Jul 06 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that keeps its nose clean when it comes to cybercrime, unlike Hunter Biden who’s added new meaning to the name White House 😤👀😂
Today’s hottest cyber security stories:
Red scare grips globe thanks to RedEnergy SaaR (Stealer-as-a-Ransomware)
Microsoft fixes bug behind Windows LSA protection warnings, again
EU discusses the Cyber Resilience Act, which will increase cybersecurity
Just kidding, folks. So, another day, another new term in the exciting world of cybersecurity (or should we say cybercrime 😑).
Today, it’s Stealer-as-a-Ransomware (SaaR) and it’s hitting energy and telecom companies in Brazil and the Philippines in the form of a nasty little threat dubbed RedEnergy.
So, before we get started, what is a SaaR? It’s quite simple really. And very unpleasant.
So, cybercriminals can now purchase (via the dark web or Telegram or a million other places) a diabolical brand of malware that can be hidden in the usual ways (phishing emails, dodgy landing pages) but once someone mistakenly downloads the dreaded .exe file, it immediately gets to work on them. How so?
Well, it encrypts all their files, deletes their backups and wickedly informs them via a ransom note normally hidden in their compromised folders that, to regain access to their precious files, they must (you guessed it!) pay the ransom 💀💀💀
Pretty scary, huh? It’s a scary prospect that the individual, as well as the large organisation or corporation, could now fall victim to automated ransomware attacks.
So, now we’re familiar with the joys of SaaR, what of RedEnergy specifically?
So, the nasty .exe file has been tricking people by using reputable LinkedIn pages redirecting users clicking on the website URLs to a bogus landing page that prompts them to update their web browsers by clicking on the appropriate icon (Google Chrome, Microsoft Edge, Mozilla Firefox, or Opera), doing so which results in the download a malicious executable.
They then get the officially signed genuine browser update .exe so are lulled into a false sense of thinking everything’s a-ok but, in reality, their fate has already been sealed. Another malicious SaaS file is already ripping the proverbial plane wing to bits like the little gremlin that it is!
Microsoft is once again rolling out an update for its Defender Antivirus software, after previously issuing it in April and then retracting it in May. The update aims to address a known issue that triggers Windows Security warnings indicating that Local Security Authority (LSA) Protection is turned off.
Windows 11 21H2 and 22H2 systems are affected by this problem, as reported by numerous users who received warnings stating "Local Security Authority protection is off. Your device may be vulnerable," even though LSA Protection was already enabled.
LSA Protection is a crucial security measure that shields Windows users from credential theft by preventing the injection of untrusted code into the LSASS.exe process. This protective measure thwarts attackers' attempts to extract sensitive information.
Microsoft attributes the issue to a flawed update for the Microsoft Defender Antivirus antimalware platform released in May. However, affected customers have been encountering these LSA Protection alerts since at least January 15.
The tech giant has now resolved the problem with an update identified as KB5007651 (Version 1.0.2306.10002) for the Windows Security platform's antimalware platform. Users who wish to install the update manually can check for updates before it is automatically installed.
Well, at least we got there in the end lol.
The major political groups in the European Parliament are expected to reach a consensus on the new cybersecurity regulation during a political meeting on Wednesday.
The proposed legislation, known as the Cyber Resilience Act, aims to establish cybersecurity requirements for Internet of Things (IoT) products, including mandatory security patches and vulnerability handling.
The lawmakers involved in the European Parliament's leading Industry Committee will discuss various aspects of the regulation during their meeting, such as the treatment of open source, the support period for products, reporting obligations, and the timeline for implementation.
Ahead of the political endorsement, the rapporteur Nicola Danti has shared a mostly consolidated version of the text, which was reviewed during a technical meeting on Monday. The committee is scheduled to vote on the regulation on July 19.
That’s all for today, folks!
So long and thanks for reading all the phish!