June 23, 2022

Fortify Security Team
Jun 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases

Date Published: June 23, 2022


Excerpt: “A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases. MetaMask recovery phrases, or seeds, are a series of 12 words that users can use to import an existing crypto wallet on other devices. Whoever has access to this recovery phrase can import the wallet on any device they choose and steal the NFTs and cryptocurrency stored within it, making them a popular target for threat actors. According to email security firm Armoblox the new campaign targets users of Microsoft Office 365, distributing messages that resemble legitimate identity verification requests.”

Title: Conti Ransomware Hacking Spree Breaches over 40 Orgs in a Month

Date Published: June 23, 2022


Excerpt: “The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. Security researchers codenamed the hacking campaign ARMattack and described it as being one of the group’s “most productive” and “extremely effective.””

Title: Chinese Hackers Target Script Kiddies with Info-Stealer Trojan

Date Published: June 22, 2022


Excerpt: “Cybersecurity researchers have discovered a new campaign attributed to the Chinese “Tropic Trooper” hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan. The trojan is bundled in a greyware tool named ‘SMS Bomber,’ which is used for denial of service (DoS) attacks against phones, flooding them with messages. Tools like this are commonly used by “beginner” threat actors who want to launch attacks against sites. According to a report by Check Point, the threat actors also demonstrate in-depth cryptographic knowledge, extending the AES specification in a custom implementation.”

Title: Microsoft: Russia Stepped up Cyberattacks Against Ukraine’s Allies

Date Published: June 22, 2022


Excerpt: “Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia’s invasion. Since the start of the war, threat actors linked to several Russian intelligence services (including the GRU, SVR, and FSB) have attempted to breach entities in dozens of countries worldwide, prioritizing governments, according to Microsoft Threat Intelligence Center (MSTIC) analysts. The vast majority of these attacks are, as expected, primarily focused on obtaining sensitive information from government agencies in countries currently playing crucial roles in NATO’s and the West’s response to Russia’s war.”

Title: MEGA Fixes Critical Flaws that Allowed the Decryption of User Data

Date Published: June 22, 2022


Excerpt: “MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form. MEGA is a New Zealand-based cloud storage and file hosting service with over 250 million registered users from over two hundred countries. Users have collectively uploaded a massive 120 billion distinct files amounting to 1000 petabytes in size. One of MEGA’s advertised features is that data is end-to-end encrypted, with only the user having access to the decryption key. However, researchers have shown that vulnerabilities in the encryption algorithm allowed them to access users’ encrypted data. The vulnerabilities in MEGA’s encryption scheme were discovered by researchers at ETH Zurich, in Switzerland, who reported it to the firm responsibly on March 24, 2022. While the researchers discovered five possible attacks against user data relying upon an equal number of flaws, they all rely on stealing and deciphering an RSA key. MEGA is unaware of any compromised user accounts or data by exploiting the discovered flaws. However, this finding creates a dent in the service’s data security promises.”

Title: Automotive Hose Manufacturer Hit by Ransomware, Shuts Down Production Control System

Date Published: June  23, 2022


Excerpt: “A US subsidiary of Nichirin Co., a Japan-based company manufacturing and selling automotive hoses and hose parts, has been hit with ransomware, which resulted in the shut down of the subsidiary’s network and production control system.”

Title: Attack Methods Using Hybrid Bots Enable Criminals to Open Mule Accounts at Scale

Date Published: June  23, 2022


Excerpt: “During the first half of 2022, BioCatch data reveals that money mule accounts represent up to 0.3 percent of accounts held by financial institutions, and an estimated $3 billion in fraudulent financial transfers. According to the Federal Deposit Insurance Corporation (FDIC), there are 124 million U.S. households that had a member with at least one bank account, although consumers own an average of 5.3 bank accounts across all types of financial institutions. Applying BioCatch findings to the estimated 657 million bank accounts in the United States, this translates to approximately two million mule accounts and nearly $3 billion in fraudulent transfers in a year. Further, the research found that the average mule transaction value is $1,500 – a comparatively low number to avoid detection by traditional means.”

Title: Rate of IT Security Incidents Grows with Company Size

Date Published: June 23, 2022


Excerpt: “The rate of IT security incidents increases the more Microsoft 365 security features are used, according to Hornetsecurity. Organizations using Microsoft 365 and that use 1 or 2 of its stock security features reported attacks 24.4% and 28.2% of the time respectively, while those that use 6 or 7 features reported attacks 55.6% and 40.8% of the time respectively. Overall, it was found that 3 in 10 organizations (29.2%) using Microsoft 365 reported a known security incident in the last 12 months.”

Title: Magecart Attacks are Still Around but are More Difficult to Detect

Date Published: June 22, 2022


Excerpt: “Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes researchers warn that the Client-side Magecart attacks are still targeting organizations, but are more covert. The researchers recently uncovered two domains, “scanalytic[.]org” and “js.staticounter[.]net,” belonging to the Magecart infrastructure on the same ASN (AS29182) that was used by the cybercriminals.”

Title: 80% of Firms Suffered Identity-Related Breaches in Last 12 Months

Date Published: June 22, 2022


Excerpt: “With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority. Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers. In a survey of IT and identity professionals released Wednesday from Dimensional Research, almost every organization — 98% — experiences rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...