Attacks

Companies are highly encouraged to patch as soon as their change management procedures allow. It’s possible that threat actors using this exploit currently will ramp up deployment in an effort to compromise devices before they get patched. Additionally, analysts should look for suspicious processes and activity stemming from Safari, pending further information from Apple about the specifics of the exploit, as far back as their logging allows. https://www.bleepingcomputer.com/news/security/apple-fixes-new-webkit-zero-day-exploited-to-hack-iphones-macs/

This group is clearly financially motivated, using the ransomware as one way to target victims and encrypt files for extortion, in addition to exploiting the chance to steal cryptocurrency. Talos analysts assess that this particular ransomware isn’t very sophisticated as it will target system files and applications too, which are commonly avoided to prevent the system from becoming unstable. A victim will know they are infected because their wallpaper will change to a Mortal Kombat…

Although Beep’s functionality is currently limited, it’s clear that the developers have high ambitions for a variety of functionality. While the evasion tactics used in Beep are plentiful, they generally center around avoiding anti-virus, and being difficult to reverse engineer. Behavioral analysis can still provide great value in detecting threats such as this. It’s important to have a defense-in-depth program which includes proactive threat hunting of post compromise activities in order to combat emerging threats…

The full scope of this attack is not yet known, but it is always important to be reminded of some ways to protect against ransomware in the future. Some measures that can be used to reduce the impact or likelihood of an attack include: • Regularly back up data, air gap, and password-protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.•…

The previously unknown DarkBit gang appeared only this week, and its location is unknown. However, the attackers gave some indicators about their intentions in the ransom note and on their Telegram and Twitter channels. At first look, DarkBit’s operations appear to be hacktivism because of their opposition to “racism, fascism, and apartheid,” but the group’s goals are more complex. Hackers seek to hold Israel accountable for “war crimes against humanity” and “firing high-skilled experts” while…

The company has added more network security measures in reaction to this event, including changing all company passwords and notifying law enforcement. The organization’s routine activities have been paused for all affected systems while an assessment of potentially impacted documents and procedures is ongoing. The recipients of the breach notices are being offered a one-year free-of-charge identity monitoring service through Kroll to help them prevent identity theft that may occur as a result of the…

It is possible that this attack was the result of Info-stealing malware. According to cybersecurity firm Kela, a large amount of data being shared on the Darknet was advertised as login credentials for Indigo that were stolen by info-stealing malware. Such malware looks for sensitive information on the infected system and also collects details about the machine. Threat actors behind the malware can then use stolen information such as credentials to carry out cyberattacks. It…

All organizations should provide phishing awareness and defense training to all of their employees/users. A simple defense technique would be adopting a zero-trust attitude toward outside communication. For email, the zero-trust model means not allowing the delivery of messages unless they originate from a sender who can be authenticated and who has been granted explicit permission to deliver messages to that inbox. https://www.bleepingcomputer.com/news/security/hackers-breach-reddit-to-steal-source-code-and-internal-data/