BTCWare – Ransomware

Threat Meter

 

A new version of BTCWare Ransomware was discovered by Michael Gillespie. BTCWare is a family of ransomware the takes advantage of victims by hacking into poorly protected Remote Desktop services.

How do you protect yourself?

This version of ransomware targets open Remote Desktop services, so it’s important that you do not connect directly to the internet. You should be connecting to the internet via a secure VPN before using Remote Desktop services.

CVE-2018-0886

 

Threat Meter

 

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

As an example of how an attacker would exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

How do you protect yourself?

Microsoft states this vulnerability should be fully patched by:
May 8, 2018.

Jolera will ensure this is patched in your next patching cycle.

Operation HaoBao

 

Threat Meter

 

McAfee Advanced Threat Research (ATR) analysts have discovered an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus, that uses sophisticated malware with long-term impact.

This new campaign, dubbed HaoBao, resumes Lazarus’ previous phishing emails, posed as employee recruitment, but now targets Bitcoin users and global financial organizations. When victims open malicious documents attached to the emails, the malware scans for Bitcoin activity and then establishes an implant for long-term data-gathering.

On January 15th , McAfee ATR discovered a malicious document masquerading as a job recruitment for a Business Development Executive located in Hong Kong for a large multi-national bank.

How do you protect yourself?

Seeing new job opportunities for unsuspecting employees can be tempting for them. Alert employees to new scams such as the updated Lazarus campaign ‘ HaoBao’ to increase awareness and vigilance. Having software that scans all incoming attachments will help protect your organizations users as well.