fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft: Threat Actors Target Aviation Orgs With New Malware

Microsoft: Threat Actors Target Aviation Orgs With New Malware

Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.

“In the past few months, Microsoft has been tracking a dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT,” Microsoft said.

Attackers’ phishing emails spoof legitimate organizations and use image lures posing as PDF documents containing info relevant to several industry sectors, including aviation, travel, and cargo.

As Microsoft observed while tracking this campaign, the threat actors’ end goal is to harvest and exfiltrate data from infected devices using the RATs’ remote control, keylogging, and password-stealing capabilities.

Once deployed, the malware allows them to “steal credentials, screenshots and webcam data, browser and clipboard data, system and network into, and exfiltrates data often via SMTP Port 587.”

Aviation-themed spear-phishing email (Microsoft)

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

RAT loader designed to bypass detection

The newly discovered loader monetized under a Crypter-as-a-Service model, named Snip3 by Morphisec malware analysts, is used to drop Revenge RATAsyncRATAgent Tesla, and NetWire RAT payloads on compromised systems.

Links abusing legitimate web services and embedded within the phishing messages download the first-stage VBScript VBS files that execute a second-stage PowerShell script which in turn executes the final RAT payload using Process Hollowing.

VBS files used as initial infection vector (Hossein Jazi)

Snip3 also comes with the ability to identify sandboxing and virtual environments according to Morphisec, which makes it particularly capable of circumventing detection-centric anti-malware solutions.

To evade detection, the malware loader uses additional techniques including the

  • execution of PowerShell code with the ‘remotesigned’ parameter
  • use of Pastebin and top4top for staging
  • compilation of RunPE loaders on the endpoint in runtime
Snip3 attack flow

Organizations can use sample queries shared by Microsoft for advanced hunting using Microsoft 365 Defender to help them locate and investigate similar suspicious behavior related to this ongoing phishing campaign.

Also Read: 3 Reasons Why You Must Take A PDPA Singapore Course

Among the potentially malicious activity advanced hunting queries can unearth, they can help detect:

  • Snip3 communication protocols (with recent campaigns targeting the aviation industry)
  • malicious use of RegAsm, RegSvcs, and InstallUtil by Snip3 (potentially hollowed processes used to for command-and-control or exfiltration)
  • Snip3 loader-encoded PowerShell command (obfuscated using UTF8 encoding)
  • Snip3 loader call to DetectSandboxie function (used in RevengeRAT and AsyncRAT instance)
  • keywords associated with Snip3 campaign emails from April and May 2021

Indicators of compromise associated with this spear-phishing campaign including malware sample hashes and RAT command and control domains can be found at the end of Morphisec’s Snip3 report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us