Microsoft Releases Patches for Multiple Zero-Day Vulnerabilities
In an off-cycle patch release, Microsoft has pushed out fixes for at least 7 known vulnerabilities related to Exchange Servers, 4 of which are zero-day exploits that are being actively targeted by malicious actors. It is believed that these vulnerabilities have been compromised for nearly two months and are being used to steal sensitive information from within the affected systems. Users looking to deploy the patches to their systems should note that the patch won’t be able to clear up an already compromised system, but instead will only be able to stop a clean system from being exploited.
Italy Becomes Target of Banking Trojan, Ursnif
Over 100 banks in Italy have fallen victim to the Ursnif banking trojan, which has stolen a many thousands of login credentials since it was first found in the wild back in 2007. This recent attack may have compromised up to 1,700 additional pairs of banking credentials through a payment processor, some of which have already been confirmed to be legitimate by multiple Italian banks. It is likely that this attack began from a malicious email that was likely using some form of social engineering to get any unsuspecting user to follow the links.
Spanish Labor Agency Suffers Ransomware Attack
Multiple systems have been taken offline following a ransomware attack on the Spanish government labor agency, SEPE, which has affected all their 700 offices across the country. While some critical systems were impacted by the attack, officials have confirmed that the systems containing customer and other sensitive payroll data were not compromised. The Ryuk ransomware group are believed to be the threat actors behind this specific attack, though this is of no surprise, as the group had their hands in nearly 1/3 of all ransomware attacks in 2020.
Ransomware Distributor Arrested in South Korea
Late last month an individual was arrested by South Korean police after a lengthy investigation tracked ransomware payments to several withdrawals made by the individual. It is believed that the man in custody is responsible for the distribution of more than 6,000 phishing emails that spoofed local law enforcement and used malicious attachments to trigger the GandCrab ransomware payload to begin encrypting the system. This is the second reported GandCrab affiliate to have been caught by law enforcement in the past year, with global law enforcement agencies working together to dismantle several other ransomware organizations as well.
New Campaign Shows Off New Functionality for Purple Fox
A new variant of the Purple Fox malware has been spotted in a recent campaign that seems to use various worm techniques for propagating itself, rather than relying on phishing emails, and has already infected over 90,000 systems. Once the disguised installer is downloaded, multiple payloads are extracted and begin performing a variety of tasks, including tampering with the Windows Firewall, and scanning port 445 for a pre-generated list of IP addresses to continue spreading to.