Daily NCSC-FI news followup 2021-10-18

“Killware”: Is it just as bad as it sounds?

blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/ On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds.”

BlackMatter Ransomware

us-cert.cisa.gov/ncas/alerts/aa21-291a First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80, 000 to $15, 000, 000 in Bitcoin and Monero.

Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache

blog.malwarebytes.com/malwarebytes-news/2021/10/multiple-vulnerabilities-in-popular-wordpress-plugin-wp-fastest-cache/ Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.

BlackByte ransomware decryptor released

www.zdnet.com/article/blackbyte-ransomware-decryptor-released/ Anew form of malware found in a recent IT incident appears to have been inspired by other strains known to reap their operators’ huge financial rewards — but is likely the work of amateurs. Dubbed BlackByte and discovered by Trustwave, the Windows-based ransomware is considered “odd” due to some of the design and function decisions made by its creators.

State-backed hackers breach telcos with custom malware

www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/ A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. The goal of the group tracked as Harvester by researchers at Symantec who spotted it is to collect intelligence in highly targeted espionage campaigns focusing on IT, telecom, and government entities

Microsoft asks admins to patch PowerShell to fix WDAC bypass

www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/ Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.

Sinclair TV stations crippled by weekend ransomware attack

www.bleepingcomputer.com/news/security/sinclair-tv-stations-crippled-by-weekend-ransomware-attack/ TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer a ransomware attack caused the downtime. Lisäksi:

www.businesswire.com/news/home/20211018005490/en/Sinclair-Broadcast-Group-Provides-Information-On-Cybersecurity-Incident – – Sinclair Broadcast Group Provides Information On Cybersecurity Incident. Lisäksi:

therecord.media/sinclair-tv-stations-disrupted-across-the-us-in-apparent-ransomware-attack/

EU National Telecom Authorities analyse Security Supervision and Latest Security Threat

www.enisa.europa.eu/news/enisa-news/eu-national-telecom-authorities-analyse-security-supervision-latest-security-threats The EU National Telecom Authorities met in Athens, Greece for the 35th meeting of the ECASEC group. The European Union Agency for Cybersecurity also hosted the 1st Telecom Security Forum on this occasion.

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

threatpost.com/tiktok-gamer-targets-among-us-steam/175546/ The latest TikTok attacks are getting served to gamers on the platform disguised as “free” or “hacked” versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs.

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

thehackernews.com/2021/10/revil-ransomware-gang-goes-underground.html REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. Lisäksi:

www.bleepingcomputer.com/news/security/revil-ransomware-shuts-down-again-after-tor-sites-were-hijacked/. Lisäksi:

therecord.media/revil-gang-shuts-down-for-the-second-time-after-its-tor-servers-were-hacked/

Hacker steals government ID database for Argentina’s entire population

therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/ A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.

In Cyberwar, Attribution Can Be Impossible and That’s OK

www.darkreading.com/analytics/in-cyberwar-attribution-can-be-impossible—and-that-s-okay For most of human history, battle lines have been clearly demarcated. Physical borders, trenches, and satellite imagery have shown us launch sites, front lines, and enemy targets. Technology has allowed opponents to trace every inch of a weapon’s path. Historically, we have been able to determine the source of a strike and know who we’re up against with clarity.

You might be interested in …

[NCSC-FI News] Researchers warn of REvil return after January arrests in Russia

The notorious REvil ransomware group has made yet another reemergence on the cybercrime scene, according to several security researchers tracking attacks The group shut down operations for the second time in October after claiming in a message posted on an underground hacking forum that they lost control over their TOR-based domains. Law enforcement officials from […]

Read More

Daily NCSC-FI news followup 2021-11-26

IKEA email systems hit by ongoing cyberattack www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/ IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients’ […]

Read More

Daily NCSC-FI news followup 2019-11-06

BlueKeep RDP Attacks are Starting Patch CVE-2019-0708 Now www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html Microsoft patched a critical Remote Desktop Services Remote Code Execution Vulnerability this past May, 2019. Identified as CVE-2019-0708, and also known as BlueKeep, this remote code execution vulnerability can be exploited when an unauthenticated attacker connects to a target system using RDP and then sends specially […]

Read More