Project Hyphae

Information Security News 5-15-2023

Share This Post

Greatness Phishing-as-a-Service Threatens Microsoft 365 Users

Article Link:

  • Phishers are leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco, the tool has had activity spikes in December 2022 and March 2023. Additionally, Greatness has three components: a phishing kit with admin panel, a service API, and a Telegram bot or email address.
  • The phishing kit and API work to perform a man-in-the-middle attack and the Telegram bot informs the attacker of a successful attack. The tool allows users to easily create convincing phishing threats.
  • Victims are redirected to HTML files with obfuscated JavaScript code that executes within the browser. Victims will see a blurred image that looks like a document loading and will then be asked to login to a fraudulent, yet convincing, Microsoft 365 window.

Israeli Threat Group Uses Fake Company Acquisitions in CEO Fraud Schemes

Article Link:

  • A group of Israeli cybercriminals have launched more than 350 BEC campaigns over the past two years, with unique lures relating to company acquisitions.
  • The attackers start by emailing regional executives at target organizations, stating that they’re the CEO and are working on an acquisition that needs to be kept secret. If the recipient agrees to assist the fake CEO, they receive an email from a fake acquisitions attorney who needs an “installment” payment to move the acquisition process along.
  • The bad actors reiterate urgency and secrecy, often try to set up WhatsApp calls in place of emails, and request hundreds of thousands ($712,000 on average) of dollars to appear more legitimate to potential victims.
  • Before any “official” emails are sent, the malicious actors try to determine if DMARC is enabled. If it isn’t, email addresses will be spoofed directly. If DMARC is enabled, the attackers will attempt display name spoofing to scam people who don’t review the specific account that sent the fraudulent emails.

Free Tool Unlocks Some Encrypted Data in Ransomware Attacks

Article Link:

  • Researchers at Cyberark built a tool called “White Phoenix” which automates the process of recovering data from intermittently encrypted documents in various file formats.
  • White Phoenix is only able to recover data from files that have some unencrypted data remaining. Essentially, the tool works by restoring common elements within files, such as the headers of PDFs.
  • Overall, this tool works to recover files from ransomware that conduct intermittent or partial data encryption, like the BlackCat or Play ransomware variants.

Google Notifies Users About Dark Web Exposure

Article Link:

  • Google has recently announced several new security and privacy tools for Gmail and Android users.
  • These include “About this image” for images within Google Images, the first indexing of similar images within Google Images, the ability for Android users to be alerted when apps share their location data with third parties and easily request the deletion of accounts or data within Google Play, Safe Browsing API v5 to block malicious websites more effectively, and dark web scan reports that allow users to check if their personal information is found on the dark web.

Windows Admins can now Sign Up for “Known Issue” Email Alerts

Article Link:

  • Recently, Microsoft announced that Windows admins can now choose to be emailed when new known issues are added to the Windows release health section of the Microsoft 365 admin center.
  • Currently, this feature is only available to admin-level accounts with a variety of Microsoft subscriptions. These include Microsoft 365 Enterprise E3/A3/F3, Microsoft 365 Enterprise E5/A5, Windows 10 Enterprise E3/A3, Windows 10 Enterprise E5/A5, Windows 11 Enterprise E3/A3, and Windows 11 Enterprise E5/A5.
  • Link to Microsoft’s Announcement:

Protecting Kids’ Privacy with a National Data Privacy and Security Standard

Article Link:

  • This article highlights how the U.S. House Energy and Commerce committee is leading on a federal data privacy and security law that aims to strengthen Americans’ data protections and establish the strongest safeguards for kids’ online data.
  • Due to significant public support, the Energy and Commerce committee has begun to detail a framework to protect children online and limit data collection from what is considered “Big Tech.”
  • Several of the preliminary framework controls include minimizing the data that is collected and retained on all Americans, including children, making it illegal to target advertising to children under 17 years old, treating all data on children under 17 as sensitive (meaning more robust protections for the collection and transfer of their personal information), and requiring Big Tech to assess for how their algorithms harm children.

CISA Addresses “Cyber Poor” Small Biz, Local Government

Article Link:

  • According to Jen Easterly, CISA aims to help “cyber poor” places, especially smaller businesses, local governments, and K-12 school systems, both to shore up their defenses and respond more quickly to attacks.
  • While NIST’s Cybersecurity Framework is a great tool for organizations, a simpler and smaller guide may be a better starting point for smaller organizations. As such, CISA has released Cybersecurity Performance Goals (CPGs) which aim to lower cost and effort goals for organizations.
  • Link to CISA’s CPGs Information:

NIST Revises SP 800-171 Guidelines for Protecting Sensitive Information

Article Link:

  • NIST has updated its draft guidelines for protecting sensitive unclassified information (CUI), in an effort to help federal agencies and government contractors more consistently implement cybersecurity requirements.
  • NIST is requesting public comments on the draft guidelines by July 14, 2023. NIST’s notable updates include changes to reflect the state-of-practice cybersecurity controls, revised criteria used by NIST to develop security requirements, increased specificity and alignment of the security requirements in SP 800-171 Rev. 3 with SP 800-53 Rev. 5 to aid in implementation and assessment; and additional resources to help implementers understand and analyze the proposed updates.
  • NIST stated that they intend on releasing at least one more draft of SP 800-171 before publishing the final version in early 2024. Following this, NIST will look to update other publications relating to CUI, including SPs 800-171A, 800-172, and 800-172A.
  • Link to NIST’s Draft of SP 800-171 Rev. 3:

DoD Plans Free Software Tools to Support Cyber Compliance for Small Biz

Article Link:

  • As the Defense Department focuses on increasing the number of small contractors in the defense industrial base (DIB), its Office of Small Business Programs is working on a series of software tools it plans to provide for organizations to make it easier to do business with the federal government.
  • The Director of the Pentagon’s Office of Small Business Programs said the office would be releasing a series of software tools later this year to assist on everything from better market intelligence for the acquisition workforce to operation security for small businesses.
  • Ultimately, the goal is to assist smaller organizations in complying with NIST 800-171 and, eventually, CMMC requirements. Some of the details are still being worked out; however, the plan is to offset the cost of compliance and promote small businesses who are trying to obtain government contracts.

Reach out to our incident response team for help

More To Explore

CVE-2024-3596 | Attackers Blasting RADIUS

CVE-2024-3596 | CVSS:9.0 A new and emerging attacked named “Blast-RADIUS”, allows a man-in-the-middle attack between the RADIUS client and server to forge a valid protocol

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.