Since mid-August, financially motivated threat actors have been scanning Drupal websites that are vulnerable to Drupalgeddon 2.0 (CVE-2018-7600 and CVE-2018-7602) to install Shellbot malware. They scan for the /user/register and /user/password pages in the installation phase and attempt to brute-force into the websites using the discovered information. Once they succeed, they install Shellbot, which uses an IRC channel as its command and control server and performs various functions such as DDoS attacks and searching for SQL injection vulnerabilities.
Meanwhile, threat actors modified an exploit chain previously used to deliver Formbook malware to now deliver Agent Tesla and other information-stealing malware without triggering anti-virus detection. The latest campaign to distribute Agent Tesla exploits a Microsoft Office Equation Editor vulnerability (CVE-2017-11882) to download and open an RTF file from a malicious Microsoft Office Word document. Since most RTF parsers typically ignore what they do not know, highly obfuscated RTF files are able to hide exploit codes.
We advise our customers to install patches as soon as they are available to avoid falling prey to attacks that exploit known vulnerabilities. Our customers are also recommended to stay abreast of the latest cyber threats and adopt good security practices to protect against potential attacks.
 Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
 Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
More Weekly Cyber Newsanalysis and insights
Medtronic Disables Updates For Pacemaker Programmer Due To Vulnerability, Israel’s National Emergency Service Websites Exposed Patient Data
Hackers Breach Travel Records At U.S. Dept of Defense, U.S. Govt Watchdog Says Pentagon Slow To Protect Weapon Systems From Cyber Threats
MOF On How To Spot Fake SG Bonus SMSes, Alipay and Tencent Say Hackers Used Stolen Apple IDs To Pilfer Money
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services