AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/22/2022

Conti ransomware gang takes over TrickBot malware operation

After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware. TrickBot is a Windows malware platform that uses multiple modules for various malicious activities, including information stealing, password stealing, infiltrating Windows domains, initial access to networks, and malware delivery. TrickBot has dominated the malware threat landscape since 2016, partnering with ransomware gangs and causing havoc on millions of devices worldwide. The Ryuk ransomware gang initially partnered with TrickBot for initial access to works, but were replaced Conti Ransomware gang who has been using the malware for the past year to gain access to corporate networks.


T2 Mac security vulnerability means passwords can now be cracked

Passware was already able to crack passwords and decrypt FileVault-protected drives on older Macs without the T2 chip. This uses GPU acceleration to achieve brute-force attacks of literally tens of thousands of passwords per second, making it a trivial task to break into these Macs. Until recently, however, it wasn’t practical to mount brute-force attacks on Macs with a T2 chip. This is because the Mac password is not stored on the SSD, and the chip limits the number of password attempts that can be made, so you’d instead have to brute-force the decryption key, and that is so long it would take millions of years. However, 9to5Mac has learned that Passware is now offering an add-on module that can defeat Macs with the T2 chip, apparently by bypassing the features designed to prevent multiple guesses. Having defeated this protection, users can then apply the dictionary of their choice. Passware provides a dictionary of the 550,000 most commonly-used passwords (created from various data breaches), along with a larger one of 10 billion passwords.


White House accuses Russia of cyberattacks targeting Ukraine

The White House blamed Russia on Friday for recent cyberattacks targeting Ukraine’s Defence Ministry and major banks. The announcement from Anne Neuberger, the White House’s chief cyber official, was the most pointed attribution of responsibility for cyberattacks that unfolded as tensions escalate between Russia and Ukraine. The attacks this week, which knocked two major banks and government websites offline, were of “limited impact” since Ukrainian officials were able to quickly get their systems back up and running, but it is possible that the Russians were laying the groundwork for more destructive ones, Neuberger said. She said the U.S. had rapidly linked the attacks to Russia and was publicly blaming the Kremlin because of a need to “call out the behavior quickly.” She said there was no intelligence indicating that the U.S. would be targeted by a cyberattack.


U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The “Free Cybersecurity Services and Tools” resource hub comprises a mix of services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community. “Many organizations, both public and private, are target rich and resource poor,” CISA Director, Jen Easterly, said in a statement. “The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment.”


Beware of Hackers Dropping Malicious Executable Files in Teams Conversations

Cybersecurity researchers at Avanan security firm have recently detected that some threat actors are compromising Microsoft Teams. Because of the popularity of Microsoft, the threat actors are continuously targetting and aiming at Microsoft. The main motive of the threat actor is to plant malicious documents in the chat threads, which generally implement Trojans. And there is a total of 270 million users that are relying on Microsoft Teams. The cybersecurity researchers of Avanan noticed and detected that the threat actors have initially started to drop the malicious executable file. Not only this, but the threat actors are dropping these files in conversation on the communication platform of Microsoft Teams.

Related Posts