Cybersecurity firms Bitdefender and Arctic Wolf have identified new tactics used by malware groups to exploit old vulnerabilities and conceal malicious code in social media. Bitdefender discovered S1deload Stealer, a sideloader exploit that uses social channels like Facebook and YouTube as vectors. The exploit affects DLLs, shared code libraries used by every operating system, by hiding malicious code in the form of a DLL loaded by a legitimate digitally signed process. Once installed, S1deload Stealer performs several malicious functions, including credential stealing, identifying social media admins, artificial content boosting, cryptomining, and further propagation through user follower lists. The companies whose executables are used for sideloading are not to blame as the actors create an offline copy of the executables, put the malicious library next to it, and execute it.
Arctic Wolf observed CVE exploits targeting publicly disclosed security flaws. According to Coalition, a cyber insurance and security firm, the time to exploit for most CVEs is within 90 days of public disclosure. In its first-ever Cyber Threat Index, Coalition predicted that there will be over 1,900 new CVEs per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities, and that 94% of organizations scanned in the last year have at least one unencrypted service exposed to the internet.
Daniel Thanos, head of Arctic Wolf Labs, advises to continue employing talented people in cybersecurity, in order to stay ahead of the curve when it comes to new developments in cybercrime. Threat actors have proven that they will rapidly adopt new exploits, evasion methods and find new legitimate tools to abuse in their attacks to blend into normal host and network activity. Our new research on Lorenz ransomware abusing the legitimate Magnet RAM capture forensics utility is another example of this
Bitdefender also unearthed a weaponized proof-of-concept exploitation code targeting CVE-2022-47966, exploiting a remote code execution vulnerability that puts organizations using ManageEngine at risk.
Other Posts you might be interested in:
Microsoft has uncovered Chinese state-backed hackers engaged in cyberespionage activities targeting critical infrastructure organizations in Guam, a U.S. territory. The campaign, codenamed Volt Typhoon, aims to develop capabilities that could disrupt communications infrastructure between the U.S. and Asia during future crises.
Read More
An overview of the cyberespionage threat actor APT43, also known as Kimsuky or Thallium, which supports the interests of the North Korean regime and has been targeting government and military personnel, think tanks, policymakers, academics and researches throughout the western sphere.
Read More
Explore essential cybersecurity practices for small and medium-sized businesses, covering employee training, password policies, multi-factor authentication, and more. Elevate your business's security with DeepBlue Computers, offering customized solutions and expertise to fortify against evolving cyber threats.
Read More