 An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals around the globe, we are now dealing with a threat landscape that's become more intense, complex, and saturated than ever before. And many organizations, having already faced operational setbacks prompted by the sudden transition to a fully remote workplace, are finding it challenging to allocate sufficient resources toward managing and mitigating these growing and evolving threats. Considering the expanding nature of today's cyber threats, business leaders must continually utilize up-to-date threat intelligence and invest in the resources necessary to more efficiently protect what is now a larger, more fluid attack surface. The changes happening across the cyber threat landscape are more dramatic and the risks are greater due to the recent network changes. This makes accurate and actionable threat intelligence even more crucial. This blog highlights the cyber criminal community's ability to adapt and take advantage of low-hanging fruit to achieve their goals. The pandemic has reinforced what many industry professionals have already recognized and championed for quite some time: Effective cybersecurity requires constant vigilance and the ability to adapt to changing threat strategies. While security should have been a top priority all along, now may be the time to consider investing in broader, more advanced, and more adaptable cybersecurity solutions - especially as cyber criminals are adapting their attack methods to leverage personal devices as a springboard into enterprise networks. With this in mind, shoring up remote systems and networks security should make the top of the to-do list. Regardless of the state of the world around us, the best way to protect against ever-evolving malicious activity is to take a comprehensive, integrated approach to cybersecurity. A vital component of this is continuous access to up-to-date threat intelligence and cybersecurity training. Ashco Systems is committed to addressing this need by providing leading-edge insights into the cybersecurity threat landscape through our threat research team, advanced threat detection technologies, and in-depth reporting on advancing threat trends. If you have technical questions or need assistance, contact us at info@ashcosystems.com.  WordPress.Cherry.Plugin.import-export.Arbitrary.File.Upload – This indicates an attack attempt against an Arbitrary File Upload vulnerability in WordPress Cherry Plugin. The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted request. It allows a remote attacker to upload an arbitrary file onto vulnerable systems via a crafted request. We recommend applying the most recent upgrade or patch. All versions before WordPress Cherry Plugin v1.2.8.2 are affected.  CISA Warning: SlothfulMedia – The U.S. Cyber Command published a warning about a new implant called SlothfulMedia, a remote access Trojan that has been detected in attacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine. SlothfulMedia is categorized as an information stealer. Currently, the dropper malware is attributed to an anonymous, sophisticated threat actor. Once executed, it deploys two files. The first is a remote access tool named mediaplayer.exe with the capabilities of terminating processes, running arbitrary commands, modifying registry entries, enabling screen capture, and modifying files on the victim's machine. The communications seem to be happening via HTTP to their command-and-control server. The second file deletes the mediaplayer.exe once executed and achieves persistence trough a service named Task Frame.
AV Signatures: W32/SlothFulMedia.2E0F!tr W32/SlothFulMedia.4EE8!tr W32/SlothFulMedia.9C8B!tr Indicator(s): 64d78eec46c9ddd4b9a366de62ba0f2813267dc4393bc79e4c9a51a9bb7e6273 927d945476191a3523884f4c0784fb71c16b7738bd7f2abd1e3a198af403f0ae 4186b5beb576aa611b84cbe95781c9dccca6762f260ac7a48f6727840fc057fa Web Filtering New Dridex Malware Campaign – Dridex is a Trojan malware (also known as Bugat and Cridex) that is capable of stealing a victim's online banking and system information from an infected machine. FortiGuard Labs has been tracking Dridex activities for a long time. Recently, an independent malware hunter disclosed a new malspam campaign actively distributing the Dridex malware. The campaign begins with a malspam email written in English using fake invoices as a lure. The malspam emails contain different links that all download a macro Word document. Once the macro has executed, it infects victims' computers and starts to contact malicious websites and download DLLs related to the Dridex malware. However, the malware infection chain checks whether the malicious Word document has already been downloaded onto a machine. If it has, the user gets redirected to another site: "solvay[.]com/en". The email attachments have many similarities to the Emotet documents that we have seen in the past. Indicator(s): awak[.]business thuexedanangkhatran[.]com sales[.]balancedearnings[.]com immobilier-en-perigord[.]com tugrulgulenc[.]com[.]tr dnztasimacilik[.]com[.]tr invoice[.]kirtiagarwal[.]com thecrossfithandbook[.]com wc[.]albatronic[.]es mail[.]misbahelmudii[.]org rehaozelegitim[.]com biais[.]com[.]tr sintecor[.]cl sergioluizehenrique[.]com[.]br jigsaw[.]watch kazanagroceryandgifts[.]com latest[.]sowilo[.]co[.]za aksmusicgroup[.]com fit-city[.]online pumppazh[.]com murfreesboro[.]fairwayconcierge[.]com ryner[.]net[.]au sunnysidecafemi[.]com visum360[.]com[.]uy yungen[.]kevinmccollow[.]com Our Research & Insights: Whitepaper: Effective Cyber Security Strategies during the Covid-19 Pandemic Whitepaper: The Essential Guide to Securing Remote Access Secure Devops: Learn how to make security integral into your DevOps process. E-Book: Effective Security Strategies for Devops & Application Services E-Book: How to Build a Next Generation Security Operations Center
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
Book Free - Cyber Security Assessment & Consultation!
Follow Us and Share on Social Media. Join the Community to fight cyber crime.
|
- Home
- Solutions
- Services
-
Company
- About Us
- Customer Success Story
-
Free Resources
>
- Whitepaper - How To Prioritize Risk Across the Attack Surface
- The Ultimate Guide to Achieving Cyber Essentials Plus Certification
- ISO 27001 Implementation Checklist
- Whitepaper - What is Credential Stuffing? How To Prevent Credential Stuffing Attacks.
- eBook: Effective Security Strategies for Devops & Application Services
- eBook - How To Build A Next Generation SOC
- Free Cyber Security Assessment & Consultation
- Free Trial >
- Careers >
- Contact Us
- Blog
- Privacy-Policy
- SHOP
© 2023 Armoryze Consultancy Services, All Rights Reserved
