BTH News 27September2020
This Week In Cybersecurity
This week on Between the Hacks, new social media phishing campaigns, Microsoft reports of ZeroLogon attacks, a sports official data breach, and the EFF releases a new tool.
Social Media Phishing Campaign
Two social media phishing campaigns are the focus of a BleepingComputer article that details research by MalwareHunterTeam over the past month.
The first phishing attack method is a fake verification scam that lures the victim into sharing their userid and password with the attacker in exchange for the promise of verified status, like the blue check mark in Twitter.
The second social media phishing attack is a fake copyright violation warning that threatens the victim with suspending their social media account unless they log into a certain webpage to dispute the copyright infringement claim.
In both cases, the attackers are harvesting login credentials to take over social media accounts and will likely use them in credential stuffing attacks on other accounts.
If you realize that you have fallen for one of these attacks, immediately change your social media password and add multi-factor authentication (MFA) to your account.
Microsoft Security Intelligence Warns of Active ZeroLogon attacks
Earlier this week Microsoft tweeted that they are actively tracking threat actor activity that is exploiting the ZeroLogon vulnerability in Windows serve. Microsoft stated, “We strongly recommend customers to immediately apply security updates.”
“Microsoft released a patch for the vulnerability in August, but it is not uncommon for businesses to delay deploying updates for days or weeks while testing to ensure the fixes do not interfere with or disrupt specific applications and software” reported Brian Krebs.
In addition to Microsoft’s warning, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) issued an emergency directive on September 18th that required all federal agencies to patch the vulnerability and report status by September 21st. While the directive applied to Executive Branch departments and agencies, CISA strongly recommended, “state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.”
Sports Referee Data Breach
“ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year” according to ZDNet.
While the ransomware was detected and stopped, unfortunately, the the attackers were able to steal a copy of the company’s data backups which included sensitive data about the users of the software such as account usernames and passwords, names, addresses, email addresses, dates of birth, and Social Security Numbers reports Graham Cluley.
Since the attackers had the sensitive data they demanded a ransom even though the ransomware attempt failed. ArbiterSports paid the ransom and "obtained confirmation that the unauthorized party deleted the files” However, it is certainly possible that the attackers made a copy of that data.
Tip of the Week
“YAYA”, a New Threat Hunting Tool From EFF Threat Lab
This week the EFF Threat Lab released a new, open source Linux tool called YAYA. The EFF Threat Lab describes this tool as follows.
‘At the EFF Threat Lab we spend a lot of time hunting for malware that targets vulnerable populations, but we also spend time trying to classify malware samples that we have come across. One of the tools we use for this is YARA. YARA is described as “The Pattern Matching Swiss Knife for Malware Researchers.” Put simply, YARA is a program that lets you create descriptions of malware (YARA rules) and scan files or processes with them to see if they match.
Managing a ton of YARA rules in different repositories, plus your own sets of rules, can be a headache, so we decided to create a tool to help us manage our YARA rules and run scans. Today we are presenting this open source tool free to the public: YAYA, or Yet Another YARA Automation.” - https://www.eff.org/deeplinks/2020/09/introducing-yaya-new-threat-hunting-tool-eff-threat-lab
While we try to keep our writings at a level where most computer users can understand what we’re talking about, this week’s tip is quite a bit more technical than most. But for the malware researchers and threat hunters out there, this could be very useful.