Tag Archive for: Wave

Cisco’s Talos security bods predict new wave of Excel Hell • The Register

/in


It took a few years and one temporary halt, but in July Microsoft finally began blocking certain macros by default in Word, Excel, and PowerPoint, cutting off a popular attack vector for those who target users of Microsoft’s Windows OS and Office suite.

While recent versions of Office block Visual Basic for Applications (VBA) macros by default, older versions of the suite and its component programs remain enormously prevalent.

Blocking macros therefore won’t deter cybercriminals from targeting Microsoft’s signature productivity applications. They’ll just have to find other options.

A report released on Tuesday by researchers from Cisco’s Talos threat intelligence group dissected one: XLL files in Excel.

Microsoft describes XLL files as “a type of dynamic link library (DLL) file that can only be opened by Excel”. They exist to let third-party apps add extra functionality to the spreadsheet.

Miscreants have used XLLs in attacks for several years, with the first malicious samples submitted to VirusTotal in mid-2017.

“For quite some time after that, the usage of XLL files is only sporadic and it does not increase significantly until the end of 2021, when commodity malware families such as Dridex and Formbook started using it,” Vanja Svajcer, outreach researcher for Talos, wrote in the report.

“Currently a significant number of advanced persistent threat actors and commodity malware families are using XLLs as an infection vector and this number continues to grow.”

Those high-profile groups include APT10, a China-linked gang also known as Chessmaster, Potassium, and menuPass that has used XLLs to inject the Anel Backdoor malware. TA410, a cyberespionage group also known as Cicada or Stone Panda, is another user. DoNot, another APT group, and Fin7, a Russia-based organization are also admirers. Fin7 earlier this year began using XLLs sent…

Source…

Russian government websites face ‘unprecedented’ wave of hacking attacks, ministry says

/in


“We are recording unprecedented attacks on the websites of government authorities,” the statement said. “If their capacity at peak times reached 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents of this type previously recorded.”

Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”

Top news items on the ministry’s front page were changed to “Don’t believe Russian media — they lie” and “Default in Russia is near,” along with a link offering “full information about the war in Ukraine.”

Also Wednesday, insults aimed at President Vladimir Putin and Russians over the situation in Ukraine were added to dozens of Russian judicial websites.

Under recent Russian laws against spreading “fake news about the military,” the use of the words “war” or “invasion” to describe what the Kremlin calls a “special military operation in Ukraine” is punishable with hefty fines and years in prison.

A few days after Russia began its attack on Ukraine, the state-run news agency Tass was hacked and defaced with an ad urging people to “take to the streets against the war.”

Russia’s main public services portal, Gosuslugi, had sustained more than 50 crippling denial-of-service attacks, the Russian Communications Ministry said on Feb. 26.

In early March, multiple other websites were hacked, including the Ministry of Culture, the Federal Penitentiary Service and the Internet regulator Roskomnadzor.

Source…

Germany protests to Russia over wave of cyber attacks

/in


Germany has accused Russia of launching a series of cyberattacks on politicians, allegedly blocking Moscow from deciding on a successor to Chancellor Angela Merkel in this month’s elections.

Germany’s Ministry of Foreign Affairs said it held Russia responsible for illegally targeting politicians in many countries and regions in “phishing” emails to access personal information.

These “unacceptable behaviors” pose a risk to Germany’s security and its democratic decision-making process. [placed] Andrea Sasse, a spokeswoman for the German Foreign Ministry, puts a heavy burden on bilateral relations with Russia. “

According to Sasse, Secretary of State Miguel Berger passed the German protest directly to Russia’s Deputy Foreign Minister Vladimir Titov at a meeting of the Security Policy Working Group of both countries last week.

Warnings precede what appears to be the most open elections in recent German history, and polls could signal the arrival of months of uncertainty in Europe’s most powerful nation. Point out some decisive results.It lowers the curtain Merkel’s 16-year reign As prime minister.

Several polls point to the victory of the centre-left Social Democratic Party and their candidate for prime minister, Olaf Scholz. NS INSA poll Announced on Monday, SPD is 26 percent, CDU / CSU is 20.5 percent, opposition Greens is 15.5 percent, and professional business Liberal Democrats are 12.5 percent.

It is unknown which party Moscow wants to win the election. Both CDU / CSU prime minister candidates Scholz and Armin Laschet gave Russia an emollient tone.

However, Greens candidate Annalena Baerbock is very critical of the Kremlin and is a pipeline across the Baltic Sea that bypasses Ukraine and carries Russian gas directly to Europe Nord Stream 2. I am against. Critics say it will increase Europe’s reliance on Russia’s energy exports.

In Berlin, there is growing concern that Russia may attempt to recreate its interference with the 2016 US elections. Thomas Haldenwang, head of the German national intelligence agency BfV, said: Said in July Foreign intelligence agencies saw parliamentary elections as an “important goal” and were looking for ways to…

Source…

The Second Wave of a Ransomware Pandemic

/in


In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains. The report discussed the future forecast for ransomware and how we imagined the threat would progress in the immediate future. Just six months later, these predictions have already become a reality. In this part of our discussion about the ransomware pandemic, we shall examine these developments and discuss exactly how we, as a community, can begin to confront this ongoing struggle.

Six Months of Chaos

Since the beginning of 2021, ransomware has dominated headlines across the globe. We have witnessed some of the most significant ransomware attacks the world has ever seen—events that have already changed the landscape, evidenced in the way world leaders are responding to these attacks, altering policies and beginning to consider real-world responses.
It is now estimated that worldwide, the cost of ransomware attacks will exceed $265 billion in the next decade, spiralling out of control by 2031 if a solution is not identified. Health care has continued to be a high-value target in these attacks, with significant breaches against Ireland’s department of health and a major attack against New Zealand’s health care system so far this year, both attributed to ransomware. These compromises led to the cancellation of major surgeries and appointments, causing disruption and backlogs in a sector already under a phenomenal amount of pressure.

In May 2021, cyberinsurance giant AXA was hit by a controversial attack, just one week after announcing that they would no longer be covering ransom payments in their cyberinsurance policies. In June 2021 JBS USA Holdings Inc., the world’s largest meat supplier, met an $11 million ransom demand after their systems were compromised, with the CEO stating, “It was very painful to pay the criminals, but we did the right thing for our customers.”

Another sector that has taken a huge hit in 2021 is critical infrastructure. The attack against U.S. fuel supplier Colonial Pipeline in May this year attracted arguably the most public attention the cybersecurity community…

Source…