One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 2103281 |
| Date de publication | 2020-09-22 15:00:00 (vue: 2020-12-15 21:05:33) |
| Titre | Weekly Threat Briefing: Android Malware, APT Groups, Election Apps, Ransomware and More |
| Texte |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Cerberus Source Code Leak, Chinese APT, Mrbminer Malware, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
US 2020 Presidential Apps Riddled with Tracking and Security Flaws
(published: September 17, 2020)
The Vote Joe 2020 application has been found to be potentially leaking personal data about voters. The app is used by the Joe Biden campaign to engage with voters and get supporters to send out promotional text messages. Using TargetSmart, an intelligence service, the app receives their predictions via API endpoint which has been found to be returning additional data. Voter preference and voter prediction could be seen, while voter preference is publically accessible, the information for TargetSmart was not meant to be publicly available. The app also let users from outside of the United States download, allowing for non-US citizens to have access to the data, as there was no email verification. Vote Joe isn’t the only campaign app with security issues, as the Donald Trump application exposed hardcoded secret keys in the APK.
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Tags: APK, Android, Campaign, Election, Joe Biden, PII
German Hospital Attacked, Patient Taken to Another City Dies
(published: September 17, 2020)
A failure in IT systems at Duesseldorf University Hospital in Germany has led to the death of a woman. In an apparent ransomware attack, the hospital’s systems crashed with staff unable to access data. While there was no apparent ransom note, 30 servers at the hospital had been encrypted last week, with a ransom note left on one server addressed to Heinrich Heine University. Duesseldorf police contacted the perpetrators to inform them they had attacked the hospital instead of the university, with the perpetrators providing decryption keys, however patients had to be rerouted to other hospitals and therefore a long time before being treated by doctors.
Recommendation: Educate your employees on the risks of opening attachments from unknown senders. Anti-spam and antivirus applications provided by trusted vendors should also be employed. Emails that are received from unknown senders should be carefully avoided, and attachments from such senders should not be opened. Furthermore, it is important to have a comprehensive and tested backup solution in place, in addition to a business continuity plan for the unfortunate case of ransomware infection.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Germany, Healthcare, Hospital, Ransomware
|
| Envoyé | Oui |
| Condensat | $10 $100 $50 “assm and 000 0688 100 11510 1472 19781 2019 2020 256 258a 3rd 404 5902 aa20 able about abuse access accessed accessible according account accounts accused acquire across act active activists activity actor actors addition additional additionally address addressed admin administrators adoption advised advisory aes affected affiliated after against agency alert all allegedly allowing already also always analyze and/or android announced another anti antivirus api apk app apparent apple appliances application applications apply applying approach/attack apps apt apt41 apts architecture are arm around assist att&ck att&ck: attached attachments attack attacked attacker attacks attempts auction auctioneer august available avoided away backdoor backup banking barium based become been before behind being believed best biden big both breaking briefing briefing: bringing brute bruteforce build business but buy bytes campaign campaigns can capabilities carefully carrying case cerberus certificates cfaa cfb8 challenge change charged charges charts check chendgu china chinese chopper chuan circulation cisa citizens citrix city claimed client cobalt code collection command common commonly communication companies company comprehensive compromise compromised computer computers conduct configuration connection consists contacted content continuity control controller could court crashed creating credential credentials crypto cryptography customer cve cyber cyberattackers cybersecurity dailin data databases death decryption default/@fg125kjnhn987 defendants defense democracy department depth describing designed detection determine developed developers development device dies directory discovered discuss discussed district doctors documents domain donald download downloaded drop drs duesseldorf dump dumping during educate educated either election email emails employed employees encrypted endpoint engage ensure entities espionage establish even exchange exe” execution exploit exploiting exploits exposed exposure externally facilitating facing fail failed failure federal figure file finances financial five fixes flaw flawed flaws focus following force forum found fraud free frequently from further furthermore game gathering generate german germany get give glimpse globally goal going golden google governments grand group groups hacking had haoran hardcoded has hash hashes have having healthcare heine heinrich high highly hong hospital hospital’s hospitals host how however hudson hundreds identifiable identify identity illicit impact implementation important includes: including indictment indictments individuals infected infection infects inform information infrastructure initialization installed installs instead intelligence intercept international internet intrusion investigation ioc iocs isn’t issues iteration jiang joe july jury just justice keys kit known knows kong last late launched laundering layering leading leak leaked leaking least led left let likely limit linux list lizhi locations logs long magazine malicious malware many meant measures mechanisms members messages microsoft mimikatz miner ministry mitre mobile money month months more most mrbminer mss mssql myriad name named names nationals needed needs netlogon netted network new news non nonprofits not note notorious now observed obtain/re official once one only open opened opening operated operating operations order organisations osint other others out outside overlays owner package packets panda panels part party pass password patch patches patching patient patients payloads per perform performed perpetrators persistence personal personally pii place plan planning play police policy possible posture potential potentially practice pre precautionary prediction predictions preference presence presidential preventing prevention price private privileges pro processes produce promotional properly protect protocol provide provided providers providing proving proxy public publically publicly published: pulse purchases qian qiang range |
| Tags | Ransomware Malware Vulnerability Threat Patching Guideline |
| Stories | APT 41 |
| Notes | ★★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.