Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that have occurred over the past few days. This week, read the Purple Fox infection chain observed by Trend Micro’s Managed XDR. Also discover the Log4j vulnerability which has the potential to cause “untold” damage.
A look at Purple Fox’s server infrastructure
In this blog, Trend Micro highlights the last steps in the Purple Fox chain of infection seen through Trend Micro’s Managed XDR, in particular, how it infects SQL databases by inserting a malicious SQL CLR assembly to get a persistent and more stealthy execution. It should be noted that most of the files used in this attack are not stored on disk and are either executed from memory after being extracted from the Command and Control (C&C) server or encrypted, after which they are loaded by another process.
Log4j software bug could cause “untold” damage: what you need to know
The discovery of a major security flaw in widely used logging software prompted much of the tech industry to scramble this weekend to get patches in place before the vulnerability could be exploited by cybercriminals. . If not fixed, the Apache Log4j Java Logging Library bug could be used by attackers to gain control of computer servers, potentially endangering favorite online services, as well as popular consumer devices. .
Patch Now Apache Log4j Vulnerability called Log4Shell actively exploited
A vulnerability in Apache Log4j, a widely used logging package for Java was found. The vulnerability, which could allow an attacker to execute arbitrary code by sending specially crafted log messages, has been identified as CVE-2021-44228 and has been assigned the name Log4Shell. It was first reported privately to Apache on November 24, and was patched with Log4j version 2.15.0 on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter.
Kronos Ransomware crash leads to widespread payroll chaos
Kronos, a workforce management platform, has been hit by a ransomware attack that it says will leave its cloud-based services down for several weeks – and it suggests customers are looking for more. other means of accomplishing payroll and other HR tasks. The blackout left in its wake cataclysmic problems for customers.
Collecting in the dark: Tropic Trooper targets transportation and government
Earth Centaur, formerly known as Tropic Trooper, is a long-standing cyber espionage threat group that has been active since 2011. Long-term monitoring of the group by Trend Micro shows threat actors are equipped with new tools and techniques. Actors appear to be targeting transportation industry organizations and government agencies related to transportation.
Ransomware attack hits Virginia legislature
Governor Northam has been informed of a ransomware attack against the Legislative Automated Legislative Systems Division, and has called on the relevant Executive Branch agencies to work expeditiously to offer any assistance in assessing and responding to this. current situation. The Legislative Automated Systems Division (DLAS) is the IT agency of the Virginia General Assembly. The General Assembly relies on DLAS for network infrastructure, desktop computing and printing services, according to its website.
New Yanluowang ransomware found to be code signed and terminates database related processes
In this blog, Trend Micro analyzes new samples of Yanluowang ransomware, a recently discovered family of ransomware. An interesting aspect of these samples is that the files are code-signed using a valid digital signature, which has either been stolen or fraudulently signed. They also end various processes, including Veeam and SQL, related to the management of databases and backups.
Ransomware suspect arrested for attacks on “high-level” organizations
Europol’s European Cybercrime Center worked with the Romanian National Police and the FBI in the arrest of a suspected ransomware affiliate who allegedly targeted leading organizations and businesses for their sensitive data. Europol said a 41-year-old man is accused of targeting organizations in ransomware attacks, encrypting files and stealing sensitive data. He is believed to have demanded a “large” cryptocurrency ransom and threatened to disclose the stolen data if the victim did not give in to the extortion attempt.
Volatile and adaptable: keeping pace with modern ransomware
In the first half of 2021, Trend Micro saw modern ransomware threats active and evolve, using double-extortion techniques to victimize targets. Unlike traditional ransomware tactics, today’s adversaries use private data stolen from victims’ machines to increase the pressure and threaten to leak valuable information to public leak sites if the ransom remains unpaid. Later in the year, our tracking of these threats, as well as legacy ransomware families, shows which attacks are growing and which families are particularly dangerous for businesses and private users.
Volvo confirms breach of R&D data theft
Volvo Cars has confirmed that a limited amount of its R&D assets were stolen when a third party illegally accessed one of its file repositories. After detecting the violation, Volvo put in place countermeasures, including measures to prevent further access to its property, and alerted authorities.
Dealing with Cloud Threats for IoT
The Covid-19 pandemic has made digital transformation an urgent necessity for organizations, pushing the adoption of a hybrid work model marked by remote connection and enabled by the convergence of the Internet of Things (IoT) and cloud computing. While large-scale IoT deployments offer a number of benefits, more IoT devices – and therefore a more complex IoT ecosystem – also means more security vulnerabilities from the edge to the cloud.
What do you think of the Log4j vulnerability? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.