponding-to-russian-invasion

Excerpt: “Microsoft released a timeline of nearly 250 cyber operations from six separate Russian-aligned threat groups since the waning days before Russia began its physical assault. Microsoft also detailed cyber operations dating back almost a year in preparation for the physical attack.”

Title: Austin Peay State University Resumes After Ransomware Cyber Attack
Date Published: April 28, 2022

https://www.bleepingcomputer.com/news/security/austin-peay-state-university-resumes-after-ransomware-cyber-attack/

Excerpt: “Austin Peay State University (APSU) confirmed yesterday that it had been a victim of a ransomware attack. The university, located in Clarksville, Tennessee advised students, staff, and faculty to disconnect their computers and devices from the university network immediately as a precaution. Subsequent tweets by APSU confirm that the attack is being contained and all employees are expected to report as usual.”

Title: Cyberattacks Rage in Ukraine, Support Military Operations
Date Published: April 28, 2022

https://threatpost.com/cyberwar-ukraine-military/179421/

Excerpt: “Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat (APT) groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are state-sponsored by Russia. Separate reports published this week also shed new light on the wave of cyberattacks against Ukrainian digital assets by APTs with ties to Russia.”

Title: Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal
Date Published: April 28, 2022

https://thehackernews.com/2022/04/twitters-new-owner-elon-musk-wants-dms.html

Excerpt: “Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature. “Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...