Alert Dispatch 23JUN17 ~ By JohnsTek

June 23, 2017 95 CommentsAlert Dispatch, EmailsBy Scott Johnston

ALERT DISPATCH: New Threat June 28, 2017

The following threats need YOUR IMMEDIATE ATTENTION. As Cyber Attack Vectors-as-a-Service become more available hackers spreading malicious code and stealing personal data to sell on the black market seem to have become more emboldened. From our Open Threat Exchange:

Petya Ransomware Sweeping Across the World NOW!
Affecting Banks, Financial Corporations, Utilities, Mining, Energy, and Transportation Companies, the Petya Ransomware has shut down shipping giant Maersk, and many more industry leaders (Source: CNBC June 27, 2017). Using the EternalBlue vector (like WannaCry) to get into and infect computer event logs, then seizes the computer with a message: “If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but dont waste your time. Nobody can recover your files without our decryption service. We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key. Please follow the instructions: 1. Send $300 worth of Bitcoin to following address: “

We already have the correlation rule in place to identify and alert our Security Operations Center personnel if this virus presents itself in an of our monitored networks.

Industry Controls continue to be Threatened by CrashOverRide and WannaCry:
Previously we reported on attacks on Electrical Grids and SCADA systems. It now appears that the attack on the Ukranian electrical grid in 2016 with CrashOverRide was just a practice run. Analysts following attack vectors such as JackWare, WannaCry, and CrashOverRide believe these successful methods of attacks will become more sophisticated as their targets expand across the globe. Just this week WannaCry found its way into several Traffic Light systems in Europe and Honda had to shut down manufacturing after discovering the infection on its systems in Japan, the United States, and Europe (Source: InfoSecurity, June 22, 2017).

MAC OS Attacks:
Most Apple users read cyber threats with the confidence that they are least likely to be affected by all the noise of malicious code and virus infections. Not so anymore! We are sorry to report to you Apple enthusiasts that you must also remain on the alert! Several indicators of increased activity for cyber attacks against Apple users are mounting.

Just this month 22 Chinese citizens were arrested for peddling in stolen Apple user private data (Source: Apple Insider, June 7, 2017), offered on the black market. This ring of thieves were able to net $7.34 million before the enterprise was shut down by authorities.

Not related, but equally alarming, Palo Alto Unit42 recently discovered a new version of the OceanLotus backdoor exploit that now affects MAC OS users (Source: Palo Alto, June 22, 2017). This vector is transmitted as a ZIP file through email or other data share program. Once launched by the recipient, the malware opens as a Word DOC while secretly infecting the MAC to begin a process that sends files back to the attackers servers. The first line of defense is the user. If you receive a ZIP file that you were not expecting BE SUSPICIOUS! Look very carefully at who the sender was. If you recognize the sender, contact them by another means and ask if the email is legitimate.

About the author