News – October 2022


  • APT10: Tracking down LODEINFO 2022, part I

    October 31, 2022

    Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and ...

  • CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

    October 31, 2022

    CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number ...

  • Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure

    October 31, 2022

    While advanced persistent threats get the most breathless coverage in the news, many threat actors have money on their mind rather than espionage. You can learn a lot about the innovations used by these financially motivated groups by watching banking Trojans. Because attackers constantly create new techniques to evade detection and perform malicious acts, studying monetarily ...

  • Actively exploited Windows MoTW zero-day gets unofficial patch

    October 30, 2022

    A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11. Last weekend, BleepingComputer reported that threat actors were using stand-alone JavaScript files to install the Magniber ransomware on victims’ devices. When a user downloads a file from ...

  • New Azov data wiper tries to frame researchers and BleepingComputer

    October 30, 2022

    A new and destructive ‘Azov Ransomware’ data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack. The Azov Ransomware falsely claims to have been created by a well-known security researcher named Hasherazade and lists other researchers, myself, and BleepingComputer, ...

  • Russian spies ‘hacked Liz Truss’s phone and stole sensitive messages’

    October 29, 2022

    Liz Truss had her phone hacked by Kremlin spies while she was working as foreign secretary, according to a report. The former prime minister’s personal messages with former chancellor Kwasi Kwarteng were raided, as well as sensitive details of international negotiations, it is claimed. Security services discovered the major security breach during the summer Tory leadership election, ...

  • Largest EU copper producer Aurubis suffers cyberattack, IT outage

    October 28, 2022

    German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack’s spread. Aurubis is Europe’s largest copper producer and the second largest in the world, with 6,900 employees worldwide, and produces one million tonnes of copper cathodes yearly. In an announcement published on their website, ...

  • Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign

    October 28, 2022

    Symantec, by Broadcom Software, has discovered a previously undocumented dropper that is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs. The dropper (Trojan.Geppei) is being used by an actor Symantec calls Cranefly (aka UNC3524), to install another piece of ...

  • Malaysia to champion global cyber security agenda through the inaugural CyberDSA

    October 28, 2022

    Set to debut in 2023, the annual event was officiated by the Minister of Communications and Multimedia Kuala Lumpur, 28 October 2022:  – Malaysia is set to host the inaugural Cyber Defence and Security Asia Expo and Conference (CyberDSA) which will be held annually from next year. The event will take place over three days from ...

  • Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies

    October 28, 2022

    The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint guide to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. These attacks can cost an organization time and money and may impose ...

  • CISA Releases Four Industrial Control Systems Advisories

    October 28, 2022

    CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-300-01 Rockwell Automation FactoryTalk Alarm and Events Server ICSA-22-300-02 SAUTER Controls moduWeb ICSA-22-300-03 Rockwell ...

  • Defeating Guloader Anti-Analysis Technique

    October 28, 2022

    Unit 42 researchers recently discovered a Guloader variant that contains a shellcode payload protected by anti-analysis techniques, which are meant to slow human analysts and sandboxes processing this sample. To help speed analysis for this sample and others like it, we are providing a complete Python script to deobfuscate the Guloader sample that is available ...

  • Google fixes seventh Chrome zero-day exploited in attacks this year

    October 28, 2022

    Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks. The high-severity flaw (CVE-2022-3723) is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast. “Google is aware of reports that an exploit for ...

  • Biden now wants to toughen up chemical sector’s cybersecurity

    October 27, 2022

    The White House is adding the chemical sector to a program launched last year to improve cybersecurity capabilities within America’s critical infrastructure industries. The addition makes chemical facilities and manufacturers the fourth sector under the Biden Administration’s Industrial Control Systems (ICS) Cybersecurity Initiative, which rolled out in July 2021 following the ransomware attack on Colonial Pipeline ...

  • Manufacturing Cybersecurity: Trends & Survey Response

    October 27, 2022

    Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and ...