Round Up of Major Breaches and Scams
The Slovakian crypto exchange suffered a targeted hack attack on Monday night. Crypto exchanges are the favorite targets of cybercriminals because let’s face it, it can make you multi-millionaire within seconds and which is why attacking them is such common practice among hackers. This time, Eterbase, a Bratislava, Slovakia based cryptocurrency exchange was attacked, and a whopping $5 million were stolen.
The breach occurred as part of a ransomware attack against service provider Blackbaud. Inova Health Systems has notified customers that it was hit by a ransomware attack through a third-party vendor. Blackbaud, a vendor that provides fundraising support to nonprofit organizations, was itself hit by an attack that resulted in Inova data being exfiltrated from the Blackbaud servers.
A reader got in touch with me regarding a suspicious email they had received claiming to come from Facebook. What made the reader suspicious? Well, amongst other things, they’re not actually a Facebook user. Let’s take a look at the email, which claims to be a warning that someone using an iPhone 11 Pro had tried to log into the account. A user just logged into your Facebook account from a new device iphone 11 pro. We are sending you this email to verify it’s really you.
Malicious actors have substantially evolved the use of fake alert scams in recent years, in particular, the increasing targeting of mobile users, according to a new report by Sophos. The investigation, authored by Sean Gallagher, senior threat researcher at Sophos, found that “a vast majority” of the fake alerts in malvertising networks targeted mobile users. This is partly because mobile has become a greater source of internet traffic, but these devices also offer easier modes of attack compared to desktop.
As people found solace within the safe boundaries of their homes after Coronavirus caused havoc worldwide, it was a time for hackers to be active. According to a report by NexusGuard, a whopping 542 percent jump in DDoS attacks was reported in the first quarter of 2020 over the previous quarter. People were forced to work from home to stop the rise of the pandemic. As the reliance on remote services increased, hackers deemed it a perfect opportunity to up the ante and cause disruption.
Round Up of Major Malware and Ransomware Incidents
The malware has popped up in a targeted campaign and a new infection routine. The Zeppelin ransomware has sailed back into relevance, after a hiatus of several months. A wave of attacks were spotted in August by Juniper Threatlab researchers, making use of a new trojan downloader. These, like an initial Zeppelin wave observed in late 2019, start with phishing emails with Microsoft Word attachments (themed as “invoices”) that have malicious macros on board. Once a user enables macros, the infection process starts.
SeaChange International, a US-based leading supplier of video delivery software solutions, has confirmed a ransomware attack that disrupted its operations during the first quarter of 2020. The company is traded on NASDAQ as SEAC and it has locations in Poland and Brazil. Its customer list includes telecommunications companies and satellite operators such as the BBC, Cox, Verizon, AT&T, Vodafone, Direct TV, Liberty Global, and Dish Network Corporation.
The director of Saraburi Hospital on Wednesday confirmed the hospital computer system had been attacked with ransomware, but said no demand for money was received. Patients were being advised to bring their own medical records and old medicine packaging with them if they visit the hospital. Dr Anant Kamolnet, director of Saraburi Hospital in Muang district of Saraburi province, said computer system crashed due to a ransomware attack.
Threat actors monetize on adult traffic in several large malvertising campaigns. Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight a successful run.
Round Up of Major Vulnerabilities and Patches
The organizations behind the Bluetooth wireless technology has published guidance today on how device vendors can mitigate a new attack on Bluetooth capable devices. Named BLURtooth, this is a vulnerability in a component of the Bluetooth standard named Cross-Transport Key Derivation (CTKD). This component is used for negotiating and setting up authentication keys when pairing two Bluetooth-capable devices.
Google patched a critical vulnerability in the Media Framework of its Android operating system, which if exploited could lead to remote code execution attacks on vulnerable devices. Overall, Google fixed flaws tied to 53 CVEs as part of its September security updates for the Android operating system, released on Tuesday. As part of this, Qualcomm, whose chips are used in Android devices, patched a mix of high and critical-severity vulnerabilities tied to 22 CVEs.
Microsoft has announced a new Azure capability known as automatic VM guest patching and designed to automatically apply patch Windows virtual machines against newly discovered vulnerabilities. The new feature is now in Public Preview for Windows virtual machines on Azure and it is designed to help admins maintain their environments’ security compliance by having Azure Virtual Machines (VM) automatically patched.
Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical systems. The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that’s licensed by many of the top industrial control system (ICS) software vendors, including Rockwell Automation and Siemens.
Intel this week released security patches to address a critical vulnerability in Active Management Technology (AMT) and Intel Standard Manageability (ISM). The bug, which Intel calls improper buffer restrictions in network subsystems, could be abused by unauthorized users to escalate privileges via network access in provisioned AMT and ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.
Samsung has started rolling out Android’s September security updates to mobile devices to fix critical security vulnerabilities in the operating system and enhance overall features on the devices. This week Android published their September 2020 security updates, which includes numerous security patches for critical vulnerabilities impacting the latest devices. As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates today, September 9, 2020.