July 12, 2022

Fortify Security Team
Jul 12, 2022

Title: Hackers Can Unlock Honda Cars Remotely in Rolling-PWN Attacks
Date Published: July 11, 2022


Excerpt: “A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely.  Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle.  The researchers claim to have tested the attack on Honda models between 2021 and 2022.”

Title: Ransomware Gang Now Lets You Search Their Stolen Data
Date Published: July 11, 2022


Excerpt: “Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data.  The new tactic consists in adding a search function on the leak site to make it easier to find victims or even specific details.  Last week, the ALPHV/BlackCat ransomware operation announced that they created a searchable database with leaks from non-paying victims.  The hackers made it clear that the repositories have been indexed and the search works when looking for information by filename or by content available in documents and images.  The results are pulled from the “Collections” part of BlackCat’s leak site and may not have the best accuracy but it is still an evolution of the cybercriminal’s extortion strategy.”

Title: Microsoft Announced the General Availability of Windows Autopatch Feature
Date Published: July 12, 2022


Excerpt: “Microsoft announced the general availability of a service called Autopatch that automates the process of managing and rolling out updates to Windows and Office software. The feature is available for Windows Enterprise E3 and E5 licenses, but Windows Education (A3) or Windows Front Line Worker (F3) licenses are not covered.  Microsoft initially announced the implementation of the new feature in March 2022 that aims at keeping its systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail in installing the available patch and upgrades.  Microsoft announced that it will continue to roll out Patch Tuesday security updates and Autopatch will help “streamline updating operations and create new opportunities for IT pros.””

Title: Cloud-Based Cryptocurrency Mining Attacks Abuse GitHub Actions and Azure VM
Date Published: July 12, 2022


Excerpt: “Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them.  Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant impact on target organizations in terms of resource consumption and cost.  To demonstrate the impact on the organizations, Trend Micro researchers deployed the monero miner XMRig on one of its systems and observed an increase in CPU utilization rate from an average of 13% to 100%. This means that the cost of electricity to the target organization jumped from US$20 up to US$130 per month (+600%) for a single cloud instance. Considering that organizations usually control multiple cloud instances, the economic impact on them dramatically increases.  Experts pointed out that the performance of an infrastructure infected with a miner slows down and can cause the disruption of the online services of a business, impacting the reputation of the organization.”

Title: A Fake Job Offer via LinkedIn Allowed to Steal $540M from Axie Infinity
Date Published: July 11, 2022


Excerpt: “In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The attack took place on March 23rd, but the cyber heist was discovered after a user was unable to withdraw 5,000 ether.  The Ronin Network is an Ethereum-linked sidechain used for the blockchain game Axie Infinity.  The attackers have stolen roughly 173,600 ether and 25.5 million USDC. The Ronin bridge and Katana Dex have been halted following the attack.  Axie Infinity disclosed the security breach through the official Discord and Twitter accounts, and by Ronin Network.  Now a report from The Block citing two people familiar with the matter revealed that threat actors targeted a senior engineer at the company with a fake job offer via LinkedIn.”

Title: Ransomware is Hitting One Sector Particularly Hard, and the Impact is Felt by Everyone
Date Published: July 12, 2022


Excerpt: “The number of ransomware attacks against schools and universities is on the rise – and victims are struggling to recover after their networks have been hit.  According to analysis by cybersecurity researchers at Sophos, education is facing an increased challenge from the threat of ransomware as cyber criminals go after what they perceive to be an easy, but potentially lucrative target. “Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold,” said Chester Wisniewski, principal research scientist at Sophos.  In many cases, the victims are paying a ransom for the decryption key.”

Title: Lithuanian Energy Firm Disrupted by DDOS Attack
Date Published: July 12, 2022


Excerpt: “Lithuanian energy company Ignitis Group was hit by what it described as its “biggest cyber-attack in a decade” on Saturday when numerous distributed denial of service (DDoS) attacks were aimed at it, disrupting its digital services and websites. Pro-Russian hacking group Killnet claimed responsibility for the attack on its Telegram channel on Saturday, making this the latest in a series of attacks launched by the group in Lithuania due to that country’s support for Ukraine in the war with Russia. In a post on the Ignitis Group’s Facebook page on July 9, the company said it had been able to manage and limit the attack’s impact on its systems and that no breaches were recorded. However, the post also revealed that attacks were ongoing.”

Title: Spike in Amazon Prime Scams Expected
Date Published: July 12, 2022


Excerpt: “This particular attack starts by utilizing Amazon’s name and credibility. When users see an email that appears to come from Amazon, they are more likely to trust it. A subject line which refers to recent deliveries is also something that seems plausible,” he said. “Impersonating a brand is a classic social engineering tactic. Impersonating perhaps the world’s most recognizable brand is a surefire way to get at least some people to engage.” Checkpoint Research found a 37% increase in daily Amazon-related phishing attacks compared to the average in June. Last year, the same organization registered an 86% increase in phishing attempts related to the sale. “All Amazon users should be mindful of spoofed or unauthentic emails.”

Title: PyPI Repository Enforces 2FA for Critical Python Projects
Date Published: July 11, 2022


Excerpt: “Python Package Index (PyPI), the official third-party open-source repository for Python projects, said it will enforce a mandatory two-factor authentication (2FA) policy for projects categorized as “critical,” from both ‘Maintainers’ and ‘Owners’. The team made the announcement on Twitter last Friday, saying that “soon, maintainers of critical projects must have 2FA enabled to publish, update or modify them.” Further, PyPI offered free hardware security keys from the Google Open Source Security Team to developers of critical projects who had not previously turned on 2FA on PyP. “To ensure that these maintainers can use strong 2FA methods, we’re also distributing 4000 hardware security keys,” read the Twitter post. The repository account also specified the eligibility criteria for the new policy: “any project in the top 1% of downloads over the prior six months is designated as critical (as well as PyPI’s own dependencies).” At the same time, the team clarified that once a project has been classified as “critical” it should remain in that category indefinitely, even if it drops out of the top 1% downloads list.”

Title: Ransomware Scourge Drives Price Hikes in Cyber Insurance
Date Published: July 12, 2022


Excerpt: “The rising cost of ransomware attacks is helping push significant premium increases in cyber-insurance policies in the UK and US, new data shows.  With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cybersecurity insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber-insurance industry.  However, insurance firms are struggling to accurately understand a customer’s security posture, which is in turn affecting price increases.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...