Cybersec Sentinel - Cybersec Sentinel (Page 8)

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

Emerging Threat Play Ransomware Targets Critical Infrastructure

Emerging Threat Play Ransomware Targets Critical Infrastructure

Threat Type: Ransomware Exploited Vulnerabilities: Microsoft Exchange ProxyNotShell (CVE-2022-41040, CVE-2022-41082), FortiOS vulnerabilities (CVE-2018-13379, CVE-2020-12812), Remote Desktop Protocol (RDP) Malware Used: Play ransomware encryptor, custom VSS copying tool, Grixba information stealer Threat Score: Critical (9/10) — Enhanced threat level due to state-backed collaborations and increased targeting of high-value sectors Last Threat

Phish 'n' Ships Aims to Disrupt the Global Shipping Industry

Phish 'n' Ships Aims to Disrupt the Global Shipping Industry

Threat Type: - Phishing and Credential Theft Exploited Vulnerabilities: - Human Error via Phishing Attacks Malware Used: - None specified (primarily credential-harvesting techniques) Threat Score: - Moderate to High (7.5/10) — The campaign targets the maritime sector, a critical infrastructure, with phishing designed to penetrate operational technology (OT) networks.

GHOSTPULSE Infiltration via MSIX Application Packages

GHOSTPULSE Infiltration via MSIX Application Packages

Threat Group: Unknown Threat Type: Multi-stage Malware Loader Exploited Vulnerabilities: DLL Side-loading, Module Stomping, Process Doppelgänging Malware Used: GHOSTPULSE Threat Score: High (8.5/10) — Due to advanced evasion techniques and targeting of commonly used software through deceptive MSIX packages. Last Threat Observation: October 30, 2024 Overview GHOSTPULSE is a

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Threat Group: UNC5812 Threat Type: Hybrid Espionage and Influence Operation Exploited Vulnerabilities: Android and Windows vulnerabilities, including CVE-2024-47575 Malware Used: SUNSPINNER, PURESTEALER, CRAXSRAT, Pronsis Loader Threat Score: High (8.5/10) — due to multifaceted espionage and influence tactics targeting military sectors. Last Threat Observation: October 29, 2024 Overview UNC5812, a

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

Threat Group: - Unknown Threat Type: - IoT Botnet Malware Exploited Vulnerabilities: - Multiple IoT vulnerabilities, including CVE-2024-7029 Malware Used: - V3G4, Corona Mirai Threat Score: - High (8.8/10) due to its ability to exploit critical vulnerabilities in IoT devices and launch massive DDoS attacks. Last Threat Observation:

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

Threat Group: TA569 (SocGholish operators) Threat Type: Malware Delivery via Fake Update Alerts Exploited Vulnerabilities: Compromised websites with JavaScript injection Malware Used: SocGholish (FakeUpdate), NetSupport RAT, Raspberry Robin Worm Threat Score: High (8.5/10) — Effective social engineering with broad targeting and advanced persistence techniques Last Threat Observation: October 2024

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

Threat Group: Silver Fox (suspected) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege abuse through COM interfaces (CMSTPLUA, fodhelper.exe), Scheduled Task creation, Registry Run Keys manipulation Malware Used: ValleyRAT Threat Score: High (8.5/10) — Due to advanced evasion, multi-stage infection, and targeted campaign scope within China Last

Qilin.B New Variant Disrupts Backups and Evades Detection Tools

Qilin.B New Variant Disrupts Backups and Evades Detection Tools

Threat Group: Qilin (formerly Agenda) Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Weak credentials, network misconfigurations Malware Used: Qilin.B variant Threat Score: High (8.5/10) — Due to enhanced encryption, evasion, and the ability to disrupt backup systems. Last Threat Observation: October 2024, spotted in attacks against healthcare and large

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

Threat Group: DarkComet (a.k.a. Fynloski, Breut, Krademok) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Registry modifications, phishing, drive-by downloads, unpatched software vulnerabilities Malware Used: DarkComet RAT (Versions 5.3.1, other variants) Threat Score: High (8.5/10) Last Threat Observation: October 23, 2024 Overview DarkComet RAT