AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/13/2022

New ‘Luna Moth’ hackers breach orgs via fake subscription renewals

A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools (RAT) that enable the corporate data theft. The Incident Response team at cybersecurity company Sygnia has been tracking the activity of the Luna Moth ransom group, noting that the actor is trying to build a reputation using the name Silent Ransom Group (SRG). In a report earlier this month, Sygnia says that the modus operandi of Luna Moth (also tracked as TG2729) resembles that of a scammer, although the focus is on getting access to sensitive information.

 

Microsoft warns of massive phishing campaign that can bypass MFA

Microsoft security researchers have warned about a large-scale phishing campaign that can hijack Office 365 user accounts even when they’re protected with multifactor authentication (MFA). This campaign has attempted to target more than 10,000 organisations since September 2021, according to Microsoft’s threat data. Researchers said attackers are using stolen credentials and session cookies to access a victim’s mailbox and perform follow-on campaigns against other targets. In recent years, organisations have upped their security practices in the form of MFA, as relying on a single factor such as a password alone can be weak for many reasons. However, Microsoft said this cybercrime campaign is managing to circumvent the security measure through adversary-in-the-middle (AiTM) phishing.

 

Cyber Insurers Looking for New Risk Assessment Models

Cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims, said a report from cybersecurity company Panaseer released this week. The 2022 Cyber Insurance Market Trends Report found a lack of confidence in underwriting processes. Only 44% of insurers said they were very confident in evaluating cyber risk, with 46.5% warning that they were somewhat confident and almost one in 10 admitting that they were ‘not that confident’ in their underwriting capabilities for cyber insurance. Cloud security topped the list of factors when assessing a client’s security posture at 40%, according to the report. Security awareness and application security came next. Identity access management and endpoint detection and response – typically vital factors in avoiding phishing attacks and malware infection – came last, with just one in four cyber insurance companies considering these as important factors.

 

Older AMD, Intel chips vulnerable to data-leaking ‘Retbleed’ Spectre variant

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance. ETH Zurich computer scientists Johannes Wikner and Kaveh Razavi have dubbed the attack Retbleed, which they describe as an addition to the family of speculative-execution flaws known as Spectre-BTI (variant 2) that can be exploited by branch target injection. That’s a way to abuse a processor’s indirect branch predictors to manipulate which operations get speculatively executed after a near indirect branch instruction. Doing so – training the indirect branch predictor – allows an attacker to infer data values that should be kept secret.

 

The enemy of vulnerability management? Unrealistic expectations

One reoccurring discussion I’ve had is how long it takes for a new vulnerability to get exploited. The answer to that question is that it depends. And unfortunately, by the time you know about it, you’re already behind the curve. In some cases, active exploits exist before the vulnerability becomes public knowledge. On the other extreme, some vulnerabilities from the turn of the century still don’t have reliable active exploits. Much of this is like asking how long it takes to produce a new piece of software. Some software arrives ahead of schedule. Some software arrives so late that it becomes a joke. For example, the words Duke Nukem Forever still mean something to people of a certain age range. It was once an eagerly anticipated installment of a hugely popular video game franchise, but it took forever to produce and release, so the game was woefully obsolete when it finally hit the market.

Related Posts