Page 14 - Threat Intelligence 12-13-2019
P. 14
Unpatched systems are still one of the significant attack vectors to launch cyberattacks. Leaving a vulnerable
system unpatched can invite troubles for an organization. The issue can turn worse when the organization
suffers a cyberattack that can result in, but not limited to, compromise of confidential data, DDoS attacks or
stealing of customers’ details. According to a report released by Recorded Future, it has been found that the
same vulnerabilities kept showing up year-after-year. An interesting aspect of the report was that most of
these vulnerabilities were found to be exploited via phishing attacks and exploit kits that specifically target
flaws in Microsoft products.
Source: https://cyware.com/news/unpatched-systems-are-still-one-of-the-significant-attack-vectors-
to-launch-cyberattacks-08e616e6
US Govt Alerts Financial Services of Ongoing Dridex Malware Attacks. The Department of Homeland
Security's today alerted institutions from the financial services sector of risks stemming from ongoing Dridex
malware attacks targeting private-sector financial firms through phishing e-mail spam campaigns. The alert
was published by the Cybersecurity and Infrastructure Security Agency (CISA) via the US National Cyber
Awareness System, a tool designed to provide industry and users with info on current security topics and
threats. "Because actors using Dridex malware and its derivatives continue to target the financial services
sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this
report warrant renewed attention," CISA says.
Source: https://www.bleepingcomputer.com/news/security/us-govt-alerts-financial-services-of-
ongoing-dridex-malware-attacks/
Snatch Team Steals Data and Hammers Orgs with Ransomware. Snatch, a ransomware variant, has been
discovered in campaigns that force Windows machines to reboot into Safe Mode before beginning the
encryption process. Snatch is one of multiple components of a malware constellation that is emerging in
carefully orchestrated and sophisticated attacks that can feature rampant and high-risk data collection.
Researchers with SophosLabs claim that Snatch runs itself in an elevated permissions mode that can lead to a
Safe Mode reboot in which most security software does not run, effectively encrypting victims’ hard drives.
Although Snatch’s operators have been active since the summer of 2018, the Safe Mode reboot is a new
feature according to the SophosLabs researchers. The researchers stated that the severity of the risk posed by
ransomware that has the capability to run in Safe Mode cannot be overstated.
Source: https://www.oodaloop.com/briefs/2019/12/11/snatch-team-steals-data-and-hammers-orgs-
with-ransomware/
49% of workers, when forced to update their password, reuse the same one with just a minor change. A
survey of 200 people conducted by security outfit HYPR has some alarming findings. For instance, not only did
72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that
when forced to update their passwords in the workplace they reused the same one with a minor change.
Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42%
in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users’
tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes
to existing ones.
Source: https://www.grahamcluley.com/49-of-workers-when-forced-to-update-their-password-reuse-
the-same-one-with-just-a-minor-change/
www.accumepartners.com
14
