Microsoft’s Defender Foils Akira Ransomware Attack! 🦠💥

Oct 13 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that doesn’t negotiate with cyber-terrorists ✊✊✊

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Check out these freshly hatched patches!! 🐣🐣🐣

Patchcake Tuesday 🥞

🔒🛠️ Microsoft has dropped its October 2023 Patch Tuesday updates, tackling 103 software flaws, including 13 critical ones! 😱

Two of these bugs were exploited in the wild. 😬 Notably, CVE-2023-36563 in WordPad and CVE-2023-41763 in Skype for Business. 📄

📢 Microsoft’s also fixing many vulnerabilities in things like Message Queuing and IIS Server, so update ASAP! 🚀🔥 Microsoft’s putting VBScript on the deprecation path, so it’ll be “feature on demand” before being axed from Windows! 🚫🔵

Now, on to today’s hottest cybersecurity stories:

  • 🦸 Microsoft Defender to the rescue! Akira Ransomware attack foiled 🙌

  • 🕺 ‘Staying Alive’ (night-)fever sweeps Asia with malware attacking govts 📀

  • 🦑 Don’t get inked by unpatched Squid vulnerabilities, 2 years on 🕒

Here come the Mic-ro-soft 🎶

Ransomware def-end-ers 🦸🔫😎

#MIB

 

giphy.com

 

🔒 Microsoft’s Defender Foils Akira Ransomware Attack! 🦠💥

🛡️ Microsoft successfully thwarted a major Akira ransomware attack in June 2023, targeting an undisclosed industrial organisation, thanks to Microsoft Defender for Endpoint!

🦠 The threat intel team is tracking Storm-1567 as the culprits. The attackers tried to use devices not connected to Microsoft Defender to evade detection. After some snooping and lateral moves, they used a compromised user account to encrypt devices. 😱

🚫 The good news? Microsoft’s new automatic attack disruption feature stopped the breach accounts from accessing other resources, halting lateral movement. It essentially cuts off all in-and-out communication and thwarts human-operated attacks. 🙅‍♂️

🏥 In August 2023, Microsoft’s enterprise endpoint security platform also blocked lateral movement attempts against a medical research lab. The attackers tried resetting a default domain admin account’s password. 💪

💼 Microsoft emphasizes that defending highly privileged user accounts is crucial as they can provide attackers with access to Active Directory and weaken traditional security measures. Identifying and containing these compromised accounts can halt attacks, even after initial access.

🦸 Microsoft for the win!

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

This attack gives us the heeBeeGeebees 😏🙈😬

 

giphy.com

 

🌐 Stayin’ Alive Campaign Targets Asian Government and Telecom Entities 🔍

Since 2021, a campaign dubbed ‘Stayin’ Alive’ has been actively targeting high-profile government and telecom organisations across Asia.

Cybersecurity firm Check Point is monitoring this ongoing threat, which deploys simple backdoors and loaders as the initial stage to deliver more advanced malware.

🎯 Targeted Regions: Stayin’ Alive has its sights set on entities in Vietnam, Uzbekistan, Pakistan, and Kazakhstan.

🔧 Tools and Tactics: The attackers employ basic tools that show no clear code connections to known threat actors. These tools serve as disposable agents primarily for downloading and running additional malware payloads.

🔗 Connection to ToddyCat: Notably, the campaign’s infrastructure overlaps with that used by ToddyCat, a China-linked threat actor known for cyberattacks against government and military agencies in Europe and Asia.

📩 Attack Chain: The attack chain initiates with spear-phishing emails containing ZIP file attachments with legitimate executables. These files leverage DLL side-loading to introduce a backdoor named CurKeep.

📡 C2 Infrastructure: The command-and-control infrastructure includes various loader variants like CurLu, CurCore, and CurLog, which can execute remote commands and receive DLL files.

🕵️ Attribution Challenge: While there’s no conclusive evidence linking Stayin’ Alive to ToddyCat, the shared infrastructure and use of disposable tools make attribution challenging.

🌐📈 Growing Threat Landscape: This campaign highlights the trend of threat actors using disposable loaders and downloaders to evade detection, making it difficult to track and attribute their activities.

🌐💻 Broader Threat: Meanwhile, other threats are emerging, such as the open-source Go-based backdoor “BlueShell,” targeting organisations in South Korea and Thailand.

Stay vigilant, as the cybersecurity landscape continues to evolve with new and sophisticated threats. 🔒🚀

🎣 Catch of the Day!! 🌊🐟🦞

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)


🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

🦑 Squid Game 💀

 

giphy.com

 

🕳️ Squid Proxy Vulnerabilities Remain Unpatched for Two Years 😲

Despite being responsibly disclosed by researcher Joshua Rogers in 2021, numerous vulnerabilities in the widely used Squid caching and forwarding web proxy remain unpatched.

Squid is an open source proxy used by many, often without users even realising it. It’s embedded in home and office firewall devices and large-scale web proxy installations to boost internet access speeds and content delivery.

🔍 The Findings: Rogers found 55 vulnerabilities in Squid through fuzzing, manual code review, and static analysis. While some flaws were assigned CVE identifiers, a concerning 35 remain unpatched.

🔒 The Impact: These vulnerabilities can lead to crashes, and some could potentially allow arbitrary code execution, raising significant security concerns.

🤝 Challenges for Developers: The Squid Team, while supportive, faces resource constraints. They are understaffed and unable to address all the issues promptly.

🌐 Wide Exposure: Over 2.5 million Squid instances are exposed on the internet, emphasising the need for vigilance.

💡 Recommendations: Rogers suggests that those using Squid should reassess its suitability for their system and consider alternative solutions.

👨‍💻 Seeking Solutions: SecurityWeek has contacted Squid developers for comment and awaits their response.

In a rapidly evolving digital landscape, staying vigilant and regularly reviewing your technology stack for potential vulnerabilities is essential to maintain a secure environment.

Cheers guys! See you next week ✌️

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 💊 HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.

  • Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • 🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles