April 28, 2022

Fortify Security Team
Apr 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader’s Ransomware Delivery
Date Published: April 28, 2022


Excerpt: “A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.”

Title: CloudFlare Blocked a Record HTTPs DDoS Attack Peaking at 15 rps
Date Published: April 28, 2022


Excerpt: “Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS), which is one of the largest HTTPS DDoS attacks blocked by the company. The company blocked the attack earlier this month, the experts pointed out that HTTPS DDoS attacks are more expensive because they require higher computational resources for establishing a secure TLS encrypted connection. On the other side, HTTPS DDoS attacks cost more to the victim to mitigate.”

Title: Emotet is Back From ‘Spring Break’ With New Nasty Tricks
Date Published: April 27, 2022


Excerpt: “Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. That new approach includes more targeted phishing attacks, different from the previous spray-and-pray campaigns, according to new research. Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a Tuesday report.”

Title: Cybercriminals Deliver IRS Tax Scams and Phishing Campaigns by Mimicking Government Vendors
Date Published: April 28, 2022


Excerpt: “Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 – there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates.”

Title: Feds Offer $10 Million Reward for Russia’s Sandworm Hackers
Date Published: April 27, 2022


Excerpt: “The U.S. government Tuesday announced a reward of up to $10 million for information pertaining to six alleged Russian military hackers tied to the 2017 NotPetya destructive malware campaign. NotPetya was wiper malware, disguised as ransomware, which was distributed via a legitimate Ukrainian software developer’s update server. The malware spread globally, causing commercial damage of up to $10 billion.”

Title: Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Date Published: April 28, 2022


Excerpt: “A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that “these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure.””

Title: Microsoft Details Rampant Cyber Warfare Corresponding to Russian Invasion
Date Published: April  27, 2022


Excerpt: “Microsoft released a timeline of nearly 250 cyber operations from six separate Russian-aligned threat groups since the waning days before Russia began its physical assault. Microsoft also detailed cyber operations dating back almost a year in preparation for the physical attack.”

Title: Austin Peay State University Resumes After Ransomware Cyber Attack
Date Published: April 28, 2022


Excerpt: “Austin Peay State University (APSU) confirmed yesterday that it had been a victim of a ransomware attack. The university, located in Clarksville, Tennessee advised students, staff, and faculty to disconnect their computers and devices from the university network immediately as a precaution. Subsequent tweets by APSU confirm that the attack is being contained and all employees are expected to report as usual.”

Title: Cyberattacks Rage in Ukraine, Support Military Operations
Date Published: April 28, 2022


Excerpt: “Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat (APT) groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are state-sponsored by Russia. Separate reports published this week also shed new light on the wave of cyberattacks against Ukrainian digital assets by APTs with ties to Russia.”

Title: Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal
Date Published: April 28, 2022


Excerpt: “Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature. “Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...