QNAP NAS devices hit in surge of ech0raix ransomware attacks
www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/ Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. The jump in the number of attacks is confirmed by the ID ransomware service, where submissions started to increase on December 19 and subsided towards December 26.
More than 1, 200 phishing toolkits capable of intercepting 2FA detected in the wild
therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/ A team of academics said it found more than 1, 200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. To counter this new trend in account security protections, since at least 2017, threat actors started adopting new tools that would allow them to bypass 2FA by stealing a user’s authentication cookies, which are files created inside a web browser once the user has logged into an account after the 2FA process was completed.
Shutterfly services disrupted by Conti ransomware attack
www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/ Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data. On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang, who claims to have encrypted over 4, 000 devices and 120 VMware ESXi servers. While BleepingComputer has not seen the negotiations for the attack, we are told that they are underway in progress and that the ransomware gang is demanding millions of dollars as a ransom.
Global Cyberattacks from Nation-State Actors Posing Greater Threats
threatpost.com/global-cyberattacks-nation-state-threats/177253/ Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.
Ransomware Evolution: From WannaCry to DarkSide
medium.com/technology-hits/ransomware-evolution-from-wannacry-to-darkside-1dab07c4d890 2021 is coming to an end. And for cybersecurity, this is a busy year (which wasn’t?). Ransomware attacks are steep upward, and the gradient isn’t softening its progression. Individuals and organizations continue to fall victim to this age-old cybercrime and it’s far from a new phenomenon. If you are not new to the industry, you should remember that the last peak of attention on this issue was in 2017, when the infamous WannaCry ransomware devastated companies. However, comparing what we are facing this year with those in 2017, we saw a giant leap in the business model and the malware themselves.
Japan and US expected to boost cooperation on ransomware threats
therecord.media/japan-and-us-expected-to-boost-cooperation-on-ransomware-threats/ Japanese government officials said the US and Japan are planning to agree on ransomware collaboration measures at an upcoming security summit, according to reports from Japanese media. According to reports, cybersecurity will also be on the agendaalthough there are few details about the ransomware agreements, it is expected to involve greater information sharing, collaboration on identifying hacker groups, and enhancing private-sector resilience against attacks.
Ransomware Spotlight: REvil
www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil Now that the reign of REvil has come to an end, it’s time to regroup and strategize. What can organizations learn from REvil’s tactics? We review the rise, downfall, and future of its operations using insights into the group’s arsenal and inner workings. REvil, also known as Sodinokibi, had risen to notoriety for its high-profile attacks since its discovery in 2019. After being among the most active ransomware variants in 2021, it was officially shut down after garnering the attention of law enforcement agencies due to its attacks on critical industries that resulted in supply shortages and delays. The crackdown led to the arrest of two of its associates and its TOR network being taken offline. However, organizations should not let their guard down. We foresee the group reemerging under a new moniker with the REvil name now tarnished and unlikely to entice affiliates.
Mitä kyberanalyytikko tekee kyberhyökkäyksen aikana? Osallistu avoimeen kyberharjoitukseen ja kokeile!
www.epressi.com/tiedotteet/tietoturva/mita-kyberanalyytikko-tekee-kyberhyokkayksen-aikana-osallistu-avoimeen-kyberharjoitukseen-ja-kokeile.html Jyväskylän ammattikorkeakoulun (Jamk) Euroopan laajuinen Flagship 2 – -kyberharjoitus järjestetään myös avoimena harjoituksena, jossa kybertuvallisuudesta kiinnostuneet pääsevät kyberanalyytikoksi keskelle simuloitua kyberhyökkäystä. Jyväskylän ammattikorkeakoulu järjestää tammikuussa kyberturvallisuusharjoituksen, johon odotetaan osallistujia 22 Euroopan maasta. Osallistujien tehtävänä on löytää merkkejä uhkatoiminnasta ja teknisesti tutkia tapahtunutta kyberhyökkäystä, sekä pohtia sen vaikutusta organisaation ydintoimintaan. Harjoitukseen voivat osallistua ensimmäistä kertaa myös hanketoiminnan ulkopuoliset henkilöt.
Asset Visibility Maps Relationships and Communication Pathways in OT Environments
www.dragos.com/blog/industry-news/asset-visibility-maps-relationships-and-communication-pathways-in-ot-environments/ Experienced cybersecurity professionals will tell you that you can’t secure the systems you don’t know about, which is why asset visibility is so crucial no matter what kind of technology infrastructure you’re defending. Asset visibility in industrial control system (ICS) environments provides industrial asset owners and operators and security staff with the knowledge and insight necessary to build a mature operational technology (OT) cybersecurity program. When organizations can get accurate and timely views into the assets running on their industrial networks, the benefits are cascading.
In 2022, security will be Linux and open-source developers job number one
www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/ Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
isc.sans.edu/diary/rss/28180 Microsoft Build Engine is the platform for building applications on Windows, mainly used in environments where Visual Studio is not installed. Also known as MSBuild, the engine provides an XML schema for a project file that controls how the build platform processes and builds software. The project file element named Tasks’ designates independent executable components to run during the project building. Tasks are meant to perform build operations but are being abused by attackers to run malicious code under the MSBuild disguise. This is the second malicious campaign I got using MSBuild in less than a week. Usually, it starts with an RDP access using a valid account, spreads over the network via remote Windows Services (SCM), and pushes Cobalt Strike beacon to corporate hosts abusing the MSBuild task feature as described in today’s diary.