New “Yanluowang” ransomware variant discovered
Named for the extension it adds to encrypted files, the new ransomware was discovered by Symantec during its investigation into an attack against an unnamed “large organization.” After deploying the command-line Active Directory query tool AdFind for reconnaissance, it stops all hypervisor machines running on the targeted machine, and drops a ransom note warning victims not to contact the police or any specialized ransomware negotiation firms, or suffer DDoS as well as ‘calls to employees and business partners.’ Yanluowang refers to a Chinese deity linked to the underworld, although Symantec had no confirmation about the origin of the threat group.
Financial regulator addresses hybrid working security risks
The UK’s Financial Conduct Authority (FCA) has released new guidance for helping organizations transition more securely to hybrid working practices. The regulator warned that “financial sector firms must provide evidence that “the lack of a centralized location or remote working” doesn’t increase the risk of financial crime.” It also insists that they provide evidence of “satisfactory planning” in several areas including risk, compliance and audit, and the increased use of portable laptop computers.
(InfoSecurity)
DocuSign phishing campaign targets low-ranking employees
Phishing actors are starting to target non-executive employees but may not be highest on the hill, but who still have access to valuable areas within an organization. Researchers at Avanan state that half of all phishing emails they have analyzed recently months “impersonated non-executives, and 77% of them targeted employees on the same level.” Some of these use a spoofed version of DocuSign to fulfill an employee request to update their direct deposit information for example, and which asks for the login password – something that a real DocuSign document would not do. Analysts say this is a direct result of senior executives becoming more vigilant and better protected.
Australia unveils ransomware action plan to combat cyberattacks
The government is also collaborating with international and business partners to protect Australians against global ransomware threats. The Ransomware Action Plan is built on three objectives – Prepare and Prevent; Respond and Recover; Disrupt and Deter. The program seeks to launch additional operational activity to target criminals seeking to disrupt and profit from Australian businesses and individuals, and establish a multi-agency taskforce Operation Orcus as Australia’s strongest response to the surging ransomware threat, led by the Australian Federal Police.
(CISOMag)
Thanks to our episode sponsor, Bitsight
Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation
According to Kaspersky, Chinese cyberespionage group has been exploiting one of the vulnerabilities patched on Tuesday by Microsoft, since at least August. The campaigns targeted IT companies, defense contractors and diplomatic entities. “The malware deployed with the exploit and its command-and-control infrastructure point to a connection with a known Chinese APT group tracked as IronHusky that has been operating since 2017, but also with other China-based APT activity going back to 2012.” The hackers used the privilege escalation exploit to deploy a remote shell Trojan (RAT) that Kaspersky dubbed MysterySnail. Attackers can use this malware program to execute Windows shell commands, gather information about the disks and folders, delete, read and upload files, kill processes and more.
Microsoft says Azure fended off what might just be the world’s biggest-ever DDoS attack
The attack, which clocked in at 2.4Tbit/sec, originated from approximately 70,000 sources from multiple countries in the Asia-Pacific region, as well as from the United States.” The attackers used UDP reflection, a technique that sees an attacker send packets to an intermediate server – the “reflector.” Azure’s DDoS-reflection powers saw off the attack, which targeted what Microsoft will only say was an “Azure customer in Europe.”
Azure Emissions Dashboard shows how you and Microsoft are slowly killing the planet
Speaking of Azure, Microsoft has made its Emissions Impact Dashboard – formerly known as the Sustainability Calculator, and designed to measure the carbon impact of cloud workloads – generally available. The dashboard rates cloud power usage by scopes, Scope 1 being direct emissions such as from fuel for backup power generators, Scope 2 is emissions from energy consumed, primarily electricity, and Scope 3 is indirect emissions including such objects as manufacturing and delivering servers and racks. Although it as some detractors, and some vague calculations, Microsoft expects that it should draw attention to reducing unnecessary consumption of computing resources.