SlideShare a Scribd company logo

The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week in Security.pdf

Lior Rotkovitch
Lior Rotkovitch

DC

Software
1 of 7
Download to read offline
 Help   Technical Articles F5 SMEs share good practice. Turn on suggestions Topics with No Replies | Recent Solutions | Contact DevCentral Search all content  BIG-IP 13.1.x reaches EoSD on December 31, 2022. Upgrade to 14.1.x or later to ensure access to software patches beyond this date. See K5903 DevCentral  Technical Articles  F5 SIRT This Week in Security: The 1B Data Leak, T... Options  F5 SIRT This Week in Security: The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage Lior_Rotkovitch F5 SIRT ‎ 15-Jul-2022 20:01 - edited ‎ 17-Jul-2022 11:30  This Week in Security July 13 2022 "The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage"
Your editor for this issue of This Week in Security is Lior Rotkovitch. Every now and then there is a major data leak. Those data leaks are ever increasing in size and the new record, according to security news sites, belongs to China with 1 billion peoples' data leaked. Reading the news, it feels like a full scale battle is underway where everyone attacks anything that can be attacked. It also seems that all known attack vectors are fully implemented against new technologies. A recent example is the NFT market phishing attack. But as always not all hope is lost and there are always people who will fight cyber-attacks. So, we will keep on fixing the damage, restoring the configurations, and patching our systems over and over because this is what security personnel do; this is the job, and we enjoy being the protector. Until next time, stay safe! The Worst Hacks and Breaches of 2022 So Far Sneaky Orbit Malware Backdoors Linux Devices Chinese Cyber Espionage Groups Increasingly Targeting Russia Popular NFT Marketplace Phished for $540M TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine Chinese Police Exposed 1 Billion People's Data in Unprecedented Leak Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets AstraLocker ransomware decryptors released by Emsisoft The Worst Hacks and Breaches of 2022 So Far “Whether the first six months of 2022 have felt interminable or fleeting—or both—massive hacks, data breaches, digital scams, and ransomware attacks continued apace throughout the first half of this complicated year.” Data Theft From Health Care Decentralized Finance Platform Hacks Lapsus$ Group's Extortion Russia/Ukraine Hacking Breach Telecoms and More The Worst Hacks and Breaches of 2022 So Far (Wired)
Sneaky Orbit Malware Backdoors Linux Devices “The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores them in specific files on the machine, researchers from security automation firm Intezer discovered. In fact, the malware’s name comes from one of the filenames it to temporarily store the output of executed commands.” “The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands.” Sneaky Orbit Malware Backdoors Linux Devices (Threatpost) Chinese Cyber Espionage Groups Increasingly Targeting Russia “The latest investigation indicated that a Chinese state-sponsored cyber espionage group launched a “cluster” of phishing emails to deliver remote access Trojan (RAT) malware, most commonly Bisonal, against Russian targets in recent weeks.” “Believes that these documents were built with the Royal Road builder and dropped the Bisonal backdoor, both of which are strongly associated with Chinese APT groups: Royal Road is a malicious document builder used widely by such groups, while Bisonal is a backdoor RAT unique to Chinese threat actors.” Chinese Cyber Espionage Groups Increasingly Targeting Russia (infoSecurity) Popular NFT Marketplace Phished for $540M “The report comes from the publication The Block, which said on March 23rd hackers took control of private keys tied to four validator nodes. Those nodes, according to the report, belong to the Ronin Network – which Axie runs on. The second node belongs to the Axie DAO – a decentralized organization that supports the game’s ecosystem.” "All evidence points to this attack being socially engineered, rather than a technical flaw.” The disclosure did not elaborate further. Now two anonymous sources have come forward who claim “direct knowledge of the matter” are share with reporters at The Block the unconfirmed inside story about what happened.”
Popular NFT Marketplace Phished for $540M (Threatpost) TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine “The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such as IcedID, CobaltStrike, AnchorMail, and Meterpreter.” TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (The Hacker News) Chinese Police Exposed 1 Billion People's Data in Unprecedented Leak "In one of the most expansive and impactful breaches of personal data of all time, attackers grabbed data of almost 1 billion Chinese citizens from a Shanghai police database and attempted to extort the department for about $200,000. The trove of data contains names, phone numbers, government ID numbers, and police reports. Researchers found that the database itself was secure, but that a management dashboard was publicly accessible from the open internet, allowing anyone with basic technical skills to grab the information without needing a password.“ Chinese Police Exposed 1 Billion People's Data in Unprecedented Leak (Wired) Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets "LockBit ransomware attacks are known to employ several avenues for initial infection: Exploiting publicly- exposed RDP ports, relying on phishing emails to download malicious payloads, or leveraging unpatched server flaws that allow the affiliates to gain remote access to the targeted network." "Following this step are reconnaissance and credential theft activities, which enable the actors to move laterally across the network, establish persistence, escalate privileges, and launch the ransomware. This is also accompanied by running commands to delete backups and subvert detection by firewalls and antivirus software." Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (The Hacker News)
AstraLocker ransomware decryptors released by Emsisoft “Malware protection specialist Emsisoft has released free decryption tools for the AstraLocker and Yashma ransomware variants. By default, the AstraLocker decryptor pre-populates locations selected for decryption from network and connected drives, but users can add other locations before initiating the decryption process. The decryptor also defaults to leaving encrypted files in place, although users can enable automatic deletion if disk space is an issue. “Since the ransomware does not save any information about the unencrypted files, the decryptor can’t guarantee that the decrypted data is identical to the one that was previously encrypted,” the guide warns. “ AstraLocker ransomware decryptors released by Emsisoft (The Daily Swig) Lior Rotkovitch | Senior Security Engineer – F5 SIRT Twitter: @rotkovitch Security  F5 SIRT series-F5SIRT-this-week-in-security TWIS Add tags 5 Kudos  Edit Comment Comment PREVIEW Paragraph                          
 Hint: @ links to members, content Email me when someone replies Post Your Comment Cancel Version history View Article History Last update: ‎ 17-Jul-2022 11:30 Updated by: Lior_Rotkovitch Contributors Lior_Rotkovitch ABOUT DEVCENTRAL Devcentral News Technical Forum Technical Articles F5 RESOURCES Product Documentation White Papers Glossary F5 SUPPORT Manage Subscriptions Support Portal Professional Services   
CrowdSRC Community Guidelines DevCentral EULA Get a Developer Lab License Become a DevCentral MVP Customer Stories Webinars Free Online Courses F5 Certification LearnF5 Training Create a Service Request Software Downloads F5 PARTNERS Find a Reseller Partner Technology Alliances Become an F5 Partner Login to Partner Central CONNECT WITH DEVCENTRAL ©2022 F5, Inc. All rights reserved. Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information Cookie Preferences 

