ARTICLES & INSIGHTS

The Week In Review 01/03 – 05/03

Although attacks against vital organisations are not decreasing, this week has been dominated by malware and zero-day disclosures.

Qualys was attacked and endured a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. These were released online on the Tor blog of the Clop criminal extortionists.

And while we see more and more companies being attacked and are the victim of ransomware, some try to provide platforms with the promise of a ransomware free cloud platform. This is the case of Nutanix, that added several tools to their already existing arsenal.

Meanwhile, Microsoft has disclosed four zero-day exploits that were used in the wild on their Exchange Server (Outlook Web Application). The attackers can gain remote code execution, install malware to facilitate long-term access to victim environments, without using authentication enabling access to email accounts. The company urges its users to apply patches they released as soon as possible.

In the same topic, Chrome too has revealed a zero-day flaw, the second this year already. Google has fixed it and released a new version to update the browser.

Additionally, you might have heard about Gootloader, the platform delivering malware (including ransomware) through fake discussion forums. Gootloader is composed of a sophisticated technique including the manipulation of Search Engine Optimization (SEO), geo-targeting the potential victim, and social engineering by proposing to the victim, on the top results of their search, advice that perfectly matches the search terms used in their question. This is of course leading the victim to an infected website containing malicious downloads. This kind of stealthy malware platform is not new, but this complex one is grabbing our attention as it is not only delivering its own financial malware but all kinds of payloads, including REvil ransomware.

Regardless of how mature your business is in cybersecurity, Dionach can help you with developing IT Security strategies, implementing security policies and providing awareness training to your business and collaborators. See our Consultancy services for more information.

Read about all of this and more below:

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
(thehackernews.com)

Qualys hit with ransomware: Customer invoices leaked on extortionists’ Tor blog.
(theregister.com)

Qualys Update on Accellion FTA Security Incident.
(qualys.com)

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion.
(fireeye.com)

Nutanix makes its Cloud Platform Ransomware free.
(cybersecurity-insiders.com)

HAFNIUM targeting Exchange Servers with 0-day exploits.
(microsoft.com)

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
(thehackernews.com)

Google fixes second actively exploited Chrome zero-day bug this year.
(bleepingcomputer.com)

Multi-payload Gootloader platform stealthily delivers malware and ransomware.
(helpnetsecurity.com)