Categories
APT Breach CVE Cyber Security Data leak DDoS Emotet Jackpotting Malspam Malware QakBot TrickBot Vulnerability

4.7M sources in Asia used to level DDoS attacks, Emotet malspam attacks drop TrickBot, QakBot, and more

Major cybersecurity events on 22nd July 2020 (Morning Post): Assisted living services Lorien Health Services discloses data security incident. Chinese APT’s MgBot malware targets India and Hong Kong. Diebold ATM Terminals’ own software used for jackpotting attacks.

Round Up of Major Breaches and Scams

Assisted Living Services Provider Discloses Data Security Incident

An assisted living services provider in Maryland revealed a data security incident in which attackers encrypted some of its information. In an update posted to its website, Lorien Health Services revealed that the security incident had occurred back on June 6. Upon detecting the incident, Lorien immediately engaged a team of cybersecurity experts to assist with its response and to determine whether any personal information may have been accessed during the incident.

Round Up of Major Malware and Ransomware Incidents

DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records

China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds. More than 4.7 million sources in five countries were used to level distributed denial-of-service (DDoS) attacks against victims in the second quarter of 2020, with the portmap protocol most frequently used as an amplification vector to create massive data floods, security and services firm A10 Networks says in its threat report for the second quarter.

Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot

Emotet has resurfaced after a five-month hiatus, with more than 250,000 malspam messages being sent to email recipients worldwide. Emotet has returned after a five-month hiatus. Researchers first spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday. The malware first emerged in 2014, but has since then evolved into a full-fledged botnet that’s designed to steal account credentials and download further malware.

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the same threat actor changed their template and dropped a loader called MgBot, executing and injecting its final payload through the use of Application Management (AppMgmt) Service on Windows.

Diebold ATM Terminals Jackpotted Using Machine’s Own Software

The company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe. Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. Criminals using a black-box device common with these type of attacks have increased their activity across Europe by targeting Diebold’s ProCash 2050xe USB terminals.

Round Up of Major Vulnerabilities and Patches

G Suite Security Updates Bring New Features to Gmail, Meet & Chat

New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls. Google today announced G Suite security updates in Gmail, Meet, and Chat, along with some new tools to help administrators manage and protect enterprise devices in the Admin Console. One of these is the pilot of a standard called Brand Indicators for Message Identification (BIMI) in Gmail.

Critical Adobe Photoshop Flaws Patched in Emergency Update

Adobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications. Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices.

Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry. Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country.