June 1, 2022

Fortify Security Team
Jun 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems
Date Published: June 1, 2022

https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/

Excerpt: “The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.”

Title: China-Linked TA413 Group Actively Exploits Microsoft Follina Zero-Day Flaw
Date Published: June 1, 2022

https://securityaffairs.co/wordpress/131843/apt/china-apt-exploits-follina-flaw.html

Excerpt: “China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) in Microsoft Office in attacks in the wild. This week, the cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.”

Title: DDoS Threats Growing in Sophistication, Size, and Frequency
Date Published: June 1, 2022

https://www.helpnetsecurity.com/2022/06/01/ddos-attacks-trends/

Excerpt: “Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behavior since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack.”

Title: Breach At Turkey’s Pegasus Airlines Exposes 6.5 TB of Data
Date Published: May 31, 2022

https://www.bankinfosecurity.com/breach-at-turkeys-pegasus-airlines-exposes-65-tb-data-a-19173

Excerpt: “A data breach at Turkish firm Pegasus Airlines has put more than 6.5 TB of sensitive electronic flight bag data at risk, including sensitive flight details, source code and staff data, cybersecurity researchers at security firm Safety Detectives say.”

Title: Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Date Published: May 31, 2022

https://krebsonsecurity.com/2022/05/costa-rica-may-be-pawn-in-conti-ransomware-groups-bid-to-rebrand-evade-sanctions/

Excerpt: “Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.”

Title: New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
Date Published: June  1, 2022

https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html

Excerpt: “An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. “Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen,” Israeli cybersecurity company Check Point said.”

Title: Mastercard Boosts Cyber Consulting with New Threat Simulation Platform
Date Published: May  31, 2022

https://www.scmagazine.com/analysis/vulnerability-management/mastercard-boosts-cyber-consulting-with-new-threat-simulation-platform

Excerpt: “Spanish novelist Miguel De Cervantes said, “To be prepared is half the victory.” Instead of tilting at windmills like Cervantes’s own Don Quixote, Mastercard’s financial industry customers will have a better opportunity to test and build their real-world cyber-defense skills through the card brand’s newly launched “attack simulation and assessment platform,” Cyber Front. This new facet of Mastercard’s existing Cybersecurity & Risk consulting practice emerged largely as a result of the Purchase, New York, company’s “strategic minority investment” in Picus Security, announced last week.”

Title: 3.6M MySQL Servers Found Exposed Online
Date Published: May 31, 2022

https://www.darkreading.com/vulnerabilities-threats/3-6m-plus-mysql-servers-with-ipv4-ipv6-addresses-exposed-scan-shows

Excerpt: “Shadowserver researchers scanning the Internet for exposed MySQL servers said they received more than 2.3 million IPv4- and 1.3 million IPv6 addresses in response to their connection requests on port 3306/TCP, indicating the connected servers were wide open to attack.  Of the more than 3.6 million exposed MySQL servers, most were located in the US, with more than 740,000; followed by China, with more than 296,000; and Poland, with more than 207,000 accessible devices.”

Title: SideWinder Hackers Plant Fake Android VPN app in Google Play Store
Date Published: June 1, 2022

https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/

Excerpt: “Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.”

Title: FluBot takedown: Law Enforcement Takes Control of Android Spyware’s Infrastructure
Date Published: June 1, 2022

https://www.helpnetsecurity.com/2022/06/01/flubot-takedown/

Excerpt: “An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information – passwords, online banking details, etc. – from infected smartphones.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...