Last week in security news, researchers uncovered an attack campaign that spent the past two years targeting Windows machines running MS-SQL servers. The security community also learned of a vulnerability that enabled attackers to steal the credentials of people using the Zoom Windows client.

Top Story of the Week: Inside Vollgar’s Campaign Against MS-SQL Servers

Guardicore Labs found that the campaign had been targeting Windows machines running MS-SQL servers since May 2018. The campaign used brute-force attacks in an attempt to access targeted Windows machines. Upon successful authentication, the campaign loaded backdoors and executed malicious modules containing crypto-miners and remote-access Trojans (RATs).

Researchers at Guardicore dubbed the campaign “Vollgar, blending together the Vollar cryptocurrency mined in this campaign with the attacks’ vulgar behavior.

Source: iStock

Also in Security News

  • VelvetSweatshop Technique Used by Attack Campaign to Deliver LimeRAT: Researchers at Mimecast discovered an attack campaign that used “VelvetSweatshop” to password-protect a malicious Excel spreadsheet. As VelvetSweatshop is the default password employed by Excel to decrypt protected documents, this decision streamlined the attack chain by allowing the worksheet to bypass security tools and by not requiring users to manually enter a password.
  • Zoom Vulnerability Allowed Attackers to Steal Windows Credentials: As reported by Bleeping Computer, security researchers found that the Zoom Windows client was vulnerable to a UNC path injection in the client’s chat feature. A digital attacker could have exploited the security flaw to steal the user’s Windows credentials.
  • Indian Financial Institutions Targeted by Crimson RAT: Zscaler observed an attack campaign that used spear phishing emails to target Indian financial institutions. Those emails used either malicious PE executables or Office documents to deliver samples of Crimson RAT, malware that is capable of exfiltrating files and sending them to its command-and-control (C&C) server.

Security Tip of the Week: Improve Your Organization’s Password Security

Security professionals can help protect their organizations against brute-force attacks by improving their password security. They can do this by using multifactor authentication (MFA) wherever possible. Additionally, they should also consider working with a penetration testing service for the purpose of evaluating the overall password security of the organization.

More from

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…