Recommended

On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
Matthew Kurnava
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Jay Beale
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
Chinese Cyber attack on mumbai power plant
Chinese Cyber attack on mumbai power plantChinese Cyber attack on mumbai power plant
Chinese Cyber attack on mumbai power plant
RohanMistry15
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
Комсс Файквэе
 
File000145
File000145File000145
File000145
Desmond Devendran
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company Data
Parsons Behle & Latimer
 

Recommended

On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
Matthew Kurnava
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Jay Beale
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
Chinese Cyber attack on mumbai power plant
Chinese Cyber attack on mumbai power plantChinese Cyber attack on mumbai power plant
Chinese Cyber attack on mumbai power plant
RohanMistry15
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
Комсс Файквэе
 
File000145
File000145File000145
File000145
Desmond Devendran
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company Data
Parsons Behle & Latimer
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
China Cyber
China CyberChina Cyber
China Cyber
Dominic Karunesudas
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
n|u - The Open Security Community
 
Newsbyte
NewsbyteNewsbyte
Newsbyte
CHETAN THAKRE
 
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docxCase Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
cowinhelen
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
Jaskaran Narula
 
BO2K Byline
BO2K BylineBO2K Byline
BO2K Byline
Condition Zebra (CONZebra)
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
CloudCamp Chicago
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
HiYeti1
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
Sharique Masood
 
News Bytes
News BytesNews Bytes
News Bytes
Megha Sahu
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
Alexander Constantinou
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
Lior Rotkovitch
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Muhammad Hamza
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
Shreedeep Rayamajhi
 
