June 1, 2022

Fortify Security Team
Jun 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems
Date Published: June 1, 2022


Excerpt: “The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.”

Title: China-Linked TA413 Group Actively Exploits Microsoft Follina Zero-Day Flaw
Date Published: June 1, 2022


Excerpt: “China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) in Microsoft Office in attacks in the wild. This week, the cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.”

Title: DDoS Threats Growing in Sophistication, Size, and Frequency
Date Published: June 1, 2022


Excerpt: “Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behavior since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack.”

Title: Breach At Turkey’s Pegasus Airlines Exposes 6.5 TB of Data
Date Published: May 31, 2022


Excerpt: “A data breach at Turkish firm Pegasus Airlines has put more than 6.5 TB of sensitive electronic flight bag data at risk, including sensitive flight details, source code and staff data, cybersecurity researchers at security firm Safety Detectives say.”

Title: Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Date Published: May 31, 2022


Excerpt: “Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.”

Title: New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
Date Published: June  1, 2022


Excerpt: “An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. “Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen,” Israeli cybersecurity company Check Point said.”

Title: Mastercard Boosts Cyber Consulting with New Threat Simulation Platform
Date Published: May  31, 2022


Excerpt: “Spanish novelist Miguel De Cervantes said, “To be prepared is half the victory.” Instead of tilting at windmills like Cervantes’s own Don Quixote, Mastercard’s financial industry customers will have a better opportunity to test and build their real-world cyber-defense skills through the card brand’s newly launched “attack simulation and assessment platform,” Cyber Front. This new facet of Mastercard’s existing Cybersecurity & Risk consulting practice emerged largely as a result of the Purchase, New York, company’s “strategic minority investment” in Picus Security, announced last week.”

Title: 3.6M MySQL Servers Found Exposed Online
Date Published: May 31, 2022


Excerpt: “Shadowserver researchers scanning the Internet for exposed MySQL servers said they received more than 2.3 million IPv4- and 1.3 million IPv6 addresses in response to their connection requests on port 3306/TCP, indicating the connected servers were wide open to attack.  Of the more than 3.6 million exposed MySQL servers, most were located in the US, with more than 740,000; followed by China, with more than 296,000; and Poland, with more than 207,000 accessible devices.”

Title: SideWinder Hackers Plant Fake Android VPN app in Google Play Store
Date Published: June 1, 2022


Excerpt: “Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.”

Title: FluBot takedown: Law Enforcement Takes Control of Android Spyware’s Infrastructure
Date Published: June 1, 2022


Excerpt: “An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information – passwords, online banking details, etc. – from infected smartphones.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...