21 Aug 2020 | Asia Cyber Summary

Updated: Sep 17, 2020


Investigating a Shortened URL

Short URLs serve more than an aesthetic purpose. They can also be used in phishing campaigns that obfuscate the malicious link through URL shortening. In this article, we will cover common misuses of shortened URLs and some practical tips for investigating them. Read here.


In the spotlight this week:

NIST has released its guidance for zero trust architecture

• Apache released a reminder to update to the latest version

• Russian GRU’s 85th GTsSS deploys previously undisclosed Drovorub malware

AUG 17, 2020 | Konica Minolta Suffers Attack by Human-Operated Ransomware “RansomEXX” 

Konica Minolta is a large multinational company that focuses on technology. Since late July,  it has been reported that they suffered an attack by an advanced ransomware group that manually infects systems after gaining access to the network. This emerging technology is harder to spot as the attackers emulate the users. With that being said, a focused security team with good visibility and Incident Response capability can counter the threat if it gets a foothold.

Source: https://securityaffairs.co/wordpress/107226/cyber-crime/konica-minolta-ransomware

AUG 17, 2020 | Researchers Exploit Bug in Emotet Malware to Create Killswitch, Containing Its Spread For Six Months 

The Emotet banking trojan was particularly devastating in 2019, but for the first half of 2020, defenders had a kill switch capability called “Emocrash.” “Emocrash” was a short script designed to cause the malware located on a compromised machine to crash before it could carry out malicious activity. This enabled defenders (blue teams) to keep the malware at bay and effectively counter the threat. Unfortunately, the threat group has patched the malware and a new more potent version of Emotet was observed on August 6th.

Source: https://www.computing.co.uk/news/4019062/researchers-exploited-bug-emotet-malware-create-killswitch-containing-spread-months

AUG 13, 2020 | NSA and FBI Expose Previously Undisclosed Russian Malware Drovorub in Cybersecurity Advisory

The NSA and FBI have released a joint report detailing the capabilities of the Russian Military Intelligence Drovorub (from дрово to chop) Malware utilized for cyber espionage. Updating the Linux Kernel to 3.7 or later and implementing kernel signing enforcement will defend against this threat.

Source: https://www.fbi.gov/news/pressrel/press-releases/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecurity-advisory

AUG 13, 2020 | Apache Releases Reminder to Update to Latest Version, After Exploit for Two Vulnerabilities Affecting Earlier Versions Were Made Available

Apache has released an advisory regarding two CVEs from late 2019. These vulnerabilities were fixed in patch 2.5.22 that was released in November 2019. However, many web servers have not been patched. This issue is back in the spotlight this week after an exploit targeting CVE-2019-0230—which would allow an attacker to execute code on the Apache Struts web server remotely—was released for a short time on GitHub.

Source: https://struts.apache.org/announce.html

AUG 11, 2020 | NIST Releases Guidance for Zero-Trust Architecture

NIST has released guidance for adopting a zero-trust architecture labeled “Special Publication 800-207”. This is designed to help C-Suite executives and cyber teams gain a better understanding of the concept and how it can be implemented. A zero-trust model is becoming the new normal for cyber security as perimeter security models are becoming less successful and workers become more mobile.

Source: https://csrc.nist.gov/publications/detail/sp/800-207/final

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.