June 1, 2022

Fortify Security Team
Jun 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems
Date Published: June 1, 2022

https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/

Excerpt: “The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.”

Title: China-Linked TA413 Group Actively Exploits Microsoft Follina Zero-Day Flaw
Date Published: June 1, 2022

https://securityaffairs.co/wordpress/131843/apt/china-apt-exploits-follina-flaw.html

Excerpt: “China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) in Microsoft Office in attacks in the wild. This week, the cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.”

Title: DDoS Threats Growing in Sophistication, Size, and Frequency
Date Published: June 1, 2022

https://www.helpnetsecurity.com/2022/06/01/ddos-attacks-trends/

Excerpt: “Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behavior since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack.”

Title: Breach At Turkey’s Pegasus Airlines Exposes 6.5 TB of Data
Date Published: May 31, 2022

https://www.bankinfosecurity.com/breach-at-turkeys-pegasus-airlines-exposes-65-tb-data-a-19173

Excerpt: “A data breach at Turkish firm Pegasus Airlines has put more than 6.5 TB of sensitive electronic flight bag data at risk, including sensitive flight details, source code and staff data, cybersecurity researchers at security firm Safety Detectives say.”

Title: Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Date Published: May 31, 2022

https://krebsonsecurity.com/2022/05/costa-rica-may-be-pawn-in-conti-ransomware-groups-bid-to-rebrand-evade-sanctions/

Excerpt: “Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.”

Title: New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
Date Published: June  1, 2022

https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html

Excerpt: “An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. “Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen,” Israeli cybersecurity company Check Point said.”

Title: Mastercard Boosts Cyber Consulting with New Threat Simulation Platform
Date Published: May  31, 2022

https://www.scmagazine.com/analysis/vulnerability-management/mastercard-boosts-cyber-consulting-with-new-threat-simulation-platform

Excerpt: “Spanish novelist Miguel De Cervantes said, “To be prepared is half the victory.” Instead of tilting at windmills like Cervantes’s own Don Quixote, Mastercard’s financial industry customers will have a better opportunity to test and build their real-world cyber-defense skills through the card brand’s newly launched “attack simulation and assessment platform,” Cyber Front. This new facet of Mastercard’s existing Cybersecurity & Risk consulting practice emerged largely as a result of the Purchase, New York, company’s “strategic minority investment” in Picus Security, announced last week.”

Title: 3.6M MySQL Servers Found Exposed Online
Date Published: May 31, 2022

https://www.darkreading.com/vulnerabilities-threats/3-6m-plus-mysql-servers-with-ipv4-ipv6-addresses-exposed-scan-shows

Excerpt: “Shadowserver researchers scanning the Internet for exposed MySQL servers said they received more than 2.3 million IPv4- and 1.3 million IPv6 addresses in response to their connection requests on port 3306/TCP, indicating the connected servers were wide open to attack.  Of the more than 3.6 million exposed MySQL servers, most were located in the US, with more than 740,000; followed by China, with more than 296,000; and Poland, with more than 207,000 accessible devices.”

Title: SideWinder Hackers Plant Fake Android VPN app in Google Play Store
Date Published: June 1, 2022

https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/

Excerpt: “Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.”

Title: FluBot takedown: Law Enforcement Takes Control of Android Spyware’s Infrastructure
Date Published: June 1, 2022

https://www.helpnetsecurity.com/2022/06/01/flubot-takedown/

Excerpt: “An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information – passwords, online banking details, etc. – from infected smartphones.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...