Cybersecurity Roundup August 2024

Stay informed with SSL.com's August 2024 Cybersecurity Roundup, featuring insights on PEAKLIGHT malware, BlackByte ransomware, and others. Learn more!

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

SSL.com and Entrust Form Strategic Partnership 

SSL.com is proud to announce a strategic partnership with Entrust, where SSL.com will support Entrust’s public TLS certificate lifecycle, ensuring seamless, secure, and robust certificate services. Entrust customers will experience a smooth transition with no service interruptions, continuing to manage their accounts through the existing Entrust portal. To maintain trust and security, customers are encouraged to renew their certificates before October 31, 2024, using Entrust’s lifecycle solutions or automation tools. SSL.com will integrate multiple paths with Entrust, including serving as an external Registration Authority (RA) for Identity Validation, aligning with SSL.com’s policies and practices. This partnership underscores SSL.com’s commitment to excellence in digital identity and trust services, ensuring uninterrupted service and security for all customers.  

For full information on the new partnership between SSL.com and Entrust, head over to our dedicated article.  

PEAKLIGHT Malware Targets Windows Users 


Mandiant researchers have discovered a new malware dropper named PEAKLIGHT, which targets Windows users through fake movie downloads. The sophisticated attack chain begins with a Windows shortcut file, leading to the deployment of various malware strains including Lumma Stealer and Hijack Loader. This campaign highlights the ongoing risks of downloading content from unofficial sources and the evolving tactics of cybercriminals. 

SSL.com Insights: 

Companies and organizations should ensure that their network defenses are capable of inspecting encrypted traffic for suspicious activity without compromising legitimate use, such as leveraging tools that can analyze traffic passing through encrypted channels. Implementing security solutions that can monitor PowerShell script execution, detect abnormal memory-only processes, and block unapproved programs from executing will prevent the downloader from running on the system. Organizations should also enhance endpoint security by controlling access to external devices and ensuring that only authorized programs can run on machines that are used by their members, significantly reducing the chances of malicious content from unauthorized sources being executed. 

Black Basta-Linked Campaign Deploys SystemBC Malware via Social Engineering


Rapid7 has uncovered a social engineering campaign allegedly tied to the Black Basta ransomware group. The attackers use fake IT calls and Microsoft Teams to trick users into installing AnyDesk, which then delivers SystemBC malware. This campaign aims to steal credentials and exfiltrate data, highlighting the ongoing risks of sophisticated phishing attacks. 
SSL.com Insights: 

To combat the increasingly sophisticated phishing and social engineering attacks detailed in the article, companies should implement email scanning tools that block malicious attachments and links before they reach employees. Detection systems can be enhanced by analyzing network traffic to identify and block abnormal data transfers initiated by unauthorized remote desktop software. Regularly auditing and controlling access to sensitive data using encrypted communications will help protect against credential theft attempts during these attacks. SSL.com’s S/MIME certificates can secure email communications by encrypting messages and ensuring that they are only accessible to the intended recipient, thus preventing email-based credential theft.

Encrypt Emails, Safeguard Data  

Get S/MIME Now

BlackByte Ransomware Exploits ESXi Vulnerability to Target Virtual Assets 


BlackByte ransomware operators have begun exploiting a recent VMware ESXi authentication bypass vulnerability (CVE-2024-37085) to compromise enterprise networks’ core infrastructure. This pivot represents a significant change in the group’s tactics, moving away from their usual practice of exploiting public-facing vulnerabilities. The new approach allows attackers to gain full access to ESXi hosts using Active Directory privileges, potentially causing widespread disruption to virtual environments.  SSL.com Insights: 
To protect against vulnerabilities like CVE-2024-37085, organizations should employ advanced monitoring tools that inspect network traffic for unauthorized access attempts, particularly those exploiting Active Directory privileges. Implementing strong access management protocols, such as regularly auditing user groups and removing unnecessary privileges, will minimize the risk of attackers leveraging AD to gain control over critical systems like VMware ESXi hosts. Endpoint protection should be reinforced with tools that detect and block the use of vulnerable drivers, while patch management must ensure that all systems, including ESXi, are updated to the latest versions to close known security gaps. SSL.com’s Client Authentication certificates can help by ensuring only authenticated and authorized users can access sensitive environments, providing a trusted layer of protection against unauthorized credential use. 
 

Authenticate Users, Secure Your Network 

Get Started Now

New Stealth Techniques Target Asian Military and Government Organizations  


Researchers at NTT have uncovered a sophisticated hacking campaign targeting high-level organizations in Southeast Asia. The attackers, possibly linked to China’s APT41, are using two rare stealth techniques: “GrimResource” for code execution in Microsoft Management Console, and “AppDomainManager Injection” for malware deployment. These methods have been used to infect Taiwanese government agencies, Philippine military, and Vietnamese energy organizations with Cobalt Strike malware. 

SSL.com Insights:

To protect against sophisticated stealth techniques like GrimResource and AppDomainManager Injection, organizations should enhance their endpoint protection by using advanced tools that can detect and block payloads before they execute. Network traffic monitoring can also help identify unusual behaviors associated with compromised systems by scrutinizing unexpected file downloads or malicious script execution. Employing robust application control tools can prevent unauthorized changes to critical system files like MSCs and DLLs, minimizing the risk of exploitation through unapproved applications. Implementing strong email filtering and attachment scanning, along with user education on phishing tactics, can further reduce the likelihood of successful initial access. SSL.com’s S/MIME certificates provide an additional layer of protection by ensuring that emails are digitally signed and encrypted, helping users verify legitimate communications and avoid downloading malicious attachments that initiate these types of attacks.

 

Secure Emails, Block Phishing Threats   

Protect with S/MIME

SSL.com Announcements

Microsoft Intune and SSL.com Integration Now Available for S/MIME Certificate Management

SSL.com now offers seamless integration of its S/MIME certificates with Microsoft Intune, streamlining secure email encryption and digital signatures across multiple devices. This service simplifies certificate management by securely delivering certificates to devices. Intune supports importing PFX certificates, making it easy for organizations to maintain security without compromising on usability. By leveraging Intune, organizations can easily deploy S/MIME certificates to devices running Android, iOS/iPadOS, macOS, and Windows 10/11.  Contact sales@ssl.com for more information on SSL.com-Microsoft Intune integration. 

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.