Daily NCSC-FI news followup 2021-01-09

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel

www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Incident response investigations dont always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an incident involves taking a dive into whatever type of data we are presented with, learning about it, and developing an efficient way to analyze the important evidence.

Hacker used ransomware to lock victims in their IoT chastity belt

www.bleepingcomputer.com/news/security/hacker-used-ransomware-to-lock-victims-in-their-iot-chastity-belt/ The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes. Users of the Bluetooth-controlled Qiui Cellmate chastity device were targets of an attack with this malware last year after security researchers found a vulnerability in the toy that allowed locking it remotely.

Maldoc Strings Analysis

isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ As I announced in my diary entry “Strings 2021”, I will write some diary entries following a simpler method of malware analysis, namely looking for strings inside malicious files using the strings command. Of course, this simple method will not work for most malware samples, but I still see enough samples for which this method will work. Like this recent malicious Word document. When you analyze this sample with oledump.py, you will find an obfuscated PowerShell command inside the content of the Word document.

Some ransomware gangs are going after top execs to pressure companies into paying

www.zdnet.com/article/some-ransomware-gangs-are-going-after-top-execs-to-pressure-companies-into-paying/ A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain “juicy” information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier this week during a phone call with a company that paid a multi-million dollar ransom to the Clop ransomware gang.

Russias SolarWinds Attack and Software Security

www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses ­primarily through a malicious update of the SolarWinds network management software ­may have slipped under most peoples radar during the holiday season, but its implications are stunning.

You might be interested in …

Daily NCSC-FI news followup 2021-02-26

Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance www.bleepingcomputer.com/news/security/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/ A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data. Ryuk ransomware now self-spreads to other Windows LAN devices www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/ “Through the use of scheduled tasks, the […]

Read More

Daily NCSC-FI news followup 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations – Alert (AA20-352A) us-cert.cisa.gov/ncas/alerts/aa20-352a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor […]

Read More

Daily NCSC-FI news followup 2020-08-14

NSA and FBI Cybersecurity Advisory – Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.