Secureview 2q 2011
Secureview 2q 2011Secureview 2q 2011
Secureview 2q 2011
Felipe Prado
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in May
Sathish Kumar K
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
Charles Mok
 
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
Lior Rotkovitch
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Lior Rotkovitch
 

More Related Content

Similar to The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week in Security.pdf

Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docxCase Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
cowinhelen
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
Sharique Masood
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
Lior Rotkovitch
 

Similar to The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week in Security.pdf (20)

Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
China Cyber
China CyberChina Cyber
China Cyber
 
Cyber war
Cyber warCyber war
Cyber war
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
Newsbyte
NewsbyteNewsbyte
Newsbyte
 
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docxCase Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docx
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
 
BO2K Byline
BO2K BylineBO2K Byline
BO2K Byline
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
 
News Bytes
News BytesNews Bytes
News Bytes
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Secureview 2q 2011
Secureview 2q 2011Secureview 2q 2011
Secureview 2q 2011
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in May
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 

More from Lior Rotkovitch

HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
Lior Rotkovitch
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Lior Rotkovitch
 
Bots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineBots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engine
Lior Rotkovitch
 

More from Lior Rotkovitch (20)

HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
 
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfA Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitch
 
The waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchThe waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitch
 
The waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchThe waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitch
 
The waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchThe waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitch
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
 
Bots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineBots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engine
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitch
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
 
Html cors- lior rotkovitch
Html cors- lior rotkovitchHtml cors- lior rotkovitch
Html cors- lior rotkovitch
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
 
הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training
 
פיתוח הדרכה מתוקשבת
פיתוח הדרכה מתוקשבתפיתוח הדרכה מתוקשבת
פיתוח הדרכה מתוקשבת
 

Recently uploaded

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 

Recently uploaded (20)

