Tag Archive for: broken
Emotet malware infects users again after fixing broken installer
The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.
Emotet is a malware infection distributed through spam campaigns with malicious attachments. If a user opens the attachment, malicious macros or scripts will download the Emotet DLL and load it into memory.
Once loaded, the malware will search for and steal emails to use in future spam campaigns and drop additional payloads such as Cobalt Strike or other malware that commonly leads to ransomware attacks.
Buggy attachments broke the Emotet campaign
Last Friday, the Emotet malware distributors launched a new email campaign that included password-protected ZIP file attachments containing Windows LNK (shortcut) files pretending to be Word documents.
Source: Cofense
When a user double-clicked on the shortcut, it would execute a command that searches the shortcut file for a particular string that contains Visual Basic Script code, appends the found code to a new VBS file, and executes that VBS file, as shown below.
Source: BleepingComputer
However, this command contained a bug as it used a static shortcut name of ‘Password2.doc.lnk,’ even though the actual name of the attached shortcut file is different, like ‘INVOICE 2022-04-22_1033, USA.doc’.
This caused the command to fail, as the Password2.doc.lnk file did not exist, and thus the VBS file was not created, as explained by the Emotet research group Cryptolaemus.
#emotet Update – As of the last few hours Ivan is running some tests on E4 to try to bypass detection by appending a VBS at the end of an LNK file in a zip. The LNK when launched will find a string in itself and then copy the remainder from that string after to a VBS file. 1/x https://t.co/pEcOWdbfOa
— Cryptolaemus (@Cryptolaemus1) April 22, 2022
Cryptolaemus researcher Joseph Roosen told BleepingComptuer that Emotet shut down the new email campaign at approximately 00:00 UTC on Friday after discovering that the bug was preventing users from becoming infected.
Unfortunately, Emotet fixed the bug today…
Going Back to Basics to Fix Our Broken Approach to Cybersecurity
Cybersecurity has garnered plenty of mainstream attention lately—but for all the wrong reasons. The past year has been marked by a seemingly unending stream of major companies and organizations coming forward to admit they were the victim of a data breach or malware attack. When cybersecurity measures are working well, the end users are never even aware of them. So when ransomware suddenly becomes a household term, you know something is seriously broken with our approach to cybersecurity.
The extent of the problem is borne out in the statistics. The total number of companies that suffered data breaches in 2020 was 1,108, a high that was already exceeded by the end of September, when the total rose to 1,529 (a 17-percent increase)—and the year isn’t even over! Supply chain attacks are also on the rise, but are often a woefully overlooked attack vector in an organization’s security stack. A recent survey revealed that 83 percent of organizations suffered an operational technology breach during the previous three years.
The uptick in major breaches and ransomware incidents has already affected spending priorities, prompting 91 percent of organizations to increase their security budget in 2021. While this is a positive development overall, it underscores the futility of simply throwing more money at a broken system. If a fundamental change isn’t made to their existing security stack, these companies will continue to fall victim to the same threats they always have. It’s a cat-and-mouse game that they will always lose.
So that’s the bad news. The good news is that by augmenting our cybersecurity focus on a fundamental feature of internet architecture, we can start protecting ourselves in a proactive manner. Organizations often view cybersecurity as a wall around their organization’s network, keeping all of the nasty bits of the internet at bay while their critical data stays safely protected within. Unfortunately, in the modern landscape, a determined threat actor will eventually find a way to bypass their target’s defenses—whether by taking advantage of an unpatched exploit, successfully carrying out a phishing scam, or exploiting a…
School Districts Dealing With Broken Water Pipes, Fried Computer Servers and Mold Concerns – NBC 5 Dallas-Fort Worth
Schools across North Texas are dealing with the same problems that many peoples’ homes are: buildings went without power and pipes are broken. Now that the power is back on in many areas, schools are trying to figure out just how bad the damage truly is.
Tractor-trailers rolled to Harpool Middle School in Denton ISD carrying massive dehumidifiers. The district is using them to dry out the building after two inches of water spread through 120,000 square feet of space.
“It’s not just water on the ground, it’s technology and computers, and teachers’ set up and materials that we deliver in instruction,” Denton ISD Superintendent Jamie Wilson said. “It was the bottom floor and the fire suppression went off and before we could get there to turn it off we were knee-deep.”
Wilson said several schools were being cleaned up, but Harpool would likely be moved to remote learning or to upper floors through spring break.
Schools across the area are trying to clean up, eager to get students learning again. They’ve already lost so much this school year and the hits just keep coming.
“It’s caused us to be flexible and that’s the nice way to say it,” Grand Prairie ISD spokesperson Sam Buchmeyer said.
He said technology crews were working to try to make sure computer systems and servers were back up and running after the power kept getting shut on and off — not ideal for computer equipment.
More than 20 schools in Arlington ISD, including Sam Houston High School were dealing with repairs.
“Some are minor and some are more significant,” Arlington ISD Superintendent Marcello Cavazos said.
Heritage Middle School in Grapevine-Colleyville ISD had 15 classrooms flooded and sheetrock needed to be replaced. Several schools in that district are also dealing with a Spectrum internet and phone outage which has taken away control of the HVAC system, internet, phones and security system.
Fort Worth ISD has closed school Monday and Tuesday of next week while it cleans up. Frisco ISD said it wouldn’t be ready for instruction next week.
Northwest ISD had various schools still trying to get water out.
“Some classrooms may have cosmetic damage due to the efforts our teams…