Geekmaster πŸ‘½May 18, 2023

If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: https://www.darkreading.com/threat-intelligence/bianlian-cybercrime-group-changes-attack-methods-cisa-advisory-notes?_mc=NL_DR_EDT_DR_weekly_20230518&cid=NL_DR_EDT_DR_weekly_20230518&sp_aid=116563&elq_cid=38046155&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.18.23&sp_cid=48613&utm_content=DR_NL_Dark%20Reading%20Weekly_05.18.23

#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA

CISA urges small and midsized organizations as well as critical infrastructure to implement mitigations immediately to shield themselves from further data exfiltration attacks.

Dark Reading
Geekmaster πŸ‘½May 18, 2023

#Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. β€œWhat we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
https://www.scmagazine.com/news/threat-intelligence/data-log-thefts-explode-as-infostealers-gain-popularity-with-cybercriminals?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAldBXEeVNitVuN5rpvANUjNCaIIBnTmArpblpBWE5hgFJSS9PoGhu7RxEp5cWxLUDxbLdJ7juuAc83cEfRAyiFxOpe18Kant7MXUMhA

#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction

Data log thefts explode as infostealers gain popularity with cybercriminals

The malware is becoming cheaper and easier for relatively inexperienced cybercriminals to use, and the popularity of working from home and bring your own device (BYOD) policies have led to a surge in opportunities for corporate assets to be infected by personal devices.

SC Media
Geekmaster πŸ‘½May 18, 2023

#SIMswapping is still a very real thing. Now, it's being used to bypass defense and detection methods within #Azure to gain full #administrative access for #Windows #VirtualMachines. This is pretty advanced, but it's still a big danger. #UNC3944 https://www.scmagazine.com/news/cloud-security/threat-actor-bypasses-detection-protections-in-microsoft-azure-serial-console?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAlV_uPRm28W067Sf5RayoZQN17Xrk53YEG17z3Gl_7qKsu2bjdUUW2CRUpserJQgXmMB46ieb_G5KrSlLHQGWs_K0TtXaXsrlmIPgkg

#Hacking #ThreatIntelligence #InitialAccess #LateralMovement #Persistence #Cloud #CloudAttackSurface

Threat actor bypasses detection, protections in Microsoft Azure Serial Console

Mandiant says threat group UNC3944 is leveraging SIM swapping attacks to bypass many of the defense and detection methods used in Azure.

SC Media