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 

The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week in Security.pdf

  • 1.  Help   Technical Articles F5 SMEs share good practice. Turn on suggestions Topics with No Replies | Recent Solutions | Contact DevCentral Search all content  BIG-IP 13.1.x reaches EoSD on December 31, 2022. Upgrade to 14.1.x or later to ensure access to software patches beyond this date. See K5903 DevCentral  Technical Articles  F5 SIRT This Week in Security: The 1B Data Leak, T... Options  F5 SIRT This Week in Security: The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage Lior_Rotkovitch F5 SIRT ‎ 15-Jul-2022 20:01 - edited ‎ 17-Jul-2022 11:30  This Week in Security July 13 2022 "The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage"
  • 2. Your editor for this issue of This Week in Security is Lior Rotkovitch. Every now and then there is a major data leak. Those data leaks are ever increasing in size and the new record, according to security news sites, belongs to China with 1 billion peoples' data leaked. Reading the news, it feels like a full scale battle is underway where everyone attacks anything that can be attacked. It also seems that all known attack vectors are fully implemented against new technologies. A recent example is the NFT market phishing attack. But as always not all hope is lost and there are always people who will fight cyber-attacks. So, we will keep on fixing the damage, restoring the configurations, and patching our systems over and over because this is what security personnel do; this is the job, and we enjoy being the protector. Until next time, stay safe! The Worst Hacks and Breaches of 2022 So Far Sneaky Orbit Malware Backdoors Linux Devices Chinese Cyber Espionage Groups Increasingly Targeting Russia Popular NFT Marketplace Phished for $540M TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine Chinese Police Exposed 1 Billion People's Data in Unprecedented Leak Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets AstraLocker ransomware decryptors released by Emsisoft The Worst Hacks and Breaches of 2022 So Far “Whether the first six months of 2022 have felt interminable or fleeting—or both—massive hacks, data breaches, digital scams, and ransomware attacks continued apace throughout the first half of this complicated year.” Data Theft From Health Care Decentralized Finance Platform Hacks Lapsus$ Group's Extortion Russia/Ukraine Hacking Breach Telecoms and More The Worst Hacks and Breaches of 2022 So Far (Wired)
  • 3. Sneaky Orbit Malware Backdoors Linux Devices “The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores them in specific files on the machine, researchers from security automation firm Intezer discovered. In fact, the malware’s name comes from one of the filenames it to temporarily store the output of executed commands.” “The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands.” Sneaky Orbit Malware Backdoors Linux Devices (Threatpost) Chinese Cyber Espionage Groups Increasingly Targeting Russia “The latest investigation indicated that a Chinese state-sponsored cyber espionage group launched a “cluster” of phishing emails to deliver remote access Trojan (RAT) malware, most commonly Bisonal, against Russian targets in recent weeks.” “Believes that these documents were built with the Royal Road builder and dropped the Bisonal backdoor, both of which are strongly associated with Chinese APT groups: Royal Road is a malicious document builder used widely by such groups, while Bisonal is a backdoor RAT unique to Chinese threat actors.” Chinese Cyber Espionage Groups Increasingly Targeting Russia (infoSecurity) Popular NFT Marketplace Phished for $540M “The report comes from the publication The Block, which said on March 23rd hackers took control of private keys tied to four validator nodes. Those nodes, according to the report, belong to the Ronin Network – which Axie runs on. The second node belongs to the Axie DAO – a decentralized organization that supports the game’s ecosystem.” "All evidence points to this attack being socially engineered, rather than a technical flaw.” The disclosure did not elaborate further. Now two anonymous sources have come forward who claim “direct knowledge of the matter” are share with reporters at The Block the unconfirmed inside story about what happened.”
  • 4. Popular NFT Marketplace Phished for $540M (Threatpost) TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine “The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such as IcedID, CobaltStrike, AnchorMail, and Meterpreter.” TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (The Hacker News) Chinese Police Exposed 1 Billion People's Data in Unprecedented Leak "In one of the most expansive and impactful breaches of personal data of all time, attackers grabbed data of almost 1 billion Chinese citizens from a Shanghai police database and attempted to extort the department for about $200,000. The trove of data contains names, phone numbers, government ID numbers, and police reports. Researchers found that the database itself was secure, but that a management dashboard was publicly accessible from the open internet, allowing anyone with basic technical skills to grab the information without needing a password.“ Chinese Police Exposed 1 Billion People's Data in Unprecedented Leak (Wired) Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets "LockBit ransomware attacks are known to employ several avenues for initial infection: Exploiting publicly- exposed RDP ports, relying on phishing emails to download malicious payloads, or leveraging unpatched server flaws that allow the affiliates to gain remote access to the targeted network." "Following this step are reconnaissance and credential theft activities, which enable the actors to move laterally across the network, establish persistence, escalate privileges, and launch the ransomware. This is also accompanied by running commands to delete backups and subvert detection by firewalls and antivirus software." Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (The Hacker News)
  • 5. AstraLocker ransomware decryptors released by Emsisoft “Malware protection specialist Emsisoft has released free decryption tools for the AstraLocker and Yashma ransomware variants. By default, the AstraLocker decryptor pre-populates locations selected for decryption from network and connected drives, but users can add other locations before initiating the decryption process. The decryptor also defaults to leaving encrypted files in place, although users can enable automatic deletion if disk space is an issue. “Since the ransomware does not save any information about the unencrypted files, the decryptor can’t guarantee that the decrypted data is identical to the one that was previously encrypted,” the guide warns. “ AstraLocker ransomware decryptors released by Emsisoft (The Daily Swig) Lior Rotkovitch | Senior Security Engineer – F5 SIRT Twitter: @rotkovitch Security  F5 SIRT series-F5SIRT-this-week-in-security TWIS Add tags 5 Kudos  Edit Comment Comment PREVIEW Paragraph                          
  • 6.  Hint: @ links to members, content Email me when someone replies Post Your Comment Cancel Version history View Article History Last update: ‎ 17-Jul-2022 11:30 Updated by: Lior_Rotkovitch Contributors Lior_Rotkovitch ABOUT DEVCENTRAL Devcentral News Technical Forum Technical Articles F5 RESOURCES Product Documentation White Papers Glossary F5 SUPPORT Manage Subscriptions Support Portal Professional Services   
  • 7. CrowdSRC Community Guidelines DevCentral EULA Get a Developer Lab License Become a DevCentral MVP Customer Stories Webinars Free Online Courses F5 Certification LearnF5 Training Create a Service Request Software Downloads F5 PARTNERS Find a Reseller Partner Technology Alliances Become an F5 Partner Login to Partner Central CONNECT WITH DEVCENTRAL ©2022 F5, Inc. All rights reserved. Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information Cookie Preferences 