Daily NCSC-FI news followup 2020-05-15

QNodeService: Node.js Trojan Spread via Covid-19 Lure

blog.trendmicro.com/trendlabs-security-intelligence/qnodeservice-node-js-trojan-spread-via-covid-19-lure/ We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan is dubbed as QNodeService.

Tropic Troopers Back: USBferry Attack Targets Air-gapped Environments

blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/ We found that Tropic Troopers latest activities center on targeting Taiwanese and the Philippine militarys physically isolated networks through a USBferry attack (the name derived from a sample found in a related research). We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that . performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information.

RATicate: an attackers waves of information-stealing malware

news.sophos.com/en-us/2020/05/14/raticate/ Weve identified five separate campaigns between November, 2019 and January, 2020 in which the payloads used similar packing code and pointed to the same command and control (C&C) infrastructure. The campaigns targeted industrial companies in Europe, the Middle East, and the Republic of Korea. This leads us to believe that they are all the work of the same actorsa group weve dubbed RATicate.

Hashes in PowerShell

isc.sans.edu/forums/diary/Hashes+in+PowerShell/26128/ As a follow up to yesterday’s how-to, I thought hashing might a thing to cover. We use hashes all the time, but it’s annoying that md5sum, sha1sum and sha256sum aren’t part of the windows command set – or are they?

THE STATE OF RANSOMWARE 2020 [PDF]

www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf 94% of organizations whose data was encrypted got it back. Paying the ransom doubles the cost of dealing with a ransomware attack

You might be interested in …

Daily NCSC-FI news followup 2020-09-13

BLINDSIDE – A Speculative Execution Attack www.vusec.net/projects/blindside/ BlindSide allows attackers to hack blind in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory […]

Read More

Daily NCSC-FI news followup 2020-01-22

The Guardian: Amazonin perustajan puhelimeen lähetetty hakkerointitiedosto näyttää tulleen Saudi-Arabian kruununprinssiltä yle.fi/uutiset/3-11169416 Verkkokauppa Amazonin perustajan Jeff Bezosin puhelimen hakkerointiin käytetty tiedosto vaikuttaa tulleen Saudi-Arabian kruununprinssin Mohammed bin Salmanin henkilökohtaiselta tililtä, brittiläinen The Guardian -sanomalehti kirjoittaa. The Guardian artikkeli: www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince Glenn Greenwald Charged With Cybercrimes in Brazil www.nytimes.com/2020/01/21/world/americas/glenn-greenwald-brazil-cybercrimes.html Federal prosecutors in Brazil on Tuesday charged the […]

Read More

Daily NCSC-FI news followup 2020-03-23

Protecting health care www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.