Cyberattacks Are Evolving, Are You?

NetStandard’s Security Minute Series 

This is scary: The IT monitoring software Centreon was attacked, and allowed the Sandworm group access to Centreon for 3 years. IT monitoring software is generally very trusted software, with visibility to everything inside a network, so this attack is pretty serious: French IT monitoring firm Centreon says no customers affected by hacking campaign | Reuters
More ransomware arrests! French and Ukrainian police made arrests in connection with the Egregor ransomware (the successor to Maze). Large parts of Egregor infrastructure are down, including the leak site and some of the command-and-control servers: Egregor ransomware operators arrested in Ukraine | ZDNet
Late last year, the Revil ransomware gang predicted that ransomware would move away from data encryption, and focus more strongly on data exfiltration. The leaked data is often worth more than the encrypted data is. We’ve seen this now – Jones Day, one of the biggest law firms in the world, recently had several gigabytes of data leaked, without encryption: Hacker Leaks Files from Jones Day Law Firm, Which Represented Trump in Election Challenges (vice.com)
Sophos released a technical writeup of the Conti ransomware – how it hides, how it communicates. If you’re curious, check it out: Conti ransomware: Evasive by nature – Sophos News
In May, Windows 10 v1909 and Windows Server v1909 will both be end of service, and will not receive updates, patches, or support. Now’s a great time to check your systems and get them updated before they all expire at once: Microsoft: Windows 10 1909 reaches end of service in May (bleepingcomputer.com)
This week we learned…

• That after Apple released the custom M1 processor last year, app developers started coding for the new platform – and malware developers are too. There are samples on VirusTotal of M1-specific malware already in the wild. Virus protection is important on Macs too: Hackers Are Starting to Code Malware Specifically for Apple’s M1 Computers (vice.com)
• That the creators of TrickBot are still fighting. Despite being publicly taken down by Microsoft and others in late 2020, TrickBot keeps being updated, and recently got rewritten in the Nim programming language to help avoid detection: TrickBot’s BazarBackdoor malware is now coded in Nim to evade antivirus (bleepingcomputer.com)
• That CD Projekt, the developer of Cyberpunk 2077 and Witcher 3, which was hit with the HelloKitty ransomware, is refusing to pay the ransom. In response, the attackers auctioned off the source code for those games, along with other corporate data, to an unknown buyer: CD Projekt’s stolen source code allegedly sold by ransomware gang (bleepingcomputer.com)