Cybersecurity firms Bitdefender and Arctic Wolf have identified new tactics used by malware groups to exploit old vulnerabilities and conceal malicious code in social media. Bitdefender discovered S1deload Stealer, a sideloader exploit that uses social channels like Facebook and YouTube as vectors. The exploit affects DLLs, shared code libraries used by every operating system, by hiding malicious code in the form of a DLL loaded by a legitimate digitally signed process. Once installed, S1deload Stealer performs several malicious functions, including credential stealing, identifying social media admins, artificial content boosting, cryptomining, and further propagation through user follower lists. The companies whose executables are used for sideloading are not to blame as the actors create an offline copy of the executables, put the malicious library next to it, and execute it.
Arctic Wolf observed CVE exploits targeting publicly disclosed security flaws. According to Coalition, a cyber insurance and security firm, the time to exploit for most CVEs is within 90 days of public disclosure. In its first-ever Cyber Threat Index, Coalition predicted that there will be over 1,900 new CVEs per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities, and that 94% of organizations scanned in the last year have at least one unencrypted service exposed to the internet.
Daniel Thanos, head of Arctic Wolf Labs, advises to continue employing talented people in cybersecurity, in order to stay ahead of the curve when it comes to new developments in cybercrime. Threat actors have proven that they will rapidly adopt new exploits, evasion methods and find new legitimate tools to abuse in their attacks to blend into normal host and network activity. Our new research on Lorenz ransomware abusing the legitimate Magnet RAM capture forensics utility is another example of this
Bitdefender also unearthed a weaponized proof-of-concept exploitation code targeting CVE-2022-47966, exploiting a remote code execution vulnerability that puts organizations using ManageEngine at risk.
Other Posts you might be interested in:
Google Cloud has made its Assured Open Source Software platform free, which provides access to vetted open source software packages. The program includes over 1,000 Java and Python packages and features advanced security testing methods to ensure the packages are safe and reliable for developers to use.
Read More
Microsoft has uncovered Chinese state-backed hackers engaged in cyberespionage activities targeting critical infrastructure organizations in Guam, a U.S. territory. The campaign, codenamed Volt Typhoon, aims to develop capabilities that could disrupt communications infrastructure between the U.S. and Asia during future crises.
Read More
IBM X-Force research led by Stephanie "Snow" Carruthers finds human-crafted phishing emails perform 3% better than AI-generated ones. The study, conducted in the healthcare sector, emphasizes the need for businesses to focus on human-centric email security
Read More