Quick Links
Welcome to our first monthly news roundup blog! Our mission at FRSecure is to fix the broken information security, and sharing knowledge plays a big part in that. With this in mind, we’ve gathered articles from publications across the information security industry and organized them here by category to give you a centralized summary of all the latest news.
Happy reading, and don’t forget to share this month’s roundup with your contacts!
Threats and Vulnerabilities
Qakbot Resurfaces With New Playbook
https://blog.cyble.com/2022/07/21/qakbot-resurfaces-with-new-playbook/
During a routine threat-hunting exercise, Cyble Research Labs came across a Twitter post wherein a researcher shared new IoCs related to the infamous Qakbot malware. For initial infection, Qakbot uses an email mass spamming campaign. The Qakbot Threat Actors (TAs) have continuously evolved their infection techniques ever since it was initially identified in the wild.
Russian Hackers Using Dropbox and Google Drive to Drop Malicious Payloads
https://thehackernews.com/2022/07/russian-hackers-using-dropbox-and.html
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems.
These are the Biggest Cybersecurity Threats. Make Sure You Aren’t Ignoring Them
Ransomware, zero days, and state-sponsored hacking are reported on frequently, but there are more than just these few concerns to be aware of. Remote work, simple cybersecurity updates, business email compromise, and ignoring the “basics” of cybersecurity are all prominent threats to organizations.
HTML Attachments Found to be the Most Malicious Type of File
https://www.techrepublic.com/article/html-attachments-found-to-be-the-most-malicious-type-of-file/
According to findings from Barracuda Networks, HTML attachments are being employed by adversaries the most when it comes to cyberattacks and 21% of all HTML attachments scanned by the company were found to be malicious. Barracuda found that hackers have been embedding malicious HTML files into emails that users receive regularly, such as a link to a report. Through this method, cybercriminals are no longer required to put links in the body of an email. The HTML method is much trickier than previous attempts, and also can circumvent anti-spam and anti-virus policies at a greater rate.
10,000 Organizations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organizations but was also capable of circumventing multi-factor authentication (MFA) defenses.
Ransomware, Hacking Groups Move from Cobalt Strike to Brute Ratel
Hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel (BRC4) post-exploitation toolkit to evade detection by EDR and antivirus solutions. BRC4 is designed to evade detection by EDR and antivirus solutions, with almost all security software not detecting it as malicious when first spotted in the wild.
Password Recovery Tool Infects Industrial Systems With Sality Malware
A threat actor is infecting industrial control systems (ICS) to create a botnet by claiming to be a password cracking and recovery software for programmable logic controllers (PLCs). Additionally, the software is advertised on a variety of social media platforms.
‘Callback’ Phishing Campaign Impersonates Security Firms
https://threatpost.com/callback-phishing-security-firms/180182/
A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download remote administration tools (RATs) and, eventually, malware.
Fake Google Software Updates Spread New Ransomware
The latest example of a fake software update is “HavanaCrypt,” a new ransomware tool that researchers from Trend Micro recently discovered in the wild, disguised as a Google Software Update application.
Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware
https://thehackernews.com/2022/07/researchers-uncover-new-variants-of.html
Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. What makes the adware notable is that it’s fashioned as a browser extension as opposed to a Windows executable (.exe) or Dynamic Link Library (.dll).
Updates and Patches
Windows 11 Now Blocks RDP Brute-force Attacks by Default
Recent Windows 11 builds come with the “Account Lockout Policy” policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes.
*Update* Microsoft Resumes Blocking Office VBA Macros by Default After ‘Temporary Pause’
https://thehackernews.com/2022/07/microsoft-resumes-blocking-office-vba.html
Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change.
Google Patches Actively Exploited Chrome Bug
https://threatpost.com/actively-exploited-chrome-bug/180118/
Chrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in separate blog posts published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.
A Step in the Wrong Direction: Microsoft Reverse Block on Office Macros
https://techmonitor.ai/technology/cybersecurity/microsoft-macros-office-365
Microsoft has reversed a decision, made in February, to put a default block on visual basic macros embedded in downloaded Office documents.
Stories
North Korean Hackers Target Healthcare Sector With Maui Ransomware, FBI Warns
https://techmonitor.ai/technology/cybersecurity/north-korea-hackers-maui-ransomware
The North Korean state-sponsored hackers are using the Maui ransomware to encrypt servers used by healthcare services. They are targeting information including electronic health records, diagnostic services, and imaging services.
Hacking & Other Healthcare Breaches Have Exposed Data of 20M Patients in Early 2022
An analysis by Modern Healthcare uncovered 338 breaches, reported to the Department of Health and Human Services Office for Civil Rights through June. These breaches have exposed the healthcare data of 20 million U.S patients in the first half of 2022.
Elastix VoIP Systems Hacked in Massive Campaign to Install PHP Web Shells
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples discovered over a period of three months.
