August 29, 2022

Fortify Security Team
Aug 29, 2022

Title: Montenegro says Russian Cyberattacks Threaten Key State Functions

Date Published: August 29, 2022

https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/

Excerpt: “Members of the government in Montenegro are stating that the country is being hit with sophisticated and persistent cyberattacks that threaten the country’s essential infrastructure.  Targets include electricity and water supply systems, transportation services, online portals that citizens use to access various state services, and more.  Already, several power plants have switched to manual operations, while the state-managed IT infrastructure has been taken offline to contain the effect of the attacks.”

Title: LockBit Ransomware Gang Gets Aggressive with Triple-extortion Tactic

Date Published: August 28, 2022

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/

Excerpt: “LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level.  The gang has recently suffered a DDoS attack, allegedly on behalf of digital security giant Entrust, that prevented access to data published on its corporate leaks site.  Data from Entrust was stolen by LockBit ransomware in an attack on June 18, according to a BleepingComputer source. The company confirmed the incident and that data had been stolen.  Entrust did not pay the ransom and LockBit announced that it would publish all the stolen data on August 19. This did not happen, though, because the gang’s leak site was hit by a DDoS attack believed to be connected to Entrust.”

Title: Twilio Breach Let Hackers See Okta’s One-time MFA Passwords

Date Published: August 28, 2022

https://www.bleepingcomputer.com/news/security/twilio-breach-let-hackers-see-oktas-one-time-mfa-passwords/

Excerpt: “The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS from customers of Okta identity and access management company.  Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.  With access to the Twilio console, the threat actor could see mobile phone numbers and OTPs belonging to Okta customers.”

Title: Fake ‘Cthulhu World’ P2E Project Used to Push Info-stealing Malware

Date Published: August 27, 2022

https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/

Excerpt: “Hackers have created a fake ‘Cthulhu World’ play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.  As play-to-earn games rise in popularity, scammers and threat actors increasingly target these new platforms for malicious activities.  Such is the case with a new malware distribution campaign discovered by cybersecurity researcher iamdeadlyz, where threat actors created a whole project to promote a fake play-to-earn game called Cthulhu World.”

Title: COVID-19 Data Put for Sale on the Dark Web

Date Published: August 29, 2022

https://www.helpnetsecurity.com/2022/08/29/covid-19-data-put-for-sale-on-the-dark-web/

Excerpt: “Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen from Thailand’s Department of Medical Sciences containing information about citizens with COVID-19 symptoms. The incident was uncovered and shared with Thai CERT.  The data was put for sale on several Dark Web marketplaces and was available for further purchase via a Telegram channel created by the bad actors.”

Title: Attackers Changing Targets from Large Hospitals to Specialty Clinics

Date Published: August 29, 2022

https://www.helpnetsecurity.com/2022/08/29/data-breach-healthcare-organizations/

Excerpt: “Critical Insight announced the release of the firm’s H1 2022 Healthcare Data Breach Report, which analyzes breach data reported to the United States Department of Health and Human Services by healthcare organizations.  With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.  Aside from this change in victim focus, attackers this half of the year hit the jackpot, with the Eye Care Leaders EMR breach, which exposed more than 2 million records. This trend of focusing on a systemic technology that is used across most healthcare providers is a trend we anticipate continuing throughout the remainder of 2022.”

Title: Nitrokod Crypto Miner Infected Systems Across 11 Countries Since 2019

Date Published: August 29, 2022

https://securityaffairs.co/wordpress/134985/cyber-crime/nitrokod-crypto-miner-campaign.html

Excerpt: “Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries.  The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and uptodown. Experts noticed that the software can also be easily found through Google by searching “Google Translate Desktop download”.  The campaign operated under the radar for years because the operators adopted several tricks, such as implementing a delayed mechanism to unleash a long multi-stage infection.”

Title: Surveillance Firm’s Leaked Docs Show the Purchase of an $8M iOS RCE Zero-day Exploit

Date Published: August 28, 2022

https://securityaffairs.co/wordpress/134962/malware/surveillance-firm-intellexa-offer.html

Excerpt: “Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies.  The Vx-undergroud researchers shared some images of several confidential documents that appear to be the commercial offer of Intellect.  Leaked documents details the purchase of an iOS Remote Code Execution zero-day exploit for $8,000,000.”

Title: Global Ransomware Damages to Exceed $30bn by 2023

Date Published: August 29, 2022

https://www.infosecurity-magazine.com/news/ransomware-exceed-30bn-dollars-2023/

Excerpt: “Nearly half of breaches during the first six months of 2022 involved stolen credentials, Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, 2022.  It will come as no surprise to learn that the cybercriminals’ prime goal in using these credentials is to launch ransomware attacks, which “continue to be the number one threat to large and medium-sized businesses, including government organizations,” the report added.  To extract these credentials, the attackers mainly use phishing techniques, with 600 malicious email campaigns that made their way across the internet in the first half of 2022, of which 58% of the emails were phishing attempts and 28% featured malware, found Acronis.”

Title: US Cyber Command and NSA Partner On Defense Efforts For Midterms Elections

Date Published: August 29, 2022

https://www.infosecurity-magazine.com/news/uscybercom-nsa-partner-defence/

Excerpt: “US military and intelligence entities are renewing their efforts to protect electoral procedures from hacking and disinformation before and during the November midterms elections.  The news comes from the US Cyber Command (USCYBERCOM) and the National Security Agency (NSA), who published a joint blog post detailing their security capabilities on Thursday.  “This is an enduring, no-fail mission for [USCYBERCOM] and the [NSA], who bring unique insights and actions to the whole-of-government effort,” explained NSA director Paul M. Nakasone. “Together, we bring speed and unity of effort against any foreign adversary who might seek to undermine our democratic institutions.”  The Election Security Group (ESG) operates under the guidance of USCYBERCOM’s co-lead and deputy commander of cyber national mission force Victor Macias and Anna Horrigan, NSA’s senior executive and election security co-lead.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...