In this week's digest, we discuss the biggest stories from the week, including Microsoft's Exchange one-click mitigation tool to help small teams patch and new tactics used by Magecart attackers to hide their malicious activity. Keep reading to get all the information you need on the latest cyber security stories from the week.
Mimecast announced that a malicious SolarWinds Orion update was used to access the company's production grid environment, and a limited number of source code repositories" were downloaded. Alongside the source code theft, some Mimecast-issued certificates and limited customer server connection datasets were compromised attackers exploited to target a small number of M365 tenants from non-Mimecast IP addresses. Mimecast recommends that customers in the US and UK reset any server connection credentials used on the Mimecast platform as a "precautionary measure."
According to researchers, Chinese-language APTs are targeting telecom companies in cyberespionage campaigns named "Operation Diànxùn". Researchers have suggested that the campaign could be related to several countries' decision to ban the use of Chinese equipment from Huawei in the global rollout. The APTs used a multi-phased approach to the attacks, with the initial delivery vector being a phishing attack using a fake website designed to mimic the Huawei career page. The second phase executes a .NET payload on the victim's endpoint by leveraging Flash-based artefacts malware.
Xcode is a free application development environment created by Apple that allows developers to create applications that run on macOS, iOS, tvOS, and watchOS. Researchers from SentinelOne discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project used in a supply-chain attack. Threat actors have cloned the legitimate TabBarInteraction project and added an obfuscated malicious 'Run Script' script to the project. SentinelOne is only aware of one in-the-wild victim of this attack, and it is not clear how the malicious Xcode project was being distributed.
Researchers found that Magecart attackers are hiding their activity by saving data they have skimmed from credit cards online in a .JPG file on a website they have injected with malicious code. Researchers discovered the tactic recently during an investigation into a compromised website using the open-source e-commerce platform Magento 2; the checkout page was found to encode captured data before saving it to a .JPG file. Attackers are constantly adapting and finding new tactics to evade detection and conceal their activity.
Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks called Exchange On-premises Mitigation Tool. Microsoft said, "This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update". As of March 12th, 317,269 out of 400,000 on-premises Exchange Servers globally have been patched.