Microsoft’s Defender Foils Akira Ransomware Attack! ๐Ÿฆ ๐Ÿ’ฅ

Oct 13 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that doesn't negotiate with cyber-terrorists โœŠโœŠโœŠ

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉนย 

Check out these freshly hatched patches!! ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Patchcake Tuesday ๐Ÿฅž

๐Ÿ”’๐Ÿ› ๏ธ Microsoft has dropped its October 2023 Patch Tuesday updates, tackling 103 software flaws, including 13 critical ones! ๐Ÿ˜ฑ

Two of these bugs were exploited in the wild. ๐Ÿ˜ฌ Notably, CVE-2023-36563 in WordPad and CVE-2023-41763 in Skype for Business. ๐Ÿ“„

๐Ÿ“ข Microsoft's also fixing many vulnerabilities in things like Message Queuing and IIS Server, so update ASAP! ๐Ÿš€๐Ÿ”ฅ Microsoft's putting VBScript on the deprecation path, so it'll be "feature on demand" before being axed from Windows! ๐Ÿšซ๐Ÿ”ต

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿฆธ Microsoft Defender to the rescue! Akira Ransomware attack foiled ๐Ÿ™Œ

  • ๐Ÿ•บ โ€˜Staying Aliveโ€™ (night-)fever sweeps Asia with malware attacking govts ๐Ÿ“€

  • ๐Ÿฆ‘ Donโ€™t get inked by unpatched Squid vulnerabilities, 2 years on ๐Ÿ•’ย 

Here come the Mic-ro-soft ๐ŸŽถ

Ransomware def-end-ers ๐Ÿฆธ๐Ÿ”ซ๐Ÿ˜Ž


๐Ÿ”’ Microsoft's Defender Foils Akira Ransomware Attack! ๐Ÿฆ ๐Ÿ’ฅ

๐Ÿ›ก๏ธ Microsoft successfully thwarted a major Akira ransomware attack in June 2023, targeting an undisclosed industrial organisation, thanks to Microsoft Defender for Endpoint!

๐Ÿฆ  The threat intel team is tracking Storm-1567 as the culprits. The attackers tried to use devices not connected to Microsoft Defender to evade detection. After some snooping and lateral moves, they used a compromised user account to encrypt devices. ๐Ÿ˜ฑ

๐Ÿšซ The good news? Microsoft's new automatic attack disruption feature stopped the breach accounts from accessing other resources, halting lateral movement. It essentially cuts off all in-and-out communication and thwarts human-operated attacks. ๐Ÿ™…โ€โ™‚๏ธ

๐Ÿฅ In August 2023, Microsoft's enterprise endpoint security platform also blocked lateral movement attempts against a medical research lab. The attackers tried resetting a default domain admin account's password. ๐Ÿ’ช

๐Ÿ’ผ Microsoft emphasizes that defending highly privileged user accounts is crucial as they can provide attackers with access to Active Directory and weaken traditional security measures. Identifying and containing these compromised accounts can halt attacks, even after initial access.

๐Ÿฆธ Microsoft for the win!

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

This attack gives us the heeBeeGeebees ๐Ÿ˜๐Ÿ™ˆ๐Ÿ˜ฌ

๐ŸŒ Stayin' Alive Campaign Targets Asian Government and Telecom Entities ๐Ÿ”

Since 2021, a campaign dubbed โ€˜Stayin' Aliveโ€™ has been actively targeting high-profile government and telecom organisations across Asia.

Cybersecurity firm Check Point is monitoring this ongoing threat, which deploys simple backdoors and loaders as the initial stage to deliver more advanced malware.

๐ŸŽฏ Targeted Regions: Stayin' Alive has its sights set on entities in Vietnam, Uzbekistan, Pakistan, and Kazakhstan.

๐Ÿ”ง Tools and Tactics: The attackers employ basic tools that show no clear code connections to known threat actors. These tools serve as disposable agents primarily for downloading and running additional malware payloads.

๐Ÿ”— Connection to ToddyCat: Notably, the campaign's infrastructure overlaps with that used by ToddyCat, a China-linked threat actor known for cyberattacks against government and military agencies in Europe and Asia.

๐Ÿ“ฉ Attack Chain: The attack chain initiates with spear-phishing emails containing ZIP file attachments with legitimate executables. These files leverage DLL side-loading to introduce a backdoor named CurKeep.

๐Ÿ“ก C2 Infrastructure: The command-and-control infrastructure includes various loader variants like CurLu, CurCore, and CurLog, which can execute remote commands and receive DLL files.

๐Ÿ•ต๏ธ Attribution Challenge: While there's no conclusive evidence linking Stayin' Alive to ToddyCat, the shared infrastructure and use of disposable tools make attribution challenging.

๐ŸŒ๐Ÿ“ˆ Growing Threat Landscape: This campaign highlights the trend of threat actors using disposable loaders and downloaders to evade detection, making it difficult to track and attribute their activities.

๐ŸŒ๐Ÿ’ป Broader Threat: Meanwhile, other threats are emerging, such as the open-source Go-based backdoor "BlueShell," targeting organisations in South Korea and Thailand.


Stay vigilant, as the cybersecurity landscape continues to evolve with new and sophisticated threats. ๐Ÿ”’๐Ÿš€

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

๐Ÿฆ‘ Squid Game ๐Ÿ’€

๐Ÿ•ณ๏ธ Squid Proxy Vulnerabilities Remain Unpatched for Two Years ๐Ÿ˜ฒ

Despite being responsibly disclosed by researcher Joshua Rogers in 2021, numerous vulnerabilities in the widely used Squid caching and forwarding web proxy remain unpatched.

Squid is an open source proxy used by many, often without users even realising it. It's embedded in home and office firewall devices and large-scale web proxy installations to boost internet access speeds and content delivery.

๐Ÿ” The Findings: Rogers found 55 vulnerabilities in Squid through fuzzing, manual code review, and static analysis. While some flaws were assigned CVE identifiers, a concerning 35 remain unpatched.

๐Ÿ”’ The Impact: These vulnerabilities can lead to crashes, and some could potentially allow arbitrary code execution, raising significant security concerns.

๐Ÿค Challenges for Developers: The Squid Team, while supportive, faces resource constraints. They are understaffed and unable to address all the issues promptly.

๐ŸŒ Wide Exposure: Over 2.5 million Squid instances are exposed on the internet, emphasising the need for vigilance.

๐Ÿ’ก Recommendations: Rogers suggests that those using Squid should reassess its suitability for their system and consider alternative solutions.

๐Ÿ‘จโ€๐Ÿ’ป Seeking Solutions: SecurityWeek has contacted Squid developers for comment and awaits their response.

In a rapidly evolving digital landscape, staying vigilant and regularly reviewing your technology stack for potential vulnerabilities is essential to maintain a secure environment.

Cheers guys! See you next week โœŒ๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.

  • โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles