One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 2103282 |
| Date de publication | 2020-09-15 15:00:00 (vue: 2020-12-15 21:05:33) |
| Titre | Weekly Threat Briefing: APT Group, Malware, Ransomware, and Vulnerabilities |
| Texte |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Conti Ransomware, Cryptominers, Emotet, Linux, US Election, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal
(published: September 14, 2020)
A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system.
Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online.
Tags: China, spying
US Criminal Court Hit by Conti Ransomware; Critical Data at Risk
(published: September 11, 2020)
The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns.
Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks.
Tags: conti, ryuk, ransomware
|
| Envoyé | Oui |
| Condensat | “cve ‘hybrid 000 105 129 15802 16875 16875” 2020 able about abused abusing accepting access accessed according accounts accused achieved acronym activity actor actors addition address addresses advanced adversaries advised advisory affect affected affects against aid all allow allows also always american americans among analysis analyst and/or another antimalware any api appears application applications appropriate appropriately apps apt apt28 apt31 apt35 apts are associated att&ck att&ck: attached attachment attachments attack attacked attacker attackers attacking attacks attempt attempts attractive australia australians authentication authenticity available avoid avoided aws backups bank based bear become been behind beijing’s being believed best biden birth blog bluetooth blurtooth both brett briefing briefing: bring bug bugs build business but byod bypass call called callee caller calling callow campaign campaigns can cannot capabilities capable card card’s cards case cases causes cdrthief cert certain chain channel charming charts check checking china china’s chinese chip claims cloud cluster code command companies company completely compromise compromises conduct conducted config configurations configured consider contacted contactless contained container containers containing contains content be conti continue continuing contributing control corruption could court court's covid crafted create created credentials credit criminal criminals critical cross crucial cryptogram cryptominers cryptomining ctkd current currently cve cyber dark data database dates dda debit decrypt defendants defense deployed depth derivation” designed detail detailing details detect detection detections develop developed developing development device devices difficult directly disaster discovered discovery discuss discussed discussing disrupt district docker document documents does downgraded dubbed due duration dynamic each efforts election electron email emails emotet emsisoft’s emv enabled encrypted endpoint endpoints ensure environment escalated escalation eset especially etc eth europay even every evidence exchange execution exfiltrated exfiltrates exfiltration expanded expect expected exploit exploited exploits exposed express extort facing fact fail failsafe fancy fee figure figures file files filesystem financial finds firmware fixes flaw flaws focus focused focusing following fourth from furthermore future gained gather genuine get given glimpse granting group groups hackers harvest has have high hijacking hit hold host host’s however identified identifier imbruglia important include includes including income increase increased increasingly indicates individual information install installed intelligence intent interest’s internal intezer invoices involved ioc iocs iran iranian iteration its jcb job journalists jurors keep key keys kitten knowing known large latest lawyers layered layering leaked legitimate liability like likelihood linknat links linux local log logs look lost lot louisiana made magazine main maintenance majority make making malicious malware many mass mastercard measures mechanisms media memory microsoft microsoft’s military million mitre moderate monetize monitoring month more most motivated multiple mysql named natalie needed needs network new news non none not notes noticeable notified now numerous obfuscated observed officers offline often once one online only open opening operations organisation organisations organizations other others out over overridden overwrite own paid pairing part particularly passwords patch patches pay payments people perform personal personnel phishing phosphorus pin place plans point policies politicians portion pos posted posting potential practice presidential prevent prevention prior privileged privileges processed processes profiles prominent proper properly proposed protect protection protocol provide psychological public publicly published published: purchases putting ransom ransoms ransomware ra |
| Tags | Ransomware Malware Tool Vulnerability Threat Conference |
| Stories | APT 35 APT 28 APT 31 |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.