The intelligence in this week’s iteration discuss the following threats: Botnet, Data breach, Misconfigurations, Ransomware, Threat groups, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Aggressive Brute Force Campaign “GoldBrute” Trying to Access 1.5M RDP Servers (June 10, 2019)Morphus Labs announced the discovery of a new brute force campaign against 1.5 million Remote Desktop Protocol (RDP) servers by a botnet called “GoldBrute.” The campaign targets the problem of RDP servers left exposed to the Internet by the BlueKeep vulnerability (CVE-2019-0708) in Windows XP and 7’s Remote Desktop Services (RDS) which use RDP. According to Morphus, 1,596,571 servers have been subjected to an attempted brute-force attacks targeting RDP accounts. While limiting the number of times a password can be guessed is a vital practice, “GoldBrute” is trying to fly under the radar by limiting itself to one attempt per compromised host.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Brute Force (T1110) | [MITRE ATT&CK] Remote Desktop Protocol (T1076)
Magecart Skimmers Found on Amazon CloudFront CDN (June 8, 2019)Malwarebytes researchers discovered a number of web properties on Amazon CloudFront compromised by the financially-motivated threat actors referred to by the umbrella term, “Magecart.”. Hosted JavaScirpt libraries within the Contect Delivery Network (CDN) were tampered with and injected with web skimmers. Upon analyzing the breaches, it was found that they were a contin ..
Support the originator by clicking the read the rest link below.
