Welcome to The Threat Show powered by Fletch! This week’s special guest is Dave Kennedy, the founder and Chief Hacking Officer of TrustedSec and Binary Defense. He gives critical advice that small to medium sized businesses can start taking advantage of to step up their security game. The team also discusses five major threats you need to know about.
New Threat Group “Earth Longzhi” Targeting Global Government, Infrastructure, Aviation, Health, and Finance Orgs (01:27)
A new threat group that is repackaging and obfuscating the toolkit known as Cobalt Strike with malware, making it difficult to detect. Their attacks initially focused on Taiwanese targets, but as they have gotten better at evading EDR products, they have also become more indiscriminate on who they hit.
Mitigation: Block zip files with executables in them, update EDR, and educate users on understanding how they can be socially engineered to open these attachments.
Malware: CroxLoader, AllInOne, ProcBurner, BigpipeLoader, OutLoader, SymaticLoader, SYMATIC, Multipiploader, AVBurner, EarthLongzhi
Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries (06:07)
Billbug is a threat group targeting Asian industry verticals recently pulled off an attack that resulted in compromising a commercial Certificate Authority. CA’s aren’t generally easy to compromise and remediating this issue will be expensive and time consuming.
Mitigation: Patch!
Malware: Billbug, Sagerunex
Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands (09:02)
Russian hacktivists are repurposing ransomware, stripping out the recovery component to make it just a destructive wiper. We could see the same trend with other ransomware, and it could spill over beyond Ukraine.
Mitigation: Have a good backup strategy to recover in the event of ransomware, even if you’re not in Ukraine.
Malware: Vidar, Somnia
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns (17:09)
Web3 technology like the InterPlanetary File System allows for decentralized bulletproof hosting, in some cases of malicious content from malware operators. This obscure technology helps malware operators host portions of their infrastructure.
Mitigation: You’ll want to become more familiar with these new technologies in order to strategically block these attacks.
Malware: AgentTesla, HannabiGrabber, Hannabi
Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors (20:18)
A vulnerability in digital door entry systems can allow attackers to have access to physically open doors. If you’re responsible for any physical security using Airphone products, you could be at risk.
Mitigation: If you’re using any of these vendor products you will want to patch yesterday.
CVEs: CVE-2022-40903
