Threat Intel

Welcome to another threat update, this week we look at some interesting twitter dumpster fires and a highly targeted ransomware campaign

Unbackable wallets – would you trust your funds with this device?

You got root sir but that’s not a hack! The world turns upside-down and inside out when @cybergibbons and a band of hackers go on rage mode at the claims from John McAfee and BitFi that their wallet is un-hackable and the ‘restrictions’ placed on the bug bounty.

https://twitter.com/officialmcafee/status/1024385313966379010

Use a password manager, no really!

@ingnl caused some fun when they recommend not using password managers which went down well with the twitter infosec community. Just so everyone is aware, we recommend using a password manager.

We’ve even made this super complicated diagram to outline this!

SamSam ransomware

A friendly name with a not so friendly outcome! Cyber criminals are making targeted ransomware attacks with huge pay outs! So far, it’s reported they have made ~6 Million Dollars. These attacks are targeted against U.S and uses a knocking on the door approach of password brute force (e.g. RDP brute force attack) followed by using mainly a living of the land (built in windows tools) and a few exploits to pwn their vitcims. The main vulnerability here seems to be weak authentication (weak passwords, lack of MFA etc.) attacking commonly (but crazily) internet facing RDS deployments (for god sake use an IP whitelist or ideally RDS gateway, oh and MFA)

Sophos has done a great job writing a paper for this, it’s well worth a read!

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf

https://www.wired.co.uk/article/samsam-ransomware

Defend all the things!

Remember, if you are going to be able to defend all the things, you should at least get the basics right! If you haven’t already got this in your organisation, I strongly recommend looking at Cyber Essentials!

https://www.cyberessentials.ncsc.gov.uk/

But don’t think you should stop here! There’s a lot more that can be done to protect your brand, customers and business by implementing out of the box hardening on most common operating systems and devices.

Xservus has created a simple spreadsheet which can help you understand how strong your Endpoint Security Controls are: https://github.com/Xservus/Assessments/blob/master/Endpoint%20Security%20Controls%20Assessment.xlsx

Or if you need more formal support please get in contact with @PSTG and @Xservus and we’ll be happy to help.

Leave a Reply