Daily NCSC-FI news followup 2021-10-18

“Killware”: Is it just as bad as it sounds?

blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/ On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds.”

BlackMatter Ransomware

us-cert.cisa.gov/ncas/alerts/aa21-291a First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80, 000 to $15, 000, 000 in Bitcoin and Monero.

Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache

blog.malwarebytes.com/malwarebytes-news/2021/10/multiple-vulnerabilities-in-popular-wordpress-plugin-wp-fastest-cache/ Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.

BlackByte ransomware decryptor released

www.zdnet.com/article/blackbyte-ransomware-decryptor-released/ Anew form of malware found in a recent IT incident appears to have been inspired by other strains known to reap their operators’ huge financial rewards — but is likely the work of amateurs. Dubbed BlackByte and discovered by Trustwave, the Windows-based ransomware is considered “odd” due to some of the design and function decisions made by its creators.

State-backed hackers breach telcos with custom malware

www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/ A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. The goal of the group tracked as Harvester by researchers at Symantec who spotted it is to collect intelligence in highly targeted espionage campaigns focusing on IT, telecom, and government entities

Microsoft asks admins to patch PowerShell to fix WDAC bypass

www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/ Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.

Sinclair TV stations crippled by weekend ransomware attack

www.bleepingcomputer.com/news/security/sinclair-tv-stations-crippled-by-weekend-ransomware-attack/ TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer a ransomware attack caused the downtime. Lisäksi:

www.businesswire.com/news/home/20211018005490/en/Sinclair-Broadcast-Group-Provides-Information-On-Cybersecurity-Incident – – Sinclair Broadcast Group Provides Information On Cybersecurity Incident. Lisäksi:


EU National Telecom Authorities analyse Security Supervision and Latest Security Threat

www.enisa.europa.eu/news/enisa-news/eu-national-telecom-authorities-analyse-security-supervision-latest-security-threats The EU National Telecom Authorities met in Athens, Greece for the 35th meeting of the ECASEC group. The European Union Agency for Cybersecurity also hosted the 1st Telecom Security Forum on this occasion.

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

threatpost.com/tiktok-gamer-targets-among-us-steam/175546/ The latest TikTok attacks are getting served to gamers on the platform disguised as “free” or “hacked” versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs.

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

thehackernews.com/2021/10/revil-ransomware-gang-goes-underground.html REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. Lisäksi:

www.bleepingcomputer.com/news/security/revil-ransomware-shuts-down-again-after-tor-sites-were-hijacked/. Lisäksi:


Hacker steals government ID database for Argentina’s entire population

therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/ A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.

In Cyberwar, Attribution Can Be Impossible and That’s OK

www.darkreading.com/analytics/in-cyberwar-attribution-can-be-impossible—and-that-s-okay For most of human history, battle lines have been clearly demarcated. Physical borders, trenches, and satellite imagery have shown us launch sites, front lines, and enemy targets. Technology has allowed opponents to trace every inch of a weapon’s path. Historically, we have been able to determine the source of a strike and know who we’re up against with clarity.

You might be interested in …

Daily NCSC-FI news followup 2020-03-09

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn. threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/ Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.. see also www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys ENTSO-E: cyber intrusion on its office […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Daily NCSC-FI news followup 2021-08-16

Indra – Hackers Behind Recent Attacks on Iran research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/ These days, when we think of nation-state level damage, we immediately think of the nation-state level actor that must be responsible for it. While most attacks against a nation’s sensitive networks are indeed the work of other governments, the truth is that there is no magic […]

Read More