In this edition of the newsletter, we will cover:

 

  • Exploitation of Microsoft Exchange instances
  • Attacks against MacOS and M1 chips
  • Cyber awareness

 

Exploitation of Microsoft Exchange instances


 

Since March hundreds of thousands of Microsoft Exchange on-premise servers have been exposed to exploitation and thousands have already been breached due to a flaw in different versions of the product.

 

Microsoft has already released security updates for the vulnerable software and further guidelines, along with a set of Indicators of Compromise, on how to check whether one’s environment has been compromised.

 

For those organizations that don’t have dedicated IT teams, Microsoft advises to download and run the specially-developed One-Click Mitigation Tool which includes the latest Microsoft Safety Scanner to mitigate the highest risks prior to patching.

 

Attacks against macOS and M1 chips


 

According to security experts, the development of macOS malware has seen an astounding increase of more than 1,000% in 2020, and the high volume of recent attacks suggests that attackers are still actively targeting Apple products. Several malware strains have stood out:

 

XcodeSpy malware

 

Legitimate Xcode projects have been infected by attackers with the XcodeSpy malware which spreads the infamous EggShell backdoor.

 

Silver Sparrow malware

 

During February, a macOS malware known as Silver Sparrow had infected around 30, 000 Mac devices across 153 countries. One of the components of the malicious package has specifically been designed for Apple’s M1 chip.

 

XCSSET malware

 

Trend Micro researchers have observed Universal Cross-Site Scripting (UXSS) attacks that are using the XCSSET malware to spread JavaScript backdoors on websites.

 

In March this year, Kaspersky’s team identified XCSSET malware samples targeting new Apple M1 chips which indicates that nefarious parties have evolved their executables.

 

The XCSSET malware, the latest one adapted for Safari version 14, downloads and installs malicious Safari frameworks and related JavaScript backdoors from the threat actor’s Command & Control infrastructure.

 

Vulnerabilities & Exploits

 

The XCSSET malware exploits the remote debugging mode in browsers such as Opera, Chrome, and Firefox to perform UXSS attacks.

 

A weakness tagged as CVE-2021-3156 has been discovered in the Sudo app, impacting multiple operating systems such as macOS, Linux, and others.

 

An unpatched zero-day vulnerability was found in Webkit-based browsers. The attack redirected iOS and macOS users to malicious websites.

 

Cyber awareness


 

Per a recent report by Grand View Research, the global market size of cybersecurity services will expand “at a compound annual growth rate of 10.2% from 2021 to 2028.” Security breaches impacting enterprises and individuals, the proliferation of smartphones and IoT devices, the continued rollout of high-speed internet networks are among some of the factors to drive this growth. 

 

To better face this onslaught, companies need to constantly educate their workforces. But how does this preparation look at present?

 

One of the leading findings of a study conducted by TalentLMS on behalf of Kenna Security is that circa 60% of staff had failed a basic quiz following a cybersecurity training.

 

It is incredible that over 70% of the survey respondents who answered every single question incorrectly report feeling safe from cyber-attacks.

 

Another interesting fact is that “despite their largely inherent familiarity with technology, employees aged 18-24 collectively performed the worst on the quiz, with only 16% passing.” 

 

Organizations need to carefully rethink their cyber awareness efforts and deploy robust programs, including regular training and phishing simulation campaigns, using a risk-based approached.

 

As always – be vigilant, stay alert, think twice.

 

AMATAS will continue to monitor this space and deliver salient information regularly. Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.

 

SOURCES


Amatas, Cyware, Microsoft, Trend Micro, Kaspersky, Atlas VPN, ZDNet, Bleeping Computer, SC Magazine, Grand View Research, TalentLMS

Konstantina Kostadinova in AMATAS