Page 11 - Threat Intelligence 10-18-2019
P. 11

Internal Threats












         'Lost Files' Data Wiper Poses as a Windows Security Scanner. A Windows Security Scanner that states it
         encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data
         in a victim's files. ISC Handler Xavier Mertens received a spam email that pretends to be from Microsoft and
         has a subject of "Virus Detection On Your Computer!". The email then proceeds to state that a Trojan horse
         was detected on the computer and that the recipient should download the linked to "security scanner". If you
         click on the download button, a file called WSS.zip will be downloaded that contains a file called "Windows
         Security Scanner.exe" and a hidden Resources folder with a few other executables.
                Source: https://www.bleepingcomputer.com/news/security/lost-files-data-wiper-poses-as-a-windows-
                security-scanner/

         Fin7 attackers roll out new tools. Like defenders and researchers, cybercrime groups constantly improve and
         adapt their tools and techniques, looking for the right combination for the task at hand. The infamous FIN7
         attack group is a prime example of this continuous improvement and researchers have discovered a pair of
         new tools the group is using, one of which is specifically designed to target a remote administration client
         used in payment card processing environments. The RDFSNIFFER module that Mandiant discovered has a
         number of capabilities and allows the operators to take actions such as intercepting SSL connections, deleting
         data, and running commands on the remote system.
                Source: https://duo.com/decipher/fin7-attackers-roll-out-new-tools

         Targeted Ransomware Attacks Show No Signs of Abating. There's little sign that cybercriminals are about to
         let up on ransomware attacks anytime soon. If anything, they appear to be honing their tactics for even more
         dangerous and disruptive attacks on enterprise organizations over the short term. Emsisoft recently analyzed
         threat data from the second and third quarters of this year and found ransomware attacks have become more
         focused and targeted. The success some attackers have had in extorting ransoms from enterprise targets
         appears to have spawned more concerted efforts by others to do the same. "While the total number of
         ransomware attacks has declined, there has been a significant increase in the number of high-impact attacks
         targeting companies and public entities," says Fabian Wosar, CTO at Emsisoft.
                Source:  https://www.darkreading.com/attacks-breaches/targeted-ransomware-attacks-show-no-signs-
                of-abating/d/d-id/1336095

         Impact and prevalence of cyberattacks that use stolen hashed administrator credentials. There’s a significant
         prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as
         Pass the Hash (PtH) attacks, within businesses today, according to a survey from One Identity. Among the
         survey’s most noteworthy findings is that 95% of respondents say that PtH attacks have a direct business
         impact on their organizations.
                Source:  https://www.helpnetsecurity.com/2019/10/10/stolen-hashed-administrator-credentials/












                                                    www.accumepartners.com
                                                                                                                    11
   6   7   8   9   10   11   12   13   14   15   16