BU-CERT News

From en.secnews.gr

The multinational energy company “Enel SpA” or “Enel Group” was attacked ransomware for the second time this year. This time, the attack was provoked by his gang Netwalker, which is asking the company now ransom $ 14 million for the key decryption but also not to leak many stolen terabytes data. Enel is one of the largest companies operating in the European energy sector, with over 60 million customers in 40 countries. As of August 10, it is ranked 87th in Fortune Global 500, recording revenues of approximately $ 90 billion in 2019.

Read more…

From 2-spyware.com

Szymekk ransomware is the threat that derives from the CobraLocker ransomware family. It’s a cryptovirus that, upon successful infection, encrypts users’ computer data, except non-system files, and demands for a ransom to receive a private decoding tool/key. After successful encryption of computer data, most ransomware places ransom notes as .txt files on the desktop and affected folders. Shymekk virus operates differently – it locks the computer screen and shows the ransom message in it. The message itself is very short. Cybercriminals^[1] just inform the victim that their device is encrypted and provide an email address (Cobra_Locker@protonmail.com), urging the users to contact them to receive further details. 

Read more…

From blog.malwarebytes.com

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero.

In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of British Columbia (UBC) with a fake COVID-19 survey.

However, this attack and motives are different than the ones previously documented. The survey is a malicious Word document whose purpose is to download ransomware and extort victims to recover their encrypted files.

On discovery, we got in touch with UBC to report our findings. They were already aware of this phishing campaign and were kind enough to share more information with us about the incident. Ultimately, this attack was not successful due to the rapid response of the UBC cybersecurity team.

Read more…

From securityboulevard.com

Since June 2020, Acunetix supports the increasingly popular API query language – GraphQL. In this article, we want to show you step-by-step how to scan an API defined using GraphQL. To do this, you will first create an intentionally vulnerable API and its GraphQL definition, then scan it using Acunetix, eliminate critical vulnerabilities that you found using Acunetix, and verify that they have been eliminated.

Read more…

From bleepingcomputer.com

REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors.

They are driven by profit and want to make $2 billion from their ransomware service, adopting the most lucrative trends in their pursuit of wealth.

Read more…

From securityboulevard.com

Some years ago, during the renaissance of security information and event management (SIEM), security became log crazy. The hope was that by gathering logs from networking and security devices and running them through the SIEM, security events could be astutely exposed and security teams could gain an upper hand over attackers. The enthusiasm was soon dashed when it was obvious that logs alone were not the answer. In the first place, not everything was covered by logs and security details that were being captured could be manipulated easily as an attacker attempted to cover their tracks. Second, it’s one thing to aggregate logs but another to integrate the findings to produce true intelligence, particularly that which could easily stand apart from false positives.

Read more…

From en.secnews.gr

This attack / breach fits perfectly with the methods and motives of Turla, which is known for theft intelligence and espionage of government agencies in DIFFERENT countries.

The Turla hackers used backdoors and RAT

To disrupt the European governing body, the attackers used a combination trojans (RAT) and RPC-based backdoors, including HyperStack.

Read more…