Blacksite’s Intelligence Report – Week of April 4th, 2022
The Blacksite Weekly Intelligence Report
Apple Issues Patches for Zero Day Exploits
Apple rolls out emergency patches to address two zero-day flaws (CVE-2022-22675 & 22674) in its mobile and desktop operating systems. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1 and watchOS 8.5.1. Apple said the defect was resolved with improved bounds checking, adding it’s aware “this issue may have been actively exploited”. The latest updates bring the total number of actively exploited zero-days patched by Apple to four since the start of year.
More information: https://support.apple.com/en-us/HT213219
Azure Static Web Pages used for Phishing Attack
Phishing attacks are abusing Microsoft’s Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Security researcher MalwareHunterTeam discovered that the custom branding and web hosting features can easily be used to host static landing phishing pages. Each landing page automatically gets its own secure page padlock in the address bar due to the *.1.azurestaticapps.net wildcard certificate. This will likely trick even the most suspicious targets after seeing the certificate issued by Microsoft Azure.
More information: https://twitter.com/malwrhunterteam/status/1509077318492381184
Methods for Beating Multifactor Authentication Increasing
Multifactor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear) have both successfully defeated the protection. The strongest forms of MFA are based on a framework called FIDO2, which was developed by a consortium of companies to balance security and simplicity of use. Recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. Such methods being used include sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop, sending one or two prompts per day, and calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.
Russian Malware Behind Viasat KA-SAT Modem Cyberattacks
Cyberattack aimed at Viasat that knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware. The findings come a day after the U.S. telecom company disclosed that it was the target of a “multifaceted and deliberate” cyberattack. But SentinelOne said it uncovered a new piece of malware (named “ukrop”) on March 15 that casts the entire incident in a fresh light. This makes AcidRain the seventh wiper strain to be uncovered since the start of the year.
More information: https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
State of National Emergency Extended Due to Cyber Threats
US President Joe Biden extends state of national emergency to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy. The national emergency was declared on April 1, 2015, by former President Barack Obama through Executive Order 13694. Biden admin’s decision follows a “SHIELDS UP!” warning issued by the Cybersecurity and Infrastructure Security Agency (CISA) for all US organizations to take proactive measures to defend their networks. CISA and the FBI also warned US orgs that data wiping attacks targeting Ukraine might spill over to targets from other countries. Biden has extended the national emergency declared in Executive Order 13694 to continue in effect beyond April 1, 2022, under section 202(d) of the National Emergencies Act (50 U.S.C. 1622(d)).
More information: https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/30/notice-on-the-continuation-of-the-national-emergency-with-respect-to-significant-malicious-cyber-enabled-activities-2/
Cyber Risk Management Doesn’t Have To Be Difficult …
How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats
The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.
For more information, please contact us and we’ll be glad to assist you.
Become invisible, become secure.