Cybersecurity firms Bitdefender and Arctic Wolf have identified new tactics used by malware groups to exploit old vulnerabilities and conceal malicious code in social media. Bitdefender discovered S1deload Stealer, a sideloader exploit that uses social channels like Facebook and YouTube as vectors. The exploit affects DLLs, shared code libraries used by every operating system, by hiding malicious code in the form of a DLL loaded by a legitimate digitally signed process. Once installed, S1deload Stealer performs several malicious functions, including credential stealing, identifying social media admins, artificial content boosting, cryptomining, and further propagation through user follower lists. The companies whose executables are used for sideloading are not to blame as the actors create an offline copy of the executables, put the malicious library next to it, and execute it.
Arctic Wolf observed CVE exploits targeting publicly disclosed security flaws. According to Coalition, a cyber insurance and security firm, the time to exploit for most CVEs is within 90 days of public disclosure. In its first-ever Cyber Threat Index, Coalition predicted that there will be over 1,900 new CVEs per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities, and that 94% of organizations scanned in the last year have at least one unencrypted service exposed to the internet.
Daniel Thanos, head of Arctic Wolf Labs, advises to continue employing talented people in cybersecurity, in order to stay ahead of the curve when it comes to new developments in cybercrime. Threat actors have proven that they will rapidly adopt new exploits, evasion methods and find new legitimate tools to abuse in their attacks to blend into normal host and network activity. Our new research on Lorenz ransomware abusing the legitimate Magnet RAM capture forensics utility is another example of this
Bitdefender also unearthed a weaponized proof-of-concept exploitation code targeting CVE-2022-47966, exploiting a remote code execution vulnerability that puts organizations using ManageEngine at risk.
Other Posts you might be interested in:
Following statements made by the White House in May regarding the dangerous uses of AI, the biggest companies spearheading AI development including Google, Meta, Microsoft, OpenAI and Inflection have agreed on a list of eight voluntary commitments, with the ultimate goal of meliorating safety and usage of AI tools.
Read More
There is a new threat that job seekers and employers should be aware of - phishing and malware campaigns that target individuals during the current economic downturn. By exploiting job-themed emails, attackers are attempting to steal sensitive information or hack into devices.
Read More
Microsoft has uncovered Chinese state-backed hackers engaged in cyberespionage activities targeting critical infrastructure organizations in Guam, a U.S. territory. The campaign, codenamed Volt Typhoon, aims to develop capabilities that could disrupt communications infrastructure between the U.S. and Asia during future crises.
Read More