Good news, the Microsoft Defender integration for Fletch's Trending Threats App is now live 🎉
Join the dozens of other organizations using the Trending Threats App to know if you are impacted as news is breaking, and have a hit list of the most important threats to take care of every day.
As for what’s happening in the news. Here are last week’s top trending threats. Were you impacted?
- New Ransomware Family Deployed in Log4Shell Attacks
- Thousands of Industrial Systems Targeted With New 'PseudoManuscrypt' Spyware
- Recent Activity in Dragos Tracked Activity Groups
- State-sponsored hackers abuse Slack API to steal airline data
- Dell driver fix still allows Windows Kernel-level attacks
Insider Risk App
As the holidays are approaching, threat actors are ready to step on the gas as IT and security teams go on vacation.
Don’t let the holidays stress you out. Get Fletch's Insider Risk App. We’ll do the hard work of correlating each person's behavior for you, so you can get ahead on DLP (data loss prevention) and ransomware before the problems fully mature!
Learn more about the Insider Risk App in this short video and see how Fletch answers: Is anyone’s behavior at my company a security risk?
Happy Holidays,
Fletch Team
P.S. see below for more information on the top trending cyber threats in the news last week.
New Ransomware Family Deployed in Log4Shell Attacks
This is a new ransomware family, called Khonsari after the extension used on the encrypted files. ... Recently a public exploit for the major zero-day vulnerability known as ‘Log4Shell’ in the Apache Log4j Java-based logging platform has been made available.
Malware: Khonsari, LockFile
Thousands of Industrial Systems Targeted With New 'PseudoManuscrypt' Spyware
Tens of thousands of devices around the world, including many industrial control systems (ICS) and government computers, have been targeted in what appears to be an espionage campaign that involves a new piece of malware dubbed PseudoManuscrypt, Kaspersky revealed on Thursday. ... In many cases, the attackers targeted engineering computers, including devices used for 3D and physical modeling, which led Kaspersky researchers to believe that the goal may be industrial espionage.
Malware: Manuscrypt
Recent Activity in Dragos Tracked Activity Groups
During June 2021, Dragos discovered multiple victims in the Oil and Gas, Electric, and Component Manufacturing industries communicating with a WASSONITE C2 server associated with Appleseed backdoor. ... Dragos then pivoted on network telemetry to discover multiple victims in three ICS industries communicating with the WASSONITE C2 server associated with Appleseed infections.
Malware: GreyEnergy (win.grey_energy), Appleseed, KAMACITE, STIBNITE, WASSONITE, VANADINITE, PoetRAT
State-sponsored hackers abuse Slack API to steal airline data
A suspected Iranian state-supported threat actor is deploying a newly discovered backdoor named 'Aclip' that abuses the Slack API for covert communications. ... Aclip receives PowerShell commands from the C2 server via Slack API functions and can be used to execute further commands, send screenshots of the active Windows desktop, and exfiltrate files.
Malware: Aclip
Dell driver fix still allows Windows Kernel-level attacks
However, Dell's fix wasn't comprehensive enough to prevent additional exploitation, and as security researchers warn now, it is an excellent candidate for future Bring Your Own Vulnerable Driver (BYOVD) attacks. ... However, advanced threat actors can use this vulnerability to execute code in kernel mode, or ring 0, which is the highest privilege level possible in Windows.
CVEs: CVE-2021-21551
