The latest round up of recent cybercrime news stories from Phil Ashley, Director of Crossword Labs. A pick of the weird, unexpected and, given the backdrop of the war in Ukraine, very sobering reminders of why we all need to stay alert.
A second data wiping malware found in Ukraine
Following the first data-wiping malware that destroyed hundreds of Ukrainian Windows systems a few hours before the Russian invasion, a second data wiping malware has been discovered. The attacks look to have been planned for months.
Slovakian cybersecurity company ESET discovered this specific strain of malware, named Hermetic wiper, which was believed to be programmed to attack on 23 February. Once deployed, Hermetic Wiper allows its operators to move laterally through a target’s network before overwriting the whole of a host disk. ESET said they had seen a Windows Active Directory server compromised and a custom worm used to spread the wiper from there.
Zero-day vulnerability discovered in Adobe commerce
Adobe updated its advisory for CVE-2022-24086 to add details for CVE-2022-24087, which it described as an elevation of privilege vulnerability in the Azure IoT CLI extension. Attackers could use either exploit to achieve remote code-execution (RCE) from an unauthenticated user. Although the vulnerability is believed to have been patched by Adobe, the second patch is also required to ensure that you are completely safe from getting hacked.
Ransomware group name Cuba exploit Microsoft Exchange Server
A Ransomware group called Cuba have started exploiting Microsoft Exchange vulnerabilities such as proxy shell and proxy logon as initial infection vectors. Mandiant have observed the group frequently exploiting vulnerabilities on public-facing Microsoft Exchange infrastructure as an initial compromise vector. The threat actors likely perform initial reconnaissance activities to identify internet-facing systems that may be vulnerable to exploitation.
If you would like to know more about our cyber security consulting or monitoring services please get in touch.
If you have concerns about the increased threat level from Russian cyber warfare, please see our security advisory or contact us for further advice.