Dear Customer, friends, partners,
This is to inform you that the Threat level has been set to High.
Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.
While the world is dealing with the threat of the self-spreading WannaCry ransomware, we have observed that a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks targeting Microsoft Windows platforms, has been released by WikiLeaks. These two frameworks, named “AfterMidnight” and “Assassin,” are designed to monitor and report back actions taken on the infected remote host and execute malicious actions. ‘AfterMidnight’ Malware Framework ‘AfterMidnight’ allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the malicious payload is disguised as a self-persisting Windows Dynamic-Link Library (DLL) file and executes “Gremlins” – small payloads that remain hidden on the target machine by subverting the functionality of targeted software, surveying the target and/or providing services for other gremlins. ‘Assassin’ Malware Framework Assassin is also similar to AfterMidnight and described as an automated implant that provides a simple collection platform on remote computers running a Microsoft Windows operating system. Once installed on the target computer, this piece of code runs the implant within a Windows service process, allowing the operators to perform malicious tasks on an infected machine, just like AfterMidnight. Assassin consists of four subsystems: Implant, Builder, Command and Control, and Listening Post. It is worth mentioning that the practice followed by the Intelligence Agencies of non-disclosing vulnerabilities to the vendors, wreaked havoc across the world in the past 3 days, when the WannaCry ransomware hit computers in 150 countries by using an SMB flaw that the NSA discovered and held, but “The Shadow Brokers” subsequently leaked it over a month ago. Systems Affected: Microsoft Windows OperatingSystems
The guidelines below will help you protect against malware, and its associated security threats:
* Keep your antivirus up to date and use real time protection.
* Keep your web browser updated. Make sure you’re using the latest version containing all of the latest security patches.
* Update your computers regularly with the latest versions and patches of both antivirus and antispyware software.
* Ensure computers are patched regularly, particularly operating system and key application with security patches.
* It is strongly recommended to implement a Security Awareness program, addressed to all your management and staff, designed to increase the level of understanding regarding Social Engineering and security threats in general
* Filter executable files in email. If your email gateway has the ability to filter files by extension, you may wish to deny mails sent with “.exe”, “.scr”, “.bat” files, or to deny mails sent with files that have two file extensions, the last one being executable.
Finally, in case that a system is compromised, it should be immediately removed from the network.
The Towers Net team and Association of Serbian Cyber Security is at your disposal for any further queries or assistance you may require in addressing the above.