This Week in Security News – January 28th, 2022

Read on:

Codex Exposed Task Automation and Response Consistency

In this blog series, Trend Micro explores different aspects of Codex and assess its capabilities with a focus on the security aspects that affect not only regular developers, but also malicious users. Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage. In this series, Trend Micro explores if a tool like Codex is reliable enough to be scripted and left to run unsupervised, generating the required code.

White House Clamps Down on Federal Cybersecurity After Big Hacks

The White House plans to release an ambitious strategy to make federal agencies tighten their cybersecurity controls after a series of high-profile hacks against government and private infrastructure in the last two years. Under the strategy, federal employees will have until the end of the 2024 fiscal year to sign on to agency networks using multiple layers of security.

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

Trend Micro observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution. Users and businesses are cautioned to detect, block, and enable the relevant security measures to prevent compromise using Emotet for second stage delivery of malware such as TrickBot and Cobalt Strike.

Belarus Activists Fire Ransomware at State Railway

A group of Belarusian cyber-activists are claiming to have successfully launched a ransomware attack on the country’s state-run train company in a bid to disrupt Russian troop movements. The group claimed to have the decryption keys that they are ready to return the train network to normal mode. However, its preconditions – the return of 50 political prisoners in need of medical assistance and the prevention of Russian troops entering the country – are unlikely to be met.

Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal

Trend Micro investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat (APT) group, and discuss its use of CapraRAT, an Android RAT with clear similarities in design to the group’s favored Windows malware, Crimson RAT. This APT group has been known to use social engineering and phishing lures as an entry point, after which, it deploys the Crimson RAT malware to steal information from its victims.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

Law enforcement action typically does little to deter cybercriminal activity, but last week’s arrests in Russia of several members of the notorious REvil ransomware group, as well as the dismantling of its criminal infrastructure, appear to have finally grabbed the attention of at least some threat actors. Researchers from Trustwave who regularly track chatter on underground forums this week observed signs of considerable anxiety and consternation among Eastern-European cybercriminals in the days following the REvil arrests.

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

In Trend Micro’s monitoring of the LockBit ransomware’s intrusion set, we found an announcement for LockBit Linux-ESXi Locker version 1.0 on October 2021 in the underground forum “RAMP,” where potential affiliates can find it. This signifies the LockBit ransomware group’s efforts to expand its targets to Linux hosts.

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research and Intelligence and Incident Response teams, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a second-stage payload onto the victimized systems.

TianySpy Malware Uses Smishing Disguised as Message from Telco

Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services.

QNAP Warns of New Deadbolt Ransomware Encrypting NAS Devices

QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain.

5G and Aviation: A Look Into Security and Technology Upgrades Working in Tandem

In this article, Trend Micro breaks down the risks between 5G and aircraft instruments, the potential safety and security impact of the concerns, and recommendations for these technologies in terms of maintaining efficiency for safety and upgrades in the aviation industry. While 5G has features capable of supporting communications for airplanes, airports, and drone air traffic control, it is the interference between the radio signals used by the new technology (5G) and older technology (radar altimeters) that is seen as the source of these risks.

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. This blog introduces the topic and research and the full findings of this research will be presented at the S4X22 Conference in April 2022.

What do you think about the White House’s zero-trust approach? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE