One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 3952434 |
| Date de publication | 2022-01-12 16:00:00 (vue: 2022-01-12 17:08:53) |
| Titre | Anomali Cyber Watch: FluBot, iOS, Ransomware, Zloader, and More |
| Texte | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data breach, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Attack Misuses Google Docs Comments to Spew Out “Massive Wave” of Malicious Links
(published: January 7, 2022)
Security researchers have seen a very large number of attacks leveraging the comment features of Google Docs to send emails to users containing malicious content. The attackers can create a document, sheet, or slides and add comments tagging any user's email address. Google then sends an email to the tagged user account. These emails come from Google itself and are more likely to be trusted than some other phishing avenues.
Analyst Comment: Phishing education can often help users identify and prevent phishing attacks. Specific to this attack method, users should verify that any unsolicited comments that are received come from the user indicated, and if unsure, reach out separately to the user that appears to have sent the comment to verify that it is real. Links in email should be treated with caution.
MITRE ATT&CK:[MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Phishing - T1156
Tags: Google, Impersonation, Phishing
Finalsite Ransomware Attack Forces 5,000 School Websites Offline
(published: January 7, 2022)
Finalsite, a firm used by schools for website content management, design, and hosting, has been hit by an unknown strain of ransomware that affected approximately 5,000 of their 8,000 customers. The company has said in a statement that many of the affected sites were preemptively shut down to protect user's data, that there is no evidence of that data was breached (although they did not confirm that they had the needed telemetry in place to detect that), and that most of the sites and services have been restored.
Analyst Comment: Verified backup and disaster recovery processes are an important aspect of protecting organizations and allowing for remediation of successful attacks. Monitoring and telemetry can aid in detection and prevention from attacks, and provide evidence as to whether data has been exfiltrated.
MITRE ATT&CK:[MITRE ATT&CK] Web Service - T1102 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Education, Finalsite, Ransomware, Web hosting
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond
(published: January 6, 2022)
Security researchers have analyzed a new and more sophisticated version of the FluBot Android malware first detected in early 2020. Once installed on a device, the malware can full |
| Envoyé | Oui |
| Condensat | 'medical “massive 000 0151 100 1599 19th 2012 2013 2018 2020 2021 2022 3900 44228 45046 45105 500 access account accurate achieve action activity actors add adding additional additionally address addressed ads adult advantage affected affects again against aid alerts algorithm alibaba all allowing allows also altera although america analysis analyst analyzed android anomali anti any apache app apparently appears apple apple's application applications approved approximately apt are aspect asset att&ck att&ck: attached attack attacker attackers attacking attacks attain attempts audit audited auditing august authors autostart avenues avoid aware awareness backed backup banking base bat been before begins being belong below: best beyond binaries/dlls blocked blocking boot both breach breach: breached briefing broward bug bundled but campaign campaigns can capture card carefully caution chain channel characters charts check checked chen client cloud code collect come command comment comment: comments commision common companies company component compromise compromised confirm connections consumer contact contacts containing contains content continual continues control controls could create created creative credential credit critical customers cve cyber data date december defender defense defenses delay deleted denial deobfuscate/decode department design detect detected detecting detection development device device's devices dga did difficult digital disable disaster disclose disclosed discovered discovery discuss discussed distributed distribution dll docs document documents doj domain domains doorlock dos down download downloaded downstream drivers due dumping during early education effective either email emails employ enable encrypted endpoint enterprise environment estate evade even evidence execute execution exfiltrated exfiltration exploit exploitation exploited exploits face facing features federal figure file’s files filled finalsite finance find finish firm first flaw flubot flubot’s following forces formjacking forms found fox framework fraud free frequently from ftc fully further furthermore gained generate generation get glimpse goals google had harder harvesting has have health healthcare help hide highlighted hijacked hijacking history hit home homekit hospital host hosting identifiable identified identify identity impact impair impersonation important imported includes including indicated indicator indicators infect infected infection infections information ingress initial inject injecting injection injects input install installation installations installed installer integrations intelligence interaction internet interpreter invaluable inventory involves involving ioc iocs ios iot issue it/secops iteration its itself january java javascript justice keylogger keylogging know known large late layer leading least legitimate levels leverage leverages leveraging license likely line link links list log4j log4shell logging logon logs long low magazine make malicious malsmoke malspam malware manage management many masquerading measures medical message messages method methods microsoft microsoft’s million millions misuses mitre modify monitor monitored monitoring more most multiple name need needed nefarious network never new news north not notification notifications notified november now number numbers numerous observed october offered offline often once one ongoing open operations organization organizations other out over package parameters parent part particularly parties party passcodes patches patients perform performed performs periods permissions permitted persistence persistent personal personally phishing pii place possible potential potentially preemptively present prevent prevention previous previously process processes products program proliferation protect protecting protection protocol provide provider public publicly published: purple purplefox purposes putting range ransomware reach real reboot received recovery regarding registered regularly related relationship |
| Tags | Ransomware Data Breach Malware Tool Vulnerability Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.