An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals around the globe, we are now dealing with a threat landscape that's become more intense, complex, and saturated than ever before. And many organizations, having already faced operational setbacks prompted by the sudden transition to a fully remote workplace, are finding it challenging to allocate sufficient resources toward managing and mitigating these growing and evolving threats.
Considering the expanding nature of today's cyber threats, business leaders must continually utilize up-to-date threat intelligence and invest in the resources necessary to more efficiently protect what is now a larger, more fluid attack surface. The changes happening across the cyber threat landscape are more dramatic and the risks are greater due to the recent network changes. This makes accurate and actionable threat intelligence even more crucial. This blog highlights the cyber criminal community's ability to adapt and take advantage of low-hanging fruit to achieve their goals.
The pandemic has reinforced what many industry professionals have already recognized and championed for quite some time: Effective cybersecurity requires constant vigilance and the ability to adapt to changing threat strategies. While security should have been a top priority all along, now may be the time to consider investing in broader, more advanced, and more adaptable cybersecurity solutions - especially as cyber criminals are adapting their attack methods to leverage personal devices as a springboard into enterprise networks. With this in mind, shoring up remote systems and networks security should make the top of the to-do list.
Regardless of the state of the world around us, the best way to protect against ever-evolving malicious activity is to take a comprehensive, integrated approach to cybersecurity. A vital component of this is continuous access to up-to-date threat intelligence and cybersecurity training. Ashco Systems is committed to addressing this need by providing leading-edge insights into the cybersecurity threat landscape through our threat research team, advanced threat detection technologies, and in-depth reporting on advancing threat trends. If you have technical questions or need assistance, contact us at firstname.lastname@example.org.
WordPress.Cherry.Plugin.import-export.Arbitrary.File.Upload – This indicates an attack attempt against an Arbitrary File Upload vulnerability in WordPress Cherry Plugin. The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted request. It allows a remote attacker to upload an arbitrary file onto vulnerable systems via a crafted request. We recommend applying the most recent upgrade or patch. All versions before WordPress Cherry Plugin v220.127.116.11 are affected.
CISA Warning: SlothfulMedia – The U.S. Cyber Command published a warning about a new implant called SlothfulMedia, a remote access Trojan that has been detected in attacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine. SlothfulMedia is categorized as an information stealer. Currently, the dropper malware is attributed to an anonymous, sophisticated threat actor. Once executed, it deploys two files. The first is a remote access tool named mediaplayer.exe with the capabilities of terminating processes, running arbitrary commands, modifying registry entries, enabling screen capture, and modifying files on the victim's machine. The communications seem to be happening via HTTP to their command-and-control server. The second file deletes the mediaplayer.exe once executed and achieves persistence trough a service named Task Frame.
New Dridex Malware Campaign – Dridex is a Trojan malware (also known as Bugat and Cridex) that is capable of stealing a victim's online banking and system information from an infected machine. FortiGuard Labs has been tracking Dridex activities for a long time. Recently, an independent malware hunter disclosed a new malspam campaign actively distributing the Dridex malware. The campaign begins with a malspam email written in English using fake invoices as a lure. The malspam emails contain different links that all download a macro Word document. Once the macro has executed, it infects victims' computers and starts to contact malicious websites and download DLLs related to the Dridex malware. However, the malware infection chain checks whether the malicious Word document has already been downloaded onto a machine. If it has, the user gets redirected to another site: "solvay[.]com/en". The email attachments have many similarities to the Emotet documents that we have seen in the past.
Our Research & Insights:
Whitepaper: Effective Cyber Security Strategies during the Covid-19 Pandemic
Whitepaper: The Essential Guide to Securing Remote Access
Secure Devops: Learn how to make security integral into your DevOps process.
E-Book: Effective Security Strategies for Devops & Application Services
E-Book: How to Build a Next Generation Security Operations Center