Cross Platform Ransomware Threat BianLian
by Artie Kaye
This malware targets a Microsoft Exchange Server Proxy vulnerability chain and SonicWall VPN devices to leverage access. The hackers can spend upwards of 6 weeks searching through systems before initiating encryption. It is capable of starting servers in safe mode before beginning the encryption. To be extra thorough, backups stored on the device or snap shots are purged. Having offline data backups can help mitigate damage from attacks like this.
This malware has no known relation to the banking credential theft program of the same name.
There is a shift in malware toward using google’s GoLang for development. The code can be used to compile programs across the major platforms. It is also harder for security programs to scan for malicious code.
For extremely in depth information, please check the [redacted] link below.
https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/
https://blog.cyble.com/2022/08/18/bianlian-new-ransomware-variant-on-the-rise/
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html
TikTok Data Breach
by Artie Kaye
The data purported to be taken from TikTok, was found on an Alibaba hosted cloud. TikTok has denied that there has been a breach. Security researchers have investigated the data which has been posted, verifying that some of it is legitimate. However, the data which is verifiable is publicly available information. The hacking group claiming responsibility calls themselves AgainstTheWest.
https://www.theverge.com/2022/9/5/23338051/tiktok-denies-reports-hacked-data-breach
https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html
QNAP Photo Station Vulnerability
by Artie Kaye
Network storage company QNAP has been working to protect their devices from DeadBolt ransomware attacks, which started earlier this year. Their Photo Station application is the current vector. The company recommends updating the program or switching to QuMagie to manage the devices. The company also states that their devices are better secured not facing the internet directly, and to use their cloud service or a VPN to access the devices.
Tornado Cash Sanctions
by Artie Kaye
The US Treasury Department has issued sanctions against the crypto currency mixing platform preventing all US citizens from using it. They also have blocked ethereum wallets which have received or sent funds from being accessed. This comes after multiple sources have shown how frequently it was used for laundering stolen assets.
https://www.elliptic.co/hubfs/NFT%20Report%202022.pdf
https://www.trmlabs.com/post/u-s-treasury-sanctions-widely-used-crypto-mixer-tornado-cash
https://www.securityweek.com/crypto-firms-say-us-sanctions-limit-use-privacy-software