Threats of the Week – December 16, 2019

Threats of the Week – December 16, 2019

Anchor Malware

In a report, we learn of a new connection between a state-sponsored hacking group (North Korea’s Lazarus Group) and a mundane malware operation (TrickBot).

According to the security researchers, the Lazarus Group has recently become a customer of the TrickBot gang, from whom they rent access to already infected systems, along with a new type of attack framework that researchers are calling Anchor.

Researchers describe Anchor as “a collection of tools” combined together into a new malware strain.

The Anchor malware strain is provided as a TrickBot module.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Anchor malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-16449

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Source: Adobe

How do you protect yourself?

Update Adobe Acrobat and Reader to the latest available version.

Snatch Ransomware

The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims’ files without being detected.

The trick relies on rebooting an infected computer into Safe Mode, and running the ransomware’s file encryption process from there.

The reason for this step is that most antivirus software does not start in Windows Safe Mode, a Windows state meant for debugging and recovering a corrupt operating system.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Snatch ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – December 16, 2019

Threats of the Week – December 9, 2019

ZeroCleare Malware

Security researchers from IBM said today they identified a new strain of destructive data-wiping malware that was developed by Iranian state-sponsored hackers and deployed in cyber-attacks against energy companies active in the Middle East.

But unlike many previous cyber-attacks, which are usually carried out by one single group, IBM said this malware and the attacks behind appear to be the efforts of a collaboration between two of Iran’s top-tier government-backed hacking units.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against ZeroCleare Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-17008

Mozilla has released new security patches for Firefox.

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.

Source: Mozilla

How do you protect yourself?

Update to Firefox version 71.

PyXie Trojan

A newly discovered hacking campaign by a ‘sophisticated cyber-criminal operation’ is targeting healthcare and education organisations with custom-built, Python-based trojan malware that gives attackers almost control of Windows systems with the ability to monitor actions and steal sensitive data.

Malicious functions of the remote access trojan, dubbed PyXie RAT, include keylogging, credential harvesting, recording video, cookie theft, the ability to perform man-in-the-middle attacks and the capability to deploy other forms of malware onto infected systems.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PyXie Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – December 16, 2019

Threats of the Week – December 2, 2019

Dexphot Malware

Microsoft security engineers detailed a new malware strain that has been infecting Windows computers since October 2018 to hijack their resources to mine cryptocurrency and generate revenue for the attackers.

Named Dexphot, this malware reached its peak in mid-June this year, when its botnet reached almost 80,000 infected computers.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Dexphot Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-19088

GitLab has released new security updates for GitLab Community Edition (CE) and Enterprise Edition (EE).

Improper parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.

Source: GitLab

How do you protect yourself?

Update to the new versions (12.5.2, 12.4.5, 12.3.8) once they are available.

DeathRansom Ransomware

A new ransomware called DeathRansom began with a rocky start, but has now resolved it’s issues and has begun to infect victims and encrypt their data.

When DeathRansom was first being distributed, it pretended to encrypt files, but researchers and users found that they could just remove the appended .wctc extension and the files would become usable again. Starting around November 20th, though, something changed.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against DeathRansom Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – December 16, 2019

Threats of the Week – November 25, 2019

ACBackdoor Malware

Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.

The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against ACBackdoor Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-13582

An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.

Source: CVE

How do you protect yourself?

Update to Marvell’s latest firmware and driver to get the most recent security enhancements.

AnteFrigus Ransomware

A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives.

The RIG exploit kit uses malicious scripts hosted on attacker-owned or compromised sites that exploit vulnerabilities in Internet Explorer. If these vulnerabilities can be exploited, it will then install a payload in the visitor’s machine without their knowledge.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against AnteFrigus Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – December 16, 2019

Threats of the Week – November 18, 2019

Glimpse Malware

Security researchers have detailed how the Glimpse malware uses a text mode as an alternative DNS resource record type.

According to a blog post by security researchers, the malware is written in PowerShell and associated with APT34. It is executed by Visual Basic script, yet how the script is initiated remains unclear, researchers said.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against Glimpse Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-8248

Adobe has released updates for Adobe Illustrator CC for windows and macOS. This update resolves critical and important vulnerabilities which could lead to Remote Code execution in the context of current user.

Source: Adobe

How do you protect yourself?

Update Android to the latest version.

PureLocker Ransomware

A newly discovered piece of ransomware written in PureBasic has been linked to a Malware-as-a-Service (MaaS) provider that has been used by Cobalt Gang, FIN6, and other threat groups.

Dubbed PureLocker, the malware comes with evasion methods and features that have allowed it to remain undetected for months. The use of PureBasic, a rather uncommon programming language, also makes porting between Windows, Linux, and macOS easy.

Source: SecurityWeek

How do you protect yourself?

Proper security measures must be in place to defend against PureLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – December 16, 2019

Threats of the Week – November 11, 2019

Emotet Trojan

Emotet, a Banking Trojan turned devastating modular threat, has returned with upgraded functions in a new wave of attacks.

Emotet has now begun sharing a number of obfuscation techniques already utilized by Trickbot. A new export function has also been found in executable binary functions — used by both malware variants — and this feature resolves API names through an export list of loaded DLLs. The API call resolution is present in both Emotet and Trickbot packers.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Emotet Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-2204

Android has released its monthly security patches for several core Android components.

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Update Android to the latest version.

MegaCortex Ransomware

A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user’s password and threatens to publish the victim’s files if they do not pay the ransom.

For those not familiar with MegaCortex, it is a targeted ransomware installed through network access provided by trojans such as Emotet. Once the MegaCortex actors gain access, they then push the ransomware out to machines on the network via an active directory controller or post-exploitation kits.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against MegaCortex Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.