Trends of 2021: if it isn’t patched it’s getting ransomware.
Unpatched Fortinet VPNs being targeted by Cring ransomware per Bleeping Computer
Remember that joint FBI CISA warning about APTs scanning for Fortinet SSL VPNs? These attacks exploits CVE-2018-13379 on unpatched Fortigate SSL VPN servers per this Kaspersky report. It gets domain admin creds using Mimikatz, removes backup files, and kills MS Office and Oracle Database processes.
Yes, attackers are actively hunting for them online. And industrial operations in Europe are victims. Those IT networks getting pwned are alongside OT networks running ICS devices and things on that side don’t tend to come back up well. AND – assume that anything compromise will be useful in future attacks as we keep learning.
Wormable Android Malware posing as Netflix per ZDNet
Just take in the first three words. While not “sky is falling” wormable anything is scary, and given the sheer prevalence of Android devices that’s a lot of potential compromise. Compounded by a global pandemic and lockdowns, online entertainment subscriptions like Netflix are the virtual escape for millions.
Check Point researchers have reported on wormable Android malware posing as a legit Netflix app in the Google Play store, which is supposed to be the place to safely get your Android Apps (I know, I know). The malware takes advantage of things we probably gloss over and agree to at installation: overlay permissions and battery optimization ignore, so it can grab credentials and stay on. And permission to reply to WhatsApp messages. With that, it spreads by replying to WhatsApp messages and further malicious links. While this app has now been removed from Google Playstore, be wary of all the others like it and how conditioned we are to just install apps without reviewing their demands thoroughly.