August 31, 2022

Fortify Security Team
Aug 31, 2022

Title: Ukraine Takes Down Cybercrime Group Hitting Crypto Fraud Victims
Date Published: August 30, 2022

https://www.bleepingcomputer.com/news/security/ukraine-takes-down-cybercrime-group-hitting-crypto-fraud-victims/

Excerpt: “The National Police of Ukraine (NPU) took down a network of call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds. The fraudsters behind these illegal call centers were also allegedly involved in scamming citizens of Ukraine and European Union countries interested in cryptocurrency, securities, gold, and oil investments. Throughout this cross-border fraud operation, they used software and high-tech equipment that made it possible to spoof the phone numbers of state banking organizations.”

Title: Hackers Hide Malware in James Webb Telescope Images
Date Published: August 30, 2022

https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/

Excerpt: “Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform (Windows, Linux, Mac) and offers increased resistance to reverse engineering and analysis. In the recent campaign discovered by researchers at Securonix, the threat actor drops payloads that are currently not marked as malicious by antivirus engines on the VirusTotal scanning platform.”

Title: Russian Streaming Platform Confirms Data Breach Affecting 7.5M Users
Date Published: August 30, 2022

https://www.bleepingcomputer.com/news/security/russian-streaming-platform-confirms-data-breach-affecting-75m-users/

Excerpt: “Russian media streaming platform ‘START’ (start.ru) has confirmed rumors of a data breach impacting millions of users. The platform’s administrators shared that network intruders managed to steal a 2021 database from its systems and are now distributing samples online. The stolen database contains email addresses, phone numbers, and usernames. START characterizes it as uninteresting to most cybercriminals as it can’t be used for taking over accounts.”

Title: Chinese Hackers Target Australian Govt with ScanBox Malware
Date Published: August 30, 2022

https://www.bleepingcomputer.com/news/security/chinese-hackers-target-australian-govt-with-scanbox-malware/

Excerpt: “China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework. The campaign was active from April to June this year and targeted people at local and federal Australian Government agencies, Australian news media organizations, and at global heavy industry manufacturers that provide maintenance to wind turbines in the South China Sea.”

Title: Ransomware Gangs’ Favorite Targets
Date Published: August 31, 2022

https://www.helpnetsecurity.com/2022/08/31/ransomware-attack-patterns/

Excerpt: “Barracuda released its fourth-annual threat research report which looks at ransomware attack patterns that occurred between August 2021 and July 2022. For the 106 highly publicized attacks our researchers analyzed, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%): The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report. While attacks on municipalities increased only slightly, the analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled.”

Title: Three Campaigns Delivering Multiple Malware, Including ModernLoader and XMRig Miner
Date Published: August 30, 2022

https://securityaffairs.co/wordpress/135046/malware/malware-campaigns-modernloader.html

Excerpt: “Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims. ModernLoader is a .NET remote access trojan that supports multiple features, including the capability of gathering system information, executing arbitrary commands, or downloading and running a file from the C2 server.”

Title: A Study on Malicious Plugins in WordPress Marketplaces
Date Published: August 30, 2022

https://securityaffairs.co/wordpress/135032/reports/wordpress-malicious-plugins.html

Excerpt: “A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The experts studied the evolution of CMS plugins in the production web servers dating back to 2012, to do this they developed an automated framework named YODA to detect malicious plugins. The number of malicious plugins on WordPress websites has increased over the years, and malicious activity reached a peak in March 2020. The researchers employed cross-website verification to certify the malicious origin of each website, they also noted that legitimate marketplace, nulled marketplace, and injected plugin categories are mutually exclusive.”

Title: Microsoft: Take These Three Steps to Protect Your Systems from Ransomware
Date Published: August 31, 2022

https://www.zdnet.com/article/microsoft-take-these-three-steps-to-protect-your-systems-from-ransomware/

Excerpt: “Defending against ransomware attacks and other cyber threats takes more than just setting up detection measures to identify potential malicious activity. Cybersecurity teams need to ensure that the network is made unattractive to cyber criminals by making it difficult to break into in the first place. Ransomware is a major cybersecurity problem facing organisations around the world, as cyber criminals break into networks, encrypt files and servers, and then demand a ransom payment that can amount to millions of dollars in exchange for the decryption key. This is often combined with stealing data and threatening to release it if a ransom isn’t paid. According to Microsoft, the rise of ransomware-as-a-service (Raas) – kits developed and sold on dark web forums that allow people with minimal technical knowledge to launch ransomware attacks – is lowering the barrier for entry and causing challenges for network defenders.”

Title: Looking East: Japanese Credit Card Customers Targeted With Phishing Attacks
Date Published: August 31, 2022

https://www.infosecurity-magazine.com/blogs/japanese-credit-card-phishing/

Excerpt: “In 2019, Valimail’s Email Fraud Landscape report estimated that more than one in every 100 emails was of a malicious nature. In 2020, the FBI then affirmed that phishing was the most common attack method seen for the year. And more recently, the Anti-Phishing Working Group (APGW) revealed that phishing attacks hit an all-time high in 2021, with 300,000 attacks having been recorded in December alone. Now we’re in 2022, it is clear that this trend isn’t changing. Today, cybercriminals are upping the ante, working to develop sophisticated spear phishing campaigns to trick potential users while abusing trusted platforms like SharePoint, Amazon AWS, Google and Adobe at more frequent rates. This is exactly what the Menlo Labs research team witnessed in a recently analyzed phishing campaign targeting MICARD and American Express users in Japan. The team found that the threat actor in question was sending potential targets spoofed emails with links to impersonated webpages, using geofencing to ensure that only Japanese IPs could access its websites.”

Title: Malicious Chrome Extensions Plague 1.4M Users
Date Published: August 30, 2022

https://www.darkreading.com/vulnerabilities-threats/1-4m-users-running-malicious-chrome-extensions

Excerpt: “Researchers have flagged five separate malicious Chrome extensions masquerading as Netflix viewers and more. They track user activity and insert code into any e-commerce sites they visit, letting cyber attackers steal payments through the retailer affiliate programs. McAfee Labs analysts found the Chrome extensions being marketed to let users watch Netflix in groups, automatically clip coupons, and take screenshots. All together, the apps have been downloaded 1.4 million times, they found. “Browser extensions are the Wild Wild West of the Internet,” says Uriel Maimon, head of emerging products at Human Security. “There are approximately 200,000 extensions available on the Chrome store alone. What most users don’t realize is that extensions have full access to all of the data on a page including your email, banking information and credit-card numbers. While many extensions provide value-added services, there’s little to stop them from collecting and abusing user data.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...