Updated: Sep 11, 2020
Congratulations to Blackpanda DFIR Specialist Shuchen Hu for being named one of the Top 20 Women in Cyber Security in Singapore! We’re proud to see hard work recognized. This award is presented by The Women in Security & Resilience Alliance (WISECRA), MySecurity Media, and Responsible Cyber.
In the spotlight this week:
• A new phishing campaign utilizing Zoom meeting invitations has been observed targeting O365 credentials
• Dharma offers an easy to use Ransomware as a Service, making complex malware usable to threat actors that have limited skills
• The FBI has warned of Iranian state-backed hacking groups targeting the F5 BIG-IP vulnerability CVE-2020-5902
AUG 12, 2020 | Dharma Offers Easy-To-Use Ransomware as a Service, Making Complex Malware User Friendly to Threat Actors With Limited Skills
This is an unfortunate trend that we are seeing where advanced tools and techniques are now available to criminals with limited technical skills. To combat the relative ease with which these tools can now be deployed, businesses should ensure they have modern EDR solutions in place, with regular backups, and an incident response procedure that is regularly rehearsed.
AUG 8, 2020 | The FBI Has warned of Iranian State-Backed Hacking Groups Targeting the F5 BIG-IP Vulnerability CVE-2020-5902
The F5 BIG-IP vulnerability CVE-2020-5902 previously reported by Blackpanda is now being exploited by Iranian threat actors. The US-CERT recommends the following actions be taken:
• Reimage compromised hosts
• Provision new account credentials
• Limit access to the management interface to the fullest extent possible
• Implement network segmentation
The Maze ransomware group has claimed to have compromised Canon and exfiltrated 10 TeraBytes of data. Canon has reported outages affecting many systems and the full impact of this attack is yet to be seen.
AUG 4, 2020 | New Phishing Campaign Utilizing Zoom Meeting Invitations Has Been Observed Targeting O365 Credentials
Threat actors are taking advantage of the widespread use of Zoom. Newly observed techniques show phishing emails masquerading as Zoom meeting invites in order to entice the recipient to click the link.
Iranian threat groups have become the first APT actors to be discovered using DNS over HTTPS in their attacks. The group "Oilrig" is known for exfiltrating data over DNS and this development incorporating new features to their kill chain is a logical progression.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.