Threat Intelligence Bulletin – Decentralized Phishing Infrastructure, Top Threat IOCs, and C2-as-a-Service

August 5, 2022

Most impersonated software according to VirusTotal includes Skype, Adobe Reader, 7-Zip and more

https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html

DrayTek routers affected by RCE vulnerability

https://www.darkreading.com/endpoint/critical-rce-bug-draytek-routers-smbs-zero-click-attacks

Phishing attacks increasingly using IPFS network for hosting sites

VMware command-line utility for Windows Defender used to drop Cobalt Strike

https://thehackernews.com/2022/08/lockbit-ransomware-abuses-windows.html

Credential harvesting attack observed utilizing ticking countdown to pressure recipients

https://cyware.com/news/a-phishing-attack-and-a-countdown-timer-bae0c56a

Breakdown of most common initial access methods (phishing) and exploited vulnerabilities (ProxyShell)

https://unit42.paloaltonetworks.com/incident-response-report/

Most prevalent threats in past week according to Cisco Talos. Shiz RAT, Tofsee malware, and TeslaCrypt ransomware take top spots (link also contains their IOCs)

https://blog.talosintelligence.com/2022/07/threat-roundup-for-july-22-29.html

87% of ransomware found on dark web delivered via macros

https://www.helpnetsecurity.com/2022/08/03/ransomware-malicious-macros/

Currently active botnet “RapperBot” focuses on brute-forcing Linux SSH servers configured to accept password authentication

https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forces-ssh-servers-to-breach-networks/

VMware bug has potential for threat actor with UI access to obtain administrative privileges without authenticating

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

Robust new C2-as-a-Service program, Dark Utilities, gaining prevalence

https://thehackernews.com/2022/08/a-growing-number-of-malware-attacks.html

Tags:Cybersecurity, News

Related Posts