\n","status":"PUBLISHED","fileName":null,"link":"https://research.checkpoint.com/2020/zoom-zoom-we-are-watching-you/","tags":[],"score":0.040697209537029266,"topStoryDate":null},{"id":"4524","type":"Intelligence_Reports","name":"Threat Intelligence Report: September 6 - 12, 2021","author":"Check Point Threat Intelligence","date":1631516400000,"description":"Weekly summary of the latest published cyber threats and campaigns as derived from open-source information.","content":"
TOP ATTACKS AND BREACHES
Mēris, a new distributed denial-of-service (DDos) botnet has broken a record with a 21.8 million requests-per-second attack on Russian internet company Yandex; 250,000 devices are assumed to be compromised.
Tags: #Botnet, #Breach
MyRepublic, a Singaporean communications services company, has disclosed a data breach exposing government ID cards and information of nearly 80,000 mobile users. The attack was aimed at a third party data storage platform used to store personal data of the company’s customers.
Tags: #Breach, #Mobile, #Supplychain
Members of the Groove ransomware gang have posted online 500,000 Fortinet VPN login names and passwords retrieved from exploitable devices. The VPN credentials could allow threat actors to access a network to exfiltrate data, install malware and perform ransomware attacks.
Check Point IPS provides protection against this threat (Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379))
Tags: #Ransomware, #Ransom&Steal
United Nations’ headquarters computers were hacked earlier this year after a Russian speaking cybercriminal bought user credentials on the dark web for $1000. The purpose of the breach is still unknown at this time.
Tags: #Political, #Government, #Breach
Ragnar Locker ransomware group is threatening to leak stolen data from individuals that would attempt to contact the FBI or other authorities. The Ragnar Locker gang had previously targeted large companies with ransomware attacks, demanding millions of dollars in ransom payments.
Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.Ragnar)
Tags: #Government, #Ransomware
CISA is warning that hackers are exploiting a critical vulnerability tracked as CVE-2021-40539 in Zoho’s ManageEngine ADSelfService Plus password management solution that allows them to take control of the system.
A recently discovered malware called Sidewalk, used in attacks against organizations in Taiwan, Vietnam, the United States, and Mexico, is linked to the Chinese espionage group Grayfly.
Tags: #Government, #Political, #APT
VULNERABILITIES AND PATCHES
A new zero-day vulnerability, tracked as CVE-2021-40444, is affects multiple versions of Windows. This vulnerability is currently distributed via malicious Office 365 documents and entails users to open the file to trigger it.
Check Point IPS provides protection against this threat (Microsoft Internet Explorer MSHTML Remote Code Execution (CVE-2021-40444))
Microsoft has patched multiple flaws that could allow an Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering. A threat actor could have exploited these issues to execute code on other users’ containers, steal customer data, and for cryptomining.
Tags: #Cloud
Netgear has made available firmware updates for more than a dozen of its smart switches used on corporate networks to patch vulnerabilities.
GitHub has exposed seven severe vulnerabilities in npm packages, tar & @npmcli/arborist, used by npm CLI, which could eventually result in arbitrary code execution.
THREAT INTELLIGENCE REPORTS
Check Point Research top 10 malware for August shows that Formbook infostealer is the most prevalent malware while Qbot banking Trojan has dropped from the list all together.
Check Point Harmony Endpoint and Anti-Bot provide protection against these threats
Tags: #Botnet
REvil ransomware gang, aka Sodinokibi, responsible for the Kaseya supply chain attack, is back on the scene after shutting down their infrastructure and disappearing for two months.
Check Point Harmony Endpoint and Anti-Bot provide protection against this threat (Ransomware.Win32.Sodinokibi)
Tags: #Supplychain, #Ransomware
A dual US - Canadian national has been sentenced to more than 11 years in federal prison for conspiring to launder tens of millions of dollars in wire and bank fraud schemes, including a massive online banking theft by North Korean Cybercriminals, according to the U.S. Department of Justice.
Security researchers have revealed main criteria used to select ransomware victims. These include targets specifically in the USA, Canada, Australia & Great Britain with revenue of at least $100 million.
Tags: #Ransomware
South Korean law enforcement has apprehended a Russian member of the TrickBot gang after US authorities requested an extradition.
