14 Aug 2020 | Asia Cyber Summary

Updated: Mar 17, 2021

Cyber Security in Singapore Award

Congratulations to Blackpanda DFIR Specialist Shuchen Hu for being named one of the Top 20 Women in Cyber Security in Singapore! We’re proud to see hard work recognized. This award is presented by The Women in Security & Resilience Alliance (WISECRA), MySecurity Media, and Responsible Cyber.


In the spotlight this week:

• A new phishing campaign utilizing Zoom meeting invitations has been observed targeting O365 credentials

• Dharma offers an easy to use Ransomware as a Service, making complex malware usable to threat actors that have limited skills

• The FBI has warned of Iranian state-backed hacking groups targeting the F5 BIG-IP vulnerability CVE-2020-5902

AUG 12, 2020 | Dharma Offers Easy-To-Use Ransomware as a Service, Making Complex Malware User Friendly to Threat Actors With Limited Skills

This is an unfortunate trend that we are seeing where advanced tools and techniques are now available to criminals with limited technical skills. To combat the relative ease with which these tools can now be deployed, businesses should ensure they have modern EDR solutions in place, with regular backups, and an incident response procedure that is regularly rehearsed.

Source: https://www.bleepingcomputer.com/news/security/dharma-ransomware-created-a-hacking-toolkit-to-make-cybercrime-easy/

AUG 8, 2020 | The FBI Has warned of Iranian State-Backed Hacking Groups Targeting the F5 BIG-IP Vulnerability CVE-2020-5902

The F5 BIG-IP vulnerability CVE-2020-5902 previously reported by Blackpanda is now being exploited by Iranian threat actors. The US-CERT recommends the following actions be taken:

 Reimage compromised hosts

• Provision new account credentials

• Limit access to the management interface to the fullest extent possible

• Implement network segmentation

Source: https://www.bleepingcomputer.com/news/security/fbi-iranian-hackers-trying-to-exploit-critical-f5-big-ip-flaw/

AUG 6, 2020 | Maze Ransomware Group Claims To Have stolen 10TB Of Data From Canon

The Maze ransomware group has claimed to have compromised Canon and exfiltrated 10 TeraBytes of data. Canon has reported outages affecting many systems and the full impact of this attack is yet to be seen.

Source: https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/

AUG 4, 2020 |  New Phishing Campaign Utilizing Zoom Meeting Invitations Has Been Observed Targeting O365 Credentials

Threat actors are taking advantage of the widespread use of Zoom. Newly observed techniques show phishing emails masquerading as Zoom meeting invites in order to entice the recipient to click the link.

Source: https://www.hackread.com/fake-zoom-meeting-invitation-phishing-scam-microsoft-credentials/

AUG 1, 2020 | Phished? You have 7 Days Before Your Credentials Are Sold Online

Iranian threat groups have become the first APT actors to be discovered using DNS over HTTPS in their attacks. The group "Oilrig" is known for exfiltrating data over DNS and this development incorporating new features to their kill chain is a logical progression.

Source: https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.