Updated: Sep 17
Investigating a Shortened URL
Short URLs serve more than an aesthetic purpose. They can also be used in phishing campaigns that obfuscate the malicious link through URL shortening. In this article, we will cover common misuses of shortened URLs and some practical tips for investigating them. Read here.
In the spotlight this week:
• NIST has released its guidance for zero trust architecture
• Apache released a reminder to update to the latest version
• Russian GRU’s 85th GTsSS deploys previously undisclosed Drovorub malware
Konica Minolta is a large multinational company that focuses on technology. Since late July, it has been reported that they suffered an attack by an advanced ransomware group that manually infects systems after gaining access to the network. This emerging technology is harder to spot as the attackers emulate the users. With that being said, a focused security team with good visibility and Incident Response capability can counter the threat if it gets a foothold.
AUG 17, 2020 | Researchers Exploit Bug in Emotet Malware to Create Killswitch, Containing Its Spread For Six Months
The Emotet banking trojan was particularly devastating in 2019, but for the first half of 2020, defenders had a kill switch capability called “Emocrash.” “Emocrash” was a short script designed to cause the malware located on a compromised machine to crash before it could carry out malicious activity. This enabled defenders (blue teams) to keep the malware at bay and effectively counter the threat. Unfortunately, the threat group has patched the malware and a new more potent version of Emotet was observed on August 6th.
AUG 13, 2020 | NSA and FBI Expose Previously Undisclosed Russian Malware Drovorub in Cybersecurity Advisory
The NSA and FBI have released a joint report detailing the capabilities of the Russian Military Intelligence Drovorub (from дрово to chop) Malware utilized for cyber espionage. Updating the Linux Kernel to 3.7 or later and implementing kernel signing enforcement will defend against this threat.
AUG 13, 2020 | Apache Releases Reminder to Update to Latest Version, After Exploit for Two Vulnerabilities Affecting Earlier Versions Were Made Available
Apache has released an advisory regarding two CVEs from late 2019. These vulnerabilities were fixed in patch 2.5.22 that was released in November 2019. However, many web servers have not been patched. This issue is back in the spotlight this week after an exploit targeting CVE-2019-0230—which would allow an attacker to execute code on the Apache Struts web server remotely—was released for a short time on GitHub.
NIST has released guidance for adopting a zero-trust architecture labeled “Special Publication 800-207”. This is designed to help C-Suite executives and cyber teams gain a better understanding of the concept and how it can be implemented. A zero-trust model is becoming the new normal for cyber security as perimeter security models are becoming less successful and workers become more mobile.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.