fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake Microsoft Teams Updates Lead To Cobalt Strike Deployment

Fake Microsoft Teams Updates Lead To Cobalt Strike Deployment

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network.

The attacks target organizations in various industries, but recent ones focused on the education sector (K-12), which depends on videoconferencing solutions due to Covid-19 restrictions.

From infostealer to Cobalt Strike

In a non-public security advisory seen by BleepingComputer, Microsoft is warning its customers about these FakeUpdates campaigns, offering recommendations that would lower the impact of the attack via its Defender ATP service.

FakeUpdates attacks were seen in 2019 delivering DoppelPaymer ransomware. But this year, the malvertising campaigns dropped WastedLocker and showed technical evolution.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

For instance, they started using signed binaries and various second-stage payloads.

More recently, the attackers exploited the ZeroLogon (CVE-2020-1472) critical vulnerability to gain admin access to the network. This occurred via the  SocGholish JavaScript framework, found earlier this year on dozens of hacked newspaper sites owned by the same company.

Planting the malicious fake ads that lure unsuspecting users into clicking it to install an update was possible by poisoning search engine results or through malicious online advertisements.

In at least one attack Microsoft detected, the crooks purchased a search engine ad that caused top results for Teams software to point to a domain under their control.

Clicking on the link downloaded a payload that executed a PowerShell script to retrieve more malicious content. It also installed a legitimate copy of Microsoft Teams on the system to keep victims unaware of the attack.

Microsoft says that in many cases the initial payload was Predator the Thief infostealer, which sends the attacker sensitive information like credentials, browser, and payment data. Other malware distributed this way includes Bladabindi (NJRat) backdoor, and ZLoader stealer.

The malware also downloaded other payloads, with Cobalt Strike beacons being among them, thus allowing the attacker to discover how they could move laterally across the network.

source: Microsoft

In several of the observed attacks, the last stage was detonating file-encrypting malware on the network computers.

Microsoft is warning that the same patterns seen in the FakeUpdates campaigns using Teams updates as lure were observed in at least six others, suggesting the same actor behind them. In some variations of the same theme, the attacker used the IP Logger URL shortening service.

Also Read: 10 Principles On How To Build A Good Governance Model

Mitigation advice

Microsoft recommends using web browsers that can filter and block malicious websites (scam, phishing, malware and exploit hosts) along with using strong, random passwords for local administrators.

Limiting admin privileges to essential users and avoiding domain-wide service accounts that have the same permissions as an administrator are also on the list of measures that would reduce the impact of an attack.

To minimize the attack surface, Microsoft recommends blocking executable files that do not meet specific criteria such as prevalence and age or are outside a regularly maintained trusted list.

Blocking JavaScript and VBScript code from downloading executable content also adds to the defenses of the environment.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us