Gut feelings are good…but they don’t seem to work well when taking cybersecurity decisions. These decisions need more data, insights, and context, and we have made it so much more easier. Here’s the week’s cyber news for you with the overview, context, and trending social media posts. KNOW, a threat intelligence platform and cybersecurity news aggregator has identified BokBot, APT29 The Dukes, and CVE-2021-28310 to be trending in the last week.
BokBot – Malware Of The Week
BokBot is more commonly known as IcedID also bears similarities to Emotet. This modular malware started as a banking trojan used to steal banking information and now is working as a dropper to launch other malwares. This malware has been increasingly shared through email campaigns and with Microsoft Excel Spreadsheets and website contact forms.
If opened, targets will be asked to enable content if they want to view the message. The malware has Excel 4 macros embedded, and it allows macro formulas to execute if enabled by the users. The messaging uses strong and urgent language pressuring the user to act immediately according to a recent post from Microsoft.
BokBot Trends From KNOW
Total references: 493
Last 60 days: 101
Last 7 days: 41
Twitter Reactions to BokBot
#1. Chris Pardue
#ln -s :malware_traffic: Per @netresec's request, I've sanitized and posted traffic related to the #IcedID (#Bokbot) infection I originally posted about through @Unit42_Intel on Monday 2021-04-12 – Two #pcap files from the infection are available at: … pic.twitter.com/oBW3VCmBtI
— Chris Pardue (@cpardue09) April 16, 2021
#2. Francesco Bussoletti
#cybercrime, #IcedID makes its debut "in style" in the top ten #Malware chart. @CheckPointSW #CyberSecurity experts:The #trojan (aka #BokBot) comes straight into second place behind #Dridex and before #Lokibot. It’s a leading player and spread #Ransomware https://t.co/exCLsZkffY
— Francesco Bussoletti (@FBussoletti) April 15, 2021
#3. James Griffiths
BokBot), which is an information-stealer and loader for other malware. “As attackers fill out and submit the web-based form, an email message is … #cybernews #thecybernewsfeedhttps://t.co/aIKPwE3Jpv
— James Griffiths (@UtopianKnightUK) April 13, 2021
APT29 The Dukes – Threat Actor of The Week
Widely known as COZY BEAR or CozyDuke, APT29 The Dukes is the adversary group that was successful in infiltering the unclassified network of State Department, White House, and US Joint Chiefs of Staff. Adding more to the list, the group targeted organizations across energy, defense, financial, extractive, manufacturing, insurance, universities, research and technologies, and pharmaceuticals. To successfully bypass the security solution, this group extensively focuses on the technique of ‘living-off-the-land’.
Why is APT29 The Dukes Trending?
America has officially blames Russian Government for multiple hacks carried out against SolarWinds. The accusation comes from a joint board committee including Cyber and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI). The UK has also attributed this attack to Russian Government. According to the official press release, the US authorities sanctioned multiple new authorities to confront Russia’s growing and continued malign behavior.
APT29 References From KNOW
Total references: 4000
Last 60 days: 206
Last 7 days: 57
Twitter Reactions to APT29 The Duke
#1. Carlos Lopez
Today the #US is formally naming the #Russian Foreign Intelligence Service (SVR), aka. #APT29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope #cyber espionage campaign that exploited the #SolarWinds #Orion platform and other information technology infrastructures
— Carlos Lopez (@CLopezDC) April 16, 2021
#2. Brian Kime
WH officially attributes the SolarWinds campaign to Russia's foreign intelligence service, the SVR, also known as Cozy Bear, APT29, and The Dukes. https://t.co/TTr1t7IWwg
— Brian Kime (@BrianPKime) April 15, 2021
CVE-2021-28310 – Vulnerability of The Week
CVE-2021-28310 recently hit the news when Microsoft released patches for 110 security holes from which 88 were considered important and 19 were classified as critical in severity. Microsoft had a busy start to the week while extinguishing five zero-day vulnerabilities. The vulnerability was in active attack and as Microsoft was applying more patches to it’s already under fire Microsoft Exchange Server Software. Microsoft marks this vulnerability type as less likely to be exploited but security researchers highlight the importance of quickly patching and remediating any RCE vulnerabilities on the system. This vulnerability includes:
-
- CVE-2021-28480
- CVE-2021-28481
- CVE-2021-28482
- CVE-2021-28483
Twitter Reactions to CVE-2021-28310
#1.
Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild https://t.co/djSHlmS1PY
— 01_security (@01_security_01) April 15, 2021
#2. IT Security News
Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild https://t.co/iurWhrgKPt
— IT Security News – www.itsecuritynews.info (@IT_securitynews) April 15, 2021
Stay in The KNOW
As a cybersecurity professional gut feeling is the last awesome feeling that you want to go with when deciding the vulnerabilities and exposures to protect your organization from. KNOW is the threat intelligence and trending cybersecurity news aggregator platform to help you stay up-to-date. The threat intelligence platform extracts billions of data points and correlates relevant intelligence and insights from expert analysts to help you follow, search, and act on the threats in a fraction of time it takes you now.
KNOW is completely FREE. Sign up and get the most trending and relevant cybersecurity insights.
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!
