Welcome to The Threat Show powered by Fletch! In this week's show, Chris and Darien discusses the week’s top active threats, including several ransomware attacks, Black Friday and Covid-19 schemes, a new Chrome vulnerability, and more. Chris also offers his predictions for 2023.
Maple Leaf Foods Hit By Ransomware, Won’t Pay Attackers (01:05)
Maple Leaf Foods was recently hit by a ransomware attack that can likely be attributed to the Black Basta threat group. While they didn’t disclose the attackers themselves, they have brought attention to the group and to their own organizations vulnerabilities by releasing a statement that they will not be paying the ransom.
Mitigation: In most instances, quietly paying the ransom and not publicly disclosing the attack is the best way to prevent future attempts at compromising.
Malware: BlackBasta
Google Issues Emergency Chrome Security Update For All Users (02:25)
Google Chrome has fallen victim to its eighth zero-day vulnerability of the year, lowering confidence in Chromium browser’s security further than it already was.
Mitigation: Updates are rolling out, but we advise to force the update process and reload Chrome ASAP.
CVEs: CVE-2022-4135
Beware of Cybercriminals Preying on Online Shoppers on Black Friday (04:12)
Threat groups are ‘typosquatting’ by creating domains similar to popular Black Friday deal websites to compromise unsuspecting shoppers. While this tactic has existed in the past, one new tactic is that bad actors are now creating these domains years in advance to slip past security searching for newer domains.
Mitigation: Educate yourself on common e-commerce scam tactics and use payment systems that provide one-time use credit card numbers.
Malware: Chromnius
Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia (06:25)
A new threat group out of China is targeting the Philippines with infected USB sticks that load several different types of malware. While USB usage might be less common in 2022, in areas such as the Philippines where computers aren’t always directly connected to the internet, it can be an effective initial infection vector.
Mitigation: Invest in threat hunting solutions like Mandiant and don’t use USBs if you can avoid it.
Malware: MISTCLOAK, BLUEHAZE, DARKDEW
Punisher Ransomware Spreading Through Fake COVID Site (08:07)
Websites that appear to be reputable COVID-19 sites and tracking applications are actually phishing ransomware targeting Chileans.
Mitigations: Educate yourself on only using verified COVID sources, regular backup practices, and keep your backups offline or in a separate network.
Malware: Punisher
