CYFIRMA: Cybersecurity Dossier
Threat Actor in Focus: Threat Actor UAC-0050 Attacks Ukrainian Region by Employing RemcosRAT
In a recent observation, Ukraine's Government Computer Emergency Response Team; CERT-UA, detected a widespread email campaign with the subject, "Debts under the Kyivstar contract." The email contained an attachment, "Subscriber's debt.zip," which holds a password-protected RAR archive split into two parts. Within this RAR archive lies a similarly named password-protected document, "Subscriber Debt.doc," containing a potentially malicious macro. Activating the macro downloads and executes malicious executables such as "GB.exe" via explorer.exe, using the SMB protocol. This file is an SFX archive housing a BATCH script aimed at retrieving and launching "wsuscr.exe" from bitbucket.
OwnCloud : CVE-2023-49103 Vulnerability Analysis and Exploitation
CYFIRMA’s Research team conducted a thorough analysis of the critical security vulnerability, CVE-2023-49103, in OwnCloud’s Graph API. Discovered on November 21, 2023, by OwnCloud, this vulnerability poses a CVSS score of 7.5, indicating its severity. The flaw affects OwnCloud/graphapi, exposing sensitive information to unauthorized users. This vulnerability demands urgent attention, emphasizing the need for prompt mitigation measures across OwnCloud installations. This exploration aims to provide valuable insights into the nature of the vulnerability, its potential impact, and the critical importance of prompt mitigation through patching and proactive security measures.
Stay Secure During the Busy Holiday Season
The holiday bustle introduces increased cybersecurity risks that organizations must account for. As CISOs, now is the time to ensure your company doesn’t end up in the wrong “gifting” spirit. With greater numbers of employees on leave and heightened email phishing focused on seasonal deals, your attack surface widens during year-end festivities. Protect corporate assets as activity dies down by enacting these cyber safeguards tailored for the holidays.
The closing months of the year introduce amplified cybersecurity risks across the enterprise as organizations wrap up 2023 and prepare for 2024. This year-end period warrants extra vigilance given altered workflows, more employees accessing data remotely during time off, slower response rates over holidays, and generally increased social engineering by external threats seeking to capitalize on these changes.
CYFIRMA INDUSTRY REPORT : REAL ESTATE & UTILITIES INDUSTRY
Welcome to the CYFIRMA infographic industry report, where we delve into the external threat landscape of the real estate & utilities industry industry over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting the real estate & utilities industry. We aim to present an industry-specific overview in a convenient, engaging, and informative format. Leveraging our cutting-edge platform telemetry and the expertise of our analysts, we bring you actionable intelligence to stay ahead in the cybersecurity landscape. The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This report focuses on the real estate & utilities industry, presenting key trends and statistics in an engaging infographic format.?
领英推荐
Ransomware of the Week
CYFIRMA Research and Advisory Team has found a Play Ransomware in the wild while monitoring various underground forums as part of our Threat Discovery Process.?Play, also known as PlayCrypt, emerged as a ransomware threat in June 2022. The Play ransomware group is thought to function as a closed unit, aiming to guarantee transaction confidentiality, as mentioned on their data leak website. Actors linked to Play ransomware follow a double-extortion approach, encrypting systems only after extracting data. The ransom notes from the group lack initial ransom demands or payment instructions; instead, victims are prompted to contact the threat actors via email.?To gain initial access to victim networks, the Play ransomware group exploits valid accounts and vulnerabilities in public-facing applications. They specifically target known vulnerabilities in FortiOS (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange ( CVE2022-41040 and CVE-2022-41082). Threat actors also use external-facing?
Trending Malware of the Week?
A new and advanced malware strain named JaskaGO, developed in the Go programming language, has been identified as a serious threat to both Windows and macOS operating systems. This malware is particularly concerning because traditional antivirus solutions currently have low detection rates, making it a stealthy adversary. The use of Go, known for its simplicity and cross-platform capabilities, is a growing trend in malware development. Despite the common belief in the security of macOS, JaskaGO highlights the misconception that it is immune to malware, emphasizing the ongoing risk for both Windows and macOS users. The first JaskaGo sample was observed in July 2023, initially targeted Mac users by masquerading as well-known applications (such as “Capcut_Installer_Intel_M1.dmg” and “Anyconnect.exe”) with deceptive file names. This malware employs a common strategy of deploying under the guise of legitimate software, especially on pirated application web pages
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO HERE
Visit www.cyfirma.com