Tags: #Government, #Ransomware
","status":"PUBLISHED","fileName":"167794895","link":null,"tags":[],"score":0.009722733870148659,"topStoryDate":null},{"id":"4741","type":"Intelligence_Reports","name":"Threat Intelligence Report: November 29 - December 5, 2021","author":"Check Point Threat Intelligence","date":1638777600000,"description":"Weekly summary of the latest published cyber threats and campaigns as derived from open-source information.","content":"
TOP ATTACKS AND BREACHES
Check Point Research has identified ongoing campaigns in Iran using socially engineered SMS messages to infect tens of thousands of citizens’ devices. The SMS, impersonating Iranian government services, lures victims into downloading malicious Android apps that steal credit card credentials, personal SMS messages and 2FA codes. Threat actors then proceed to make money withdrawals, and turn infected devices into a bot, spreading the malware to others.
Check Point Harmony Mobile provides protection against this threat
Tags: #Phishing, #Government, #Mobile
Apple has alerted Foreign Service officers of several US Embassies that their iPhones were compromised by unknown attackers using ForcedEntry to deploy the NSO group spyware Pegasus, allowing to steal files, eavesdrop on calls and track the targets’ movements.
Tags: #Mobile, #Government
North Korean cyberespionage group ScarCruft (APT 37) is targeting South Korean journalists, activists, or politically relevant individuals with spear-phishing emails and smishing campaigns deploying the Chinotto backdoor.
Tags: #APT, #Phishing, #Mobile
SideCopy Pakistani Hackers are targeting Indian and Afghan military and government officials to steal Google, Twitter and Facebook credentials to eventually gain access to government portals.
Tags: #Government
A hacktivist threat group dubbed WIRTE, suspected to be part of the “Gaza Cybergang”, has been conducting campaigns on Middle Eastern governmental targets and other high-profile organizations since at least 2019, using malicious Excel 4.0 macros.
Tags: #Government, #Phishing
Los Angeles Planned Parenthood has announced being victim of a ransomware attack in October that caused a breach affecting the data of 400,000 patients, including some clinical information like diagnosis and procedures.
Tags: #Ransomware, #Breach
VULNERABILITIES AND PATCHES
Researchers have found vulnerabilities concerning 150 multi-function printers from Hewlett Packard: CVE-2021-39237 which requires physical access could lead to information disclosure and CVE-2021-39238 - a buffer overflow that could give a way to remote code execution.
Researchers have discovered the EwDoor botnet which targets compromised AT&T enterprise network edge devices by exploiting a severe blind command injection security flaw tracked as CVE-2017-6079.
Tags: #Botnet
BlackByte ransomware affiliates are actively exploiting ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523 & CVE-2021-31207) to compromise Microsoft Exchange servers and install web shells, coin miners and ransomware.
Check Point IPS, Harmony Endpoint and Anti-Virus provide protection against these threats (Microsoft Exchange Server Remote Code Execution (CVE-2021-34473); Microsoft Exchange Server Security Feature Authentication Bypass (CVE-2021-31207); Ransomware.Win32.BlackByte)
Tags: #Ransomware
Hackers are leveraging the CVE-2021-44077 flaw which allows unauthenticated remote code execution in the business software provider Zoho; CISA & the FBI urge organizations to promptly update and patch.
Tags: #MSP
THREAT INTELLIGENCE REPORTS
In a new phishing campaign in the UK, threat actors are exploiting the new COVID-19 variant Omicron to lure victims by emailing them about a free Omicron PCR test, eventually stealing their payment details.
Tags: #Phishing, #Healthcare
Finland's National Cyber Security Centre is warning of a large campaign targeting Finnish Android users with the FluBot banking malware, spread via SMS.
Check Point Harmony Mobile provides protection against this threat
Tags: #Mobile, #Phishing
The FBI warns that the Cuba ransomware gang attacked the networks of 49 US organizations making at least $43.9 million in ransom payments. Initial infection is done through the Hancitor malware.
Check Point Threat Emulation provides protection against this threat (Trojan.Win.Hancitor)
Tags: #Ransomware
Indian, Russian and Chinese APT groups were found to be using a rich text format (RTF) template injection technique in their recent phishing campaigns.
Tags: #APT, #Phishing
The Emotet malware is now spread through malicious Windows App Installer packages disguised in Adobe PDF.
Check Point Threat Emulation provides protection against this threat (Trojan.Wins.Emotet)
