Copy
Share Share
Share Share
Share Share
Forward Forward
September eNews 2021

LIFARS Business Email Compromise Assessment Questionnaire

Please take a moment to complete our Business Email Compromise Assessment Questionnaire. Upon completing this questionnaire, LIFARS will review your responses and propose a custom Business Email Compromise (BEC) assessment for your organizations' O365 infrastructure. The goal is to determine your susceptibility to BEC and make recommendations for hardening. 

BEC Questionaire

 

On September 8, 2021, Microsoft issued a warning to its Azure customers (cloud computing customers) of a vulnerability. This is another compelling example of how a security flaw can open the way for complete compromise in some instances. With hackers well-equipped to disarm the weak security measures, alongside well-funded rivals, including governments, take cybersecurity seriously.
 


In coordination with DHS-CISA, the FBI recently published a flash alert warning the public against the OnePercent Group ransomware gang that has been found targeting US organizations since at least November 2020. This alert is only the latest in a series of high-profile ransomware incidents, partly spurred on in the wake of the COVID-19 pandemic.

 

A Detailed Analysis of
Lazarus’ RAT Called FALLCHILL

FALLCHILL is a RAT that has been used by the Lazarus Group since 2016. The malware decrypts multiple strings at runtime using the XOR algorithm and the RC4 hard-coded key. It implements a custom algorithm that is used to decode multiple DLL names and export functions, which will be imported at runtime. The process collects the following data from the machine and generates a victim ID: OS version information, MAC address, host name, host IP address. 
 

Conti ransomware has been sold as a RaaS (Ransomware as a Service) in underground forums and it’s known that it has been deployed by TrickBot or BazarLoader.  All SMB shares and available drives are encrypted, and the volume shadow copies are deleted using wmic and COM objects. The files are encrypted using ChaCha8, with the key and nonce being encrypted by a public RSA key. Read more at LIFARS website for the full analysis.
 

LIFARS Pentest and IR Retainer Bundled Offer

Only 3 months left in 2021, it’s time to start planning your 2022 IR Retainer plans and Q4 Pentest. Contact us today for a special bundled offer. To speak with a representative, complete our online form, or for immediate assistance call 1-212-222-7061.

For more information about our services visit www.lifars.com

Host Gaspare Marturano interviews Larry Slusser, Anthony Pillitiere, Monti Knode, & Christopher Curtis on an important topic dear to LIFARS and the podcast's guests. Military service is an experience unlike anything else. Military life is significantly different from life as a civilian, especially in the workplace. Shifting back into civilian life where the structure is not present can pose a significant challenge for these new civilians. A career in Cybersecurity for many Veterans is the perfect place to start. In Episode 5 of Hackbits, we speak with some former military members and their work in cyber.


 
Foresite is a cybersecurity firm focused on providing SOCaaS, cyber testing and compliance consulting to Managed Service Providers through Channel Distribution.  Foresite and LIFARS have partnered on an Incident Response solution with SLAs to address the needs of MSPs for immediate access to forensic resources for themselves and their customers when incidents occur.  This program will not only provide fast response, it will also allow MSPs to build new revenue streams from the resale of SLA and retainer hours.  Contact Tracy Fox, Foresite’s National Channel Director for details at tracy.fox@foresite.com.
 
Facebook
Twitter
LinkedIn
Instagram
Instagram
RSS
Website
Email
About LIFARS
LIFARS is an elite cybersecurity, digital forensics, and incident response firm based in New York City. At LIFARS, we believe that cybersecurity is a matter of trust – that is why most of our services are rendered onsite at your premises to establish a personal relationship. Our solutions are based on industry best practices and hands-on expertise stemming from decades of experience. LIFARS conducts digital forensic investigations, incident response, web application security testing, digital risk assessments and academic research. LIFARS continuously explores the latest innovation in the cybersecurity field, and seeks to stay one step ahead of tomorrow’s industry landscape.
Copyright © 2021 LIFARS, All rights reserved.
244 Fifth Avenue, Suite 2035, New York, NY 10001   |   www.lifars.com   |   +1 (212) 222-7061   |   unsubscribe