Threat Report: Be Afraid of These Spiders

Cybersecurity

Threat Report: Be Afraid of These Spiders

By Jim DeBardi

Editor’s Note: This bi-weekly series looks at current threats in the cybersecurity landscape. NetCentrics customers benefit from an awareness of these threats. Our technical teams are aware of these threats and are taking actions to protect our customers.

These Spiders Bite

Ransomware – coincidentally, all with spider-related names – are wrapping their destructive webs around unsuspecting prey. Don’t be one of them. These threats are:

CARBON SPIDERDarkside Ransomware-as-a-Service (RaaS) operators published a press release this week. They announced the identification and fix of an operational security failure that allowed some Darkside victims to decrypt files without paying the ransom. A decryptor tool publicly was released by BitDefender.

MUMMY SPIDER  – This threat is a variation of previously observed Tactics, Techniques and Procedures (TTPs) applied to the latest Emotet spam campaign. Mummy Spider attacks WordPress sites remotely and is capable of quickly scanning tens of thousands of WordPress sites.

ANTHROPOID SPIDER – This threat is exploiting Microsoft Sharepoint remote code execution (RCE) vulnerability CVE-2019-0604. It compromises the domain administrator account.

NARWHAL SPIDER – This threat, first identified by CrowdStrike on January 11, operates a malicious spam campaign. NARWHAL SPIDER has been quiet recently. Don’t get too comfortable.

Generally speaking, the best defense against these threats at the individual level is to maintain the latest software updates. Use a layered approach to your security. Be sure to use existing anti-virus and firewall protection.

Cyber Crime Continues

Predictably, crime and data exposure breaches have continued into the new year.

Beware the Jackal.  Iran-based hacktivist group Bax026 is collaborating with Brazilian VandaTheGod. This collaboration is now tracked as FRONTLINE JACKAL. This group’s pro-Iran defacements typically focused on targeting U.S., Israeli, and Saudi Arabian entities.

Update Your 2FA. Technology company Ubiquiti, maker of routers and access points, revealed a breach after unauthorized access to its systems hosted on a third-party cloud provider. The breach grabbed all the usual: names, email addresses, one-way encrypted passwords, addresses, and phone numbers. Ubiquiti suggests customers change their passwords and enable two-factor authentication (2FA), a good reminder for all of us.

 

Photo: Emtiaz Ahmed