The Growth in Targeted, Sophisticated Cyberattacks Troubles Top FBI Cyber Official
https://www.cyberscoop.com/fbi-worries-about-future-cyber-threats/
The FBI is deeply worried that cybercriminals and nation-state adversaries are developing more precision in their attacks and taking advantage of innovations in artificial intelligence that will compound the digital threat in the years to come, FBI Assistant Director for Cyber Bryan Vorndran said.
SMBs are Behind in Adopting Multi-Factor Authentication
https://www.techrepublic.com/article/smbs-behind-adopting-mfa/
The Cyber Readiness Institute surveyed 1,403 small business owners across the U.S., the U.K., New Zealand, Japan, India, Germany, Canada, and Australia. Among the respondents, 55% admitted that they’re not very aware of MFA and its security benefits, while 54% said they haven’t adopted MFA for their business.
Chinese Police Data Leak Exposes 1 Billion Records
https://www.secureworld.io/industry-news/chinese-police-data-leak
China finds itself in the middle of one of the largest data breaches of all time after a government developer wrote a blog post on a popular forum that accidentally included the credentials to a police database.
Quantum Ransomware Attack Affects 657 Healthcare Orgs
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations.
Opinion
The Enemy of Vulnerability Management? Unrealistic Expectations
https://www.helpnetsecurity.com/2022/07/13/vulnerability-management-expectations/
The main enemy of vulnerability management is not attackers, but unrealistic expectations. Remediating vulnerabilities takes more than enacting a policy. It also requires skills and tools, and there aren’t a lot of options outside of doing it on the job to learn those skills.
Ransomware is Hitting One Sector Particularly Hard, and the Impact is Felt by Everyone
According to analysis by cybersecurity researchers at Sophos, education is facing an increased challenge from the threat of ransomware as cyber criminals go after what they perceive to be an easy but potentially lucrative target.
Conventional Cybersecurity Approaches are Falling Short
https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/
According to a study by Skybox Security, 27% of all executives and 40% of CSOs say their organizations are not well prepared for today’s rapidly shifting threat landscape.
The Industrial Internet of Things is Still a Big Mess When it Comes to Security
According to analysis by cybersecurity company Barracuda, 94% of industrial organizations have experienced a “security incident” during the past 12 months. These include Distributed Denial of Service (DDoS) attacks, unauthorized remote access to networks, compromised supply chains, data theft, ransomware, and more.
Cybersecurity is a Constant Fire Drill—That’s Not Just Bad, It’s Dangerous
Security professionals report that they are challenged because the cybersecurity team at their organization spends most of its time addressing high priority/emergency issues and not enough time on strategy and process improvement.
Cybercrime Escalates as Barriers to Entry Crumble
https://www.csoonline.com/article/3668033/cybercrime-escalates-as-barriers-to-entry-crumble.html
According to HP Wolf Security, cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing.
60% of IT Leaders are not Confident About Their Secure Cloud Access
https://www.helpnetsecurity.com/2022/07/21/secure-cloud-access-confidence/
60% of IT and security leaders, from a worldwide survey of nearly 1,500 IT decision makers, are not confident in their organization’s ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute.
Informational
Patch Management vs. Vulnerability Management
Most vulnerability management strategies are not mature, with 39% of cyberattack victims saying an available patch would have prevented a breach and 37% of cyberattack victims saying they never scan their networks and systems to see what needs a patch, according to a report from the Ponemon Institute.
New MN student data privacy laws and regulations for 2022-2023
https://educationframework.com/resources/student-privacy-laws/state-laws/Minnesota-HF-2353
The new Minnesota student data privacy law, H.F. 2353, a bill for an act relating to data practices; modifying certain education data provisions; and classifying education support service data, define new provisions for technology vendors and Minnesota district leaders, alike.
MITRE Engage: A Framework for Deception
https://www.csoonline.com/article/3666054/mitre-engage-a-framework-for-deception.html
In early 2022, MITRE launched MITRE Engage, a framework that cyber defenders can use for “communicating and planning cyber adversary engagement, deception, and denial activities. Engage maps to the MITRE ATT&CK framework, which documents threat tactics and techniques that have been observed from millions of attacks on enterprise networks. Engage describes how defenders can devise engagement opportunities—basically how to interact with bad actors in ways that the defenders themselves design and control for the purpose of learning.
Engage can be found here: https://engage.mitre.org/
Resources
Tech Companies Pledge Free Cybersecurity Training During White House Summit
https://www.techrepublic.com/article/companies-pledge-free-cybersecurity-training/
A number of companies, including (ISC)², Fortinet, and Cisco, pledged to do their parts to help assuage the shortage of cybersecurity professionals during the White House National Cyber Workforce and Education Summit.
What’s Your Ransomware Risk?
https://www.gcn.com/cybersecurity/2022/07/cis-tool-analyzes-ransomware-risk/374598/
A new tool from the Center for Internet Security (CIS) helps organizations determine the likelihood that they will face a ransomware attack in the next 12 months, the financial effect it would have, and what steps they can take to be better prepared.
That’s all for this month’s news roundup! Be sure to follow us on all our social channels to be notified when the next one is ready to go. As always, if you need assistance with any of the topics covered here, don’t hesitate to reach out to us. We’re always happy to help where we can.