Your weekly top 5 technical and security issues Nerds should pay attention to:
This new malware uses remote overlay attacks to hijack your bank account.
In case it isn’t obvious, both the Remote Access Trojan and the malicious software installation is prevented 100% with zero trust controls.
Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders.
This high-profile eCrime group operates multiple ransomware families and has recently been observed developing new tools and modified existing ones.
Speaking of the original creators of Trickbot.
WIZARD SPIDER is an established, high-profile and sophisticated eCrime group, originally known for the creation and operation of the TrickBot banking malware. This Russia-based eCrime group originally began deploying TrickBot for the purpose of conducting financial fraud in 2016, but has since evolved into a highly capable group with a diverse and potent arsenal, including Ryuk, Conti and BazarLoader. Their toolset covers the entirety of the kill chain, from delivery to post-exploitation tools and big game hunting (BGH) ransomware, enabling them to conduct a wide range of criminal activities against enterprise environments.
The Ryuk threat actors are actively exploiting ZeroLogon (CVE-2020-1472).
Nice to see such a clean breakdown. $1/mo Patreon gets you the full report. DTTS, stops this attack at every level, just saying.
The Ryuk threat actors went from a phishing email to domain wide ransomware in 5 hours. They escalated privileges using Zerologon (CVE-2020-1472), less than 2 hours after the initial phish. They used tools such as Cobalt Strike, AdFind, WMI, and PowerShell to accomplish their objective.
Read More: Ryuk in 5 Hours
Shady deals: The destructive relationship between network access sellers and ransomware groups.
In hindsight, we should have seen this coming. The sale of network access really needs to be treated like an insider threat.
Ransomware groups are taking advantage of opportunities to purchase network access on dark web forums to quickly compromise networks across a variety of industries and unleash their disabling malware. Network Access Sellers’ expertise lies in the ability to gain corporate and government network access, which they then sell to other cyber-crime groups for a handsome profit. These cyber-crime groups can use purchased network access to slash the typical difficult requirement of gaining initial access, establishing persistence, and moving laterally across a network.
Announcing Global Privacy Control: Making it Easy for Consumers to Exercise Their Privacy Rights.
Steve Gibson does a deep dive on SecurityNow Episode #788. Very cool development for the benefit of everyday people.
Announcing Global Privacy Control: Making it Possible for Consumers to Easily Exercise Their “Do Not Sell” Rights Under CCPA
Did you know?
The story I shared last week of going to the police station to review an incident Network Access Seller was of a Nerds On Site Meraki Dashboard.