Attacks

The main methods that Zerobot uses to infect a system, via brute-force or vulnerability exploitation, can easily be prevented by following a few recommended steps. The first recommendation would be to make sure all devices on a network are up-to-date on their patches, particularly any Internet-facing devices. The threat actors rely on devices remaining unpatched to infect systems and grow their botnet, so by making sure all devices are up-to-date and not vulnerable, an organization…

Read More

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon…

Read More

Companies looking to defend against ransomware should consider adopting a defense-in-depth strategy. Network segmentation, backups, regular patching, and vulnerability assessments are just a few of the measures that should be taken when attempting to lessen the likelihood of an attack. Promoting healthy cyber habits within a company is also crucial. https://www.infosecurity-magazine.com/news/ransomware-attack-guardian

Read More

The primary attack vector has been infected USB drives which download a malicious MSI installer file that deploys the primary payload. Either msiexec.exe or wmic.exe are utilized as trusted installers. Some UBS drives have a configured autorun.inf file that will automatically run the payload, whereas others rely on social engineering to invite a targeted user to click on an associated .LNK file. The payload loader now deploys a decoy adware named BrowserAssistant in order to…

Read More

These updates are not delivered through Windows Updates and will not install automatically on impacted servers. To get the standalone package, admins must search for the KB number in the Microsoft Update Catalog, download it, and install it manually. They can also be manually imported into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Microsoft also provides instructions on importing updates into WSUS and Configuration Manager from the Microsoft Update Catalog. “You do…

Read More

Phishing has continued to be one of the most common means of initial access for threat actors of all skill levels. In this instance, the actor was likely trying to steal credentials and information concerning the DELTA program in order to assist with counterintelligence. Protecting against phishing campaigns is often difficult as it takes just one user to fall victim to the campaign to be successful – it is even more difficult with advanced phishing…

Read More

Researchers verified a small sample of the data and reached out to McGraw Hill, who did not initially respond. Finally, the company announced on September 21st that they had removed all sensitive data out of the public buckets. Due to the growing regulatory burden, it is highly recommended that organizations store sensitive customers data securely, and utilize third party cybersecurity services to verify the security of such data in order to avoid liability, regulatory fines,…

Read More

When developing tools, it can be easy to simply fall back on repositories to source libraries and packages to quickly fill gaps and reduce workload. However, especially when interfacing with commercial software, it is considered good practice to refer to documentation to identify approved sources for libraries and packages. For example, SentinelOne’s Frequently Asked Questions page reports that their SDK is available “directly from the Management console,” and not from any centralized repository like PyPI.…

Read More

Companies should strive to patch MacOS devices as soon as their change management allows. Exploitation of this vulnerability is not particularly involved, according to Microsoft’s reporting, so malware packaged to use Achilles could surface very soon. Additionally, malware leveraging Achilles would not be prevented by Lockdown Mode, Apple’s optional protection feature for stopping zero-click code execution, since Gatekeeper requires the end user to open the malicious file. https://www.bleepingcomputer.com/news/security/microsoft-finds-macos-bug-that-lets-malware-bypass-security-checks/

Read More