21 Aug 2020 | Asia Cyber Summary

Updated: 5 days ago


Investigating a Shortened URL


Short URLs serve more than an aesthetic purpose. They can also be used in phishing campaigns that obfuscate the malicious link through URL shortening. In this article, we will cover common misuses of shortened URLs and some practical tips for investigating them. Read here.


In the spotlight this week:


NIST has released its guidance for zero trust architecture


• Apache released a reminder to update to the latest version


• Russian GRU’s 85th GTsSS deploys previously undisclosed Drovorub malware




AUG 17, 2020 | Konica Minolta Suffers Attack by Human-Operated Ransomware “RansomEXX” 

Konica Minolta is a large multinational company that focuses on technology. Since late July,  it has been reported that they suffered an attack by an advanced ransomware group that manually infects systems after gaining access to the network. This emerging technology is harder to spot as the attackers emulate the users. With that being said, a focused security team with good visibility and Incident Response capability can counter the threat if it gets a foothold.


Source: https://securityaffairs.co/wordpress/107226/cyber-crime/konica-minolta-ransomware

AUG 17, 2020 | Researchers Exploit Bug in Emotet Malware to Create Killswitch, Containing Its Spread For Six Months 

The Emotet banking trojan was particularly devastating in 2019, but for the first half of 2020, defenders had a kill switch capability called “Emocrash.” “Emocrash” was a short script designed to cause the malware located on a compromised machine to crash before it could carry out malicious activity. This enabled defenders (blue teams) to keep the malware at bay and effectively counter the threat. Unfortunately, the threat group has patched the malware and a new more potent version of Emotet was observed on August 6th.


Source: https://www.computing.co.uk/news/4019062/researchers-exploited-bug-emotet-malware-create-killswitch-containing-spread-months


AUG 13, 2020 | NSA and FBI Expose Previously Undisclosed Russian Malware Drovorub in Cybersecurity Advisory


The NSA and FBI have released a joint report detailing the capabilities of the Russian Military Intelligence Drovorub (from дрово to chop) Malware utilized for cyber espionage. Updating the Linux Kernel to 3.7 or later and implementing kernel signing enforcement will defend against this threat.


Source: https://www.fbi.gov/news/pressrel/press-releases/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecurity-advisory


AUG 13, 2020 | Apache Releases Reminder to Update to Latest Version, After Exploit for Two Vulnerabilities Affecting Earlier Versions Were Made Available


Apache has released an advisory regarding two CVEs from late 2019. These vulnerabilities were fixed in patch 2.5.22 that was released in November 2019. However, many web servers have not been patched. This issue is back in the spotlight this week after an exploit targeting CVE-2019-0230—which would allow an attacker to execute code on the Apache Struts web server remotely—was released for a short time on GitHub.


Source: https://struts.apache.org/announce.html


AUG 11, 2020 | NIST Releases Guidance for Zero-Trust Architecture

NIST has released guidance for adopting a zero-trust architecture labeled “Special Publication 800-207”. This is designed to help C-Suite executives and cyber teams gain a better understanding of the concept and how it can be implemented. A zero-trust model is becoming the new normal for cyber security as perimeter security models are becoming less successful and workers become more mobile.


Source: https://csrc.nist.gov/publications/detail/sp/800-207/final




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.

Copyright © 2020 Blackpanda.
All Rights Reserved.

HONG KONG

Room 37, Level 5, Core F

Cyberport 3,

100 Cyberport Rd

Hong Kong

+852 6975 1099

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

JAPAN

301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031

+81 80 2077 9824

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

SINGAPORE

3 Church Street

#25-01, Samsung Hub

Singapore 049483

+65 6692 9110

  • LinkedIn
  • Facebook
  • Twitter