June 1, 2022

Fortify Security Team
Jun 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems
Date Published: June 1, 2022


Excerpt: “The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.”

Title: China-Linked TA413 Group Actively Exploits Microsoft Follina Zero-Day Flaw
Date Published: June 1, 2022


Excerpt: “China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) in Microsoft Office in attacks in the wild. This week, the cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.”

Title: DDoS Threats Growing in Sophistication, Size, and Frequency
Date Published: June 1, 2022


Excerpt: “Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behavior since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack.”

Title: Breach At Turkey’s Pegasus Airlines Exposes 6.5 TB of Data
Date Published: May 31, 2022


Excerpt: “A data breach at Turkish firm Pegasus Airlines has put more than 6.5 TB of sensitive electronic flight bag data at risk, including sensitive flight details, source code and staff data, cybersecurity researchers at security firm Safety Detectives say.”

Title: Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Date Published: May 31, 2022


Excerpt: “Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.”

Title: New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
Date Published: June  1, 2022


Excerpt: “An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. “Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen,” Israeli cybersecurity company Check Point said.”

Title: Mastercard Boosts Cyber Consulting with New Threat Simulation Platform
Date Published: May  31, 2022


Excerpt: “Spanish novelist Miguel De Cervantes said, “To be prepared is half the victory.” Instead of tilting at windmills like Cervantes’s own Don Quixote, Mastercard’s financial industry customers will have a better opportunity to test and build their real-world cyber-defense skills through the card brand’s newly launched “attack simulation and assessment platform,” Cyber Front. This new facet of Mastercard’s existing Cybersecurity & Risk consulting practice emerged largely as a result of the Purchase, New York, company’s “strategic minority investment” in Picus Security, announced last week.”

Title: 3.6M MySQL Servers Found Exposed Online
Date Published: May 31, 2022


Excerpt: “Shadowserver researchers scanning the Internet for exposed MySQL servers said they received more than 2.3 million IPv4- and 1.3 million IPv6 addresses in response to their connection requests on port 3306/TCP, indicating the connected servers were wide open to attack.  Of the more than 3.6 million exposed MySQL servers, most were located in the US, with more than 740,000; followed by China, with more than 296,000; and Poland, with more than 207,000 accessible devices.”

Title: SideWinder Hackers Plant Fake Android VPN app in Google Play Store
Date Published: June 1, 2022


Excerpt: “Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.”

Title: FluBot takedown: Law Enforcement Takes Control of Android Spyware’s Infrastructure
Date Published: June 1, 2022


Excerpt: “An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information – passwords, online banking details, etc. – from infected smartphones.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...