Daily NCSC-FI news followup 2019-07-20

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

threatpost.com/iran-apt34-linkedin-malware/146575/ The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims trust. From there the attackers asked their friends to open malicious documents. APT34, a.k.a. OilRig or Greenbug, specializes in cyber-espionage activity, and is known for attacks targeting a variety of organizations operating in the Middle East, including financial, energy and government entities

Ransomware Attacks Grow Rampant, Paying Still Not a Good Option

www.bleepingcomputer.com/news/security/ransomware-attacks-grow-rampant-paying-still-not-a-good-option/ A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida. File-encrypting malware has grown rampant lately, with the likes of Ryuk, Sodinokibi, or Dharma/Phobos targeting organizations in both the public and private sector. The actors behind these threats do not discriminate between targets but statistics from Coveware, ransomware incident response company, show that public sector victims pay ten times more than private companies. The calculated average for Q2 was $338,700

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/ Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident

Hackers breach FSB contractor, expose Tor deanonymization project and more

www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/ SyTech, the hacked company, was working on research projects for the FSB, Russia’s intelligence service. Hackers have breached SyTech, a contractor for FSB, Russia’s national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency — including one for deanonymizing Tor traffic. The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech’s Active Directory server from where they gained access to the company’s entire IT network, including a JIRA instance

iNSYNQ Cloud Hosting Provider Hit by Ransomware Attack

www.bleepingcomputer.com/news/security/insynq-cloud-hosting-provider-hit-by-ransomware-attack/ Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data. iNSYNQ is an authorized Microsoft, Intuit, and Sage host which provides customers with cloud-based virtual desktops designed to host business applications such as QuickBooks, Sage, Act & Office. “iNSYNQ experienced a ransomware attack on 7/16/19 perpetrated by unknown malicious attackers. The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible,” says a status update published on the company’s support website

In the cooler for the next three years: Hacker of iCloud accounts used by athletes and rappers

www.theregister.co.uk/2019/07/19/hacker_icloud_jailed_thee_years/ A man from the US state of Georgia who pleaded guilty in March to breaking into the Apple iCloud accounts of sports and entertainment figures was sentenced on Thursday to three years and one month in federal prison and ordered to pay almost $700,000 in restitution. Kwamaine Jerell Ford was indicted in April, 2018, at the age of 27, for six counts each of wire fraud, computer fraud, access device fraud, and aggravated identity theft. He pleaded guilty earlier this year to a single count of computer fraud and a single count of aggravated identity theft

Mirai Groups Target Business IoT Devices

www.darkreading.com/mirai-groups-target-business-iot-devices/d/d-id/1335308 More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business. The groups behind Mirai and variants of the Internet of Things (IoT) device infector are increasingly targeting businesses, with nearly one-third of attacks in recent months focusing on devices commonly used inside companies, IBM’s X-Force security research group says

The Strange Case of the Malicious Favicon

blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.html During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of bak.bak index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.