APT Breach Cyber Security Ransomware SIM swapping Spearphishing Spyware Trojan Vulnerability

CloudSEK Daily Threat Bulletin – 13th March 2020

Round Up of Major Breaches and Scams

Czech Republic’s second-biggest hospital is hit by cyberattack

A large Czech Republic hospital responsible for running tests for the novel coronavirus said Friday that a cyberattack had hit its computer systems. It was not immediately clear how, if at all, the hack would affect University Hospital Brno’s ability to test for the COVID-19 virus, but it was nevertheless a reminder of how cyberattacks have the potential to exacerbate the global health crisis.

Open Exchange Rates data breach affects user of well-known orgs

Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. In data breach notification emails sent today, Open Exchange Rates explains that while investigