X
NEXT
Forgot password?

DigitalXRAID

Threat Pulse – March 2023

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats. 

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

A Noteworthy Threat: How Cybercriminals are Abusing OneNote 

Threat actors are taking advantage of Microsoft OneNote‘s ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.  

Once clicked, an attacker can use the embedded code for various malicious purposes, such as stealing data or installing ransomware on victims’ systems.  

New HiatusRAT Router Malware Covertly Spies On Victims 

A never-before-seen complex malware dubbed Hiatus is targeting business-grade routers to covertly spy on victims.  

It has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packets on the target device. The packet-capture binary enables the actor to monitor router traffic on ports associated with email and file-transfer communications. 

The threat cluster primarily singles out end-of-life (EoL) DrayTek Vigor router models 2960 and 3900.  

The exact initial access vector used in the attacks is unknown, but a successful breach is followed by the deployment of a bash script that downloads and executes HiatusRAT. 

Emotet Malware Now Distributed in Microsoft OneNote Files to Evade Defenses 

Emotet malware is now being distributed using Microsoft OneNote email attachments with the aim of bypassing Microsoft security restrictions and infect more targets.  

Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros.  

Once loaded, the malware will steal email contacts and email content for use in future spam campaigns. It will also download other payloads that provide initial access to the corporate network. 

Microsoft Outlook Elevation of Privilege Vulnerability 

The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook.  

WordPress Elementor Pro Plugin Vulnerability 

A researcher at NinTechNet has discovered a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites. The flaw, which affects v3.11.6 and all versions prior to it, enables authenticated users, such as site members or consumers of online stores, to alter the settings of the website and potentially take entire control of it. 

According to the WordPress security company PatchStack, hackers are currently actively taking advantage of this Elementor Pro plugin vulnerability to redirect users to hackers’ sites (“away[.]trackersline[.]com”) or upload backdoors to the compromised site. 

Elementor Pro users must immediately update to version 3.11.7 or later (the most recent version is 3.12.0), since hackers are still focusing on unpatched websites.  

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services  

A new toolset called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials, API keys and authentication secrets from popular cloud service providers.  

The toolset targets common misconfigurations in popular services like online hosting frameworks, such as Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress in order to gather sensitive data pertaining to AWS, Bluemail, Exotel, Google Workspace, Mailgun, Mandrill, Microsoft 365, Sendgrid, Twilio, Zimbra, and Zoho. 

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.    

Talk to the team to see how you can start protecting your business against cyberattacks today. 

Previous Article

Protect Your Manufacturing Business with Regular Penetration Testing

Next Article

Threat Intelligence: Outlook Zero-Day Vulnerability

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]