14 Aug 2020 | Asia Cyber Summary

Updated: Sep 11


Congratulations to Blackpanda DFIR Specialist Shuchen Hu for being named one of the Top 20 Women in Cyber Security in Singapore! We’re proud to see hard work recognized. This award is presented by The Women in Security & Resilience Alliance (WISECRA), MySecurity Media, and Responsible Cyber.


In the spotlight this week:

• A new phishing campaign utilizing Zoom meeting invitations has been observed targeting O365 credentials



• Dharma offers an easy to use Ransomware as a Service, making complex malware usable to threat actors that have limited skills



• The FBI has warned of Iranian state-backed hacking groups targeting the F5 BIG-IP vulnerability CVE-2020-5902




AUG 12, 2020 | Dharma Offers Easy-To-Use Ransomware as a Service, Making Complex Malware User Friendly to Threat Actors With Limited Skills

This is an unfortunate trend that we are seeing where advanced tools and techniques are now available to criminals with limited technical skills. To combat the relative ease with which these tools can now be deployed, businesses should ensure they have modern EDR solutions in place, with regular backups, and an incident response procedure that is regularly rehearsed.


Source: https://www.bleepingcomputer.com/news/security/dharma-ransomware-created-a-hacking-toolkit-to-make-cybercrime-easy/


AUG 8, 2020 | The FBI Has warned of Iranian State-Backed Hacking Groups Targeting the F5 BIG-IP Vulnerability CVE-2020-5902


The F5 BIG-IP vulnerability CVE-2020-5902 previously reported by Blackpanda is now being exploited by Iranian threat actors. The US-CERT recommends the following actions be taken:


 Reimage compromised hosts

• Provision new account credentials

• Limit access to the management interface to the fullest extent possible

• Implement network segmentation

Source: https://www.bleepingcomputer.com/news/security/fbi-iranian-hackers-trying-to-exploit-critical-f5-big-ip-flaw/


AUG 6, 2020 | Maze Ransomware Group Claims To Have stolen 10TB Of Data From Canon


The Maze ransomware group has claimed to have compromised Canon and exfiltrated 10 TeraBytes of data. Canon has reported outages affecting many systems and the full impact of this attack is yet to be seen.


Source: https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/


AUG 4, 2020 |  New Phishing Campaign Utilizing Zoom Meeting Invitations Has Been Observed Targeting O365 Credentials


Threat actors are taking advantage of the widespread use of Zoom. Newly observed techniques show phishing emails masquerading as Zoom meeting invites in order to entice the recipient to click the link.


Source: https://www.hackread.com/fake-zoom-meeting-invitation-phishing-scam-microsoft-credentials/

AUG 1, 2020 | Phished? You have 7 Days Before Your Credentials Are Sold Online


Iranian threat groups have become the first APT actors to be discovered using DNS over HTTPS in their attacks. The group "Oilrig" is known for exfiltrating data over DNS and this development incorporating new features to their kill chain is a logical progression.


Source: https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.

Copyright © 2020 Blackpanda.
All Rights Reserved.

HONG KONG

Room 37, Level 5, Core F

Cyberport 3,

100 Cyberport Rd

Hong Kong

+852 6975 1099

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

JAPAN

301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031

+81 80 2077 9824

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

SINGAPORE

3 Church Street

#25-01, Samsung Hub

Singapore 049483

+65 6692 9110

  • LinkedIn
  • Facebook
  • Twitter