There’s a growing concern over what is thought to be a regrouping of the GandCrab ransomware developers to distribute what is being called “REvil,” “Sodin,” and “Sodinokibi” ransomware. The NCSC published a useful DNS hijacking and mitigation best practices/advisory. Also, articles about some new malware, ransomware and phishing attack vectors and types.
For more articles, check out our #onpatrol4malware blog.
Phishers Target Office 365 Admins with Fake Admin Alerts
Phishers targeting admins are becoming more popular due to the greater range of attacks than can be conducted through an admin account. Read more.
Anti-Debugging Techniques from a Complex Visual Basic Packer
“Hawkeye Keylogger” is an info-stealing malware for sale in the dark-web. Anyone can easily subscribe to the malware service by paying a fee. Read more.
This Phishing Attacker Takes American Express—and Victims’ Credentials
Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Read more.
Is ‘REvil’ the New GandCrab Ransomware?
A growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” Read more.
Ongoing DNS hijacking and mitigation advice
This Advisory covers some of the risks for organisations around DNS hijacking activity and gives advice on ways the risks can be mitigated. Read more.
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
We at Intezer have detected and temporarily DoS’d the operation of a ransomware targeting Linux-based file storage systems (NAS servers). Read more.
The 2019 Duo Trusted Access Report: Zero-Trust Security for the Workforce
How is zero-trust security for the workforce making its way into the enterprise – and how are organizations using the key principles of zero trust today? Read more.
How to manage Microsoft’s BitLocker encryption feature
BitLocker is designed to be silent, so much so that you might forget which machines have it enabled and which ones do not. Read more.
Malware-Loader ‘Brushaloader’ Grows More Menacing
The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. Read more.
Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways
The Cofense Phishing Defense Center has observed a wave of phishing attacks that utilize the legitimate file hosting site WeTransfer to deliver malicious URLs to bypass email gateways. Read more.
Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’
These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks. Read more.
NASty: QNAP Warns Users About ‘eCh0raix’ Ransomware
Source: tom’s HARDWARE
QNAP warned its NAS customers to make sure they’re using strong passwords [and] have the latest version of its QTS firmware. Read more.
Trinity Miner using open ADB port to target IoT devices
Source: Quick Heal Blog
All these IoT devices are powered by ARM-based processor and run on android and unix operating system. These IoT devices include mobiles, smart T.V., routers, IP cameras and DVR. Read more.