Cyber Intel Brief: Aug 4 – 10, 2022
By Eric Ford,
Data Breach
Cisco Talos Shares Insights Related to Recent Cyber Attack on Cisco
Impacted Industries: Information
What You Need To Know:
Cisco Talos details their investigation into a breach they learned about on May 24, 2022. No evidence suggesting the threat actor, assessed to be an initial access broker, gained access to vital internal systems, including those involved in product development, code signing, etc.
Malware
Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts
Impacted Industries: All
What You Need To Know:
explorer.exe is the most popular living-off-the-land binary threat actors utilize to launch malware delivered by Windows shortcut files (.lnk), according to SentinelOne. This trend could be why SentinelOne has observed an upsurge in advertising and demand for the most recent iterations of two malicious LNK file-building tools.
Malware
CISA’s 2021 Top Malware Strains
Impacted Industries: All
What You Need To Know:
CISA and the Australian Cyber Security Centre have co-authored a joint Cybersecurity Advisory on the top malware variants seen in 2021. The most prevalent malware variants in 2021 included ransomware, banking Trojans, information thieves, and remote access Trojans (RATs).
Malware
X-FILES Stealer Evolution – An Analysis and Comparison Study
Impacted Industries: All
What You Need To Know:
Zscaler’s ThreatLabz threat research team discovered a new variation of an infostealer with improved functionality to exfiltrate sensitive information. Additionally, threat actors have established and deployed several phishing websites to deliver the stealer and used the Follina vulnerability to distribute the stealer.
Tools
Attackers Leveraging Dark Utilities “C2aaS” Platform in Malware Campaigns
Impacted Industries: All
What You Need To Know:
Cisco Talos has observed a variety of malware samples for both Windows and Linux, using a new C2-as-a-Service platform that allows remote access, command execution, conduct DDoS attacks, and cryptocurrency mining operations on infected systems.
Threat Actors
Andariel Deploys DTrack and Maui Ransomware
Impacted Industries: Healthcare and Public Health Sector; potentially All
What You Need To Know:
Kaspersky links a recent Maui ransomware in April 2021 to Andariel via DTrack and 3proxy–publicly available–malware. According to their investigation, the adversary deployed the DTrack malware 10 hours before encrypting the victim with Maui ransomware.
Phishing
AiTM Phishing Attack Targeting Enterprise Users of Gmail
Impacted Industries: Enterprises Employing G Suite
What You Need To Know:
In a recent blog post, ThreatLabz details adversary-in-the-middle (AiTM) phishing attempts directed at business Gmail users.
Exploited Vulnerability
CISA Adds 3 Vulnerabilities to its Known Exploited Vulnerabilities Catalog
Impacted Industries: All
What You Need To Know:
CISA has added the three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Some of the software affected include Microsoft Windows, RARLAB UnRAR, and Zimbra Collaboration.
What We Mean When We Say
Estimates of Likelihood
We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.
Confidence in Assessments
Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:
- High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
- Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
- Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.