Please see Security Advisories for the week ending August 7, 2020
- Security Advisory – Emotet Botnet Resurfaces
- Cisco Releases Security Updates for Multiple Products
- FBI Reports Increase in Online Shopping Scams
- Chinese Malicious Cyber Activity
________________________________
Security Advisory – Emotet Botnet Resurfaces
Situation
Emotet Botnet has resurfaced on the internet with new tricks and attack vectors to spread
Problem
Emotet Botnet is being used in links and email attachments and now activated in macros in office documents, Infecting the machine with trojans or backdoors or rat applications allowing remote attackers to remotely take over infected machines steal user data pivot into the network or further spread the botnet by sending out additional emails and infect user files.
Implication
Systems with improper scanning, Antivirus or network monitoring, but above all trained staff to spot and prevent possible infection, could lead to compromising a machine or an entire company’s environment by opening or running the attached malware in Phishing spam emails and suspicious links and attachments.
Need
Train Employees to spot malware and suspicious links in emails attachments and inform them not to open them. Invest in an intrusion detection or prevention software and anti-viral or Security Operations Services company to monitor the network as well as sandbox software that might isolate the malware from the device. The best prevention is not opening or launching the malware and disable macros where possible.
For a more detailed overview:
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has discovered and patched multiple vulnerability’s in multiple products that may, if exploited, allow a remote attacker to obtain sensitive information or compromise a network device.
Problem
Cisco has discovered and patched multiple vulnerabilities in their product lines that could if exploited allow a remote attacker to compromise the devices if left unpatched. The products include SMB Smart and Managed switches, Cisco DNA Center, StarOS, and Any Connect Secure Mobility Client.
Implication
If the vulnerability is exploited it could allow a remote attacker to obtain sensitive information or compromise a network device
Need
Cisco recommends installing the latest updates to their products to patch vulnerability’s in the products.
For a brief overview:
For a more detailed overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
FBI Reports Increase in Online Shopping Scams
Situation
The FBI has released a PSA that warns of increased online shopping scams. These scam websites are appearing on social media ads and lure victims with popular items during this pandemic such as gym equipment, face masks, small appliances, tools, and furniture.
Problem
Almost everyone uses social media so these fake ads will hit a large amount of people. This shotgun approach is similar to phishing, where the attacker targets as much people as possible because statistically, someone will fall for the scam.
Implication
People who fall for these scams will lose not only money, but lots of private and personal information such as billing info, name, credit card numbers, etc.
Need
Be wary of any sales on websites you have never heard of before. They may use unusual domains such as “.club” or “.top”. Do research on the website name on a search engine for reviews; if nothing pops up, it is likely a scam website.
For a brief overview:
https://us-cert.cisa.gov/ncas/tips/ST07-001
For a more detailed overview:
https://www.ic3.gov/media/2020/200803.aspx
________________________________
Chinese Malicious Cyber Activity
Situation
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant known as Taidoor, which is used by the Chinese government.
Problem
Malicious binaries identified as Taidoor were submitted for analysis. Taidoor is installed on a target’s system as a service dynamic link library (DLL) which is comprised of two files. The first file is a loader, which starting as a service. The loader then decrypts the second file and executes it in memory, which is the main Remote Access Trojan (RAT).
Implication
If an attacker is able to successfully run the Taidoor RAT it can allow them to take control of the infected system.
Need
CISA and the FBI have created a suggested response action and recommended mitigation techniques for Taidoor, which can be found in the Malware Analysis Report (MAR), provided in the link below.
Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch) and give the activity the highest priority for enhanced mitigation.
For a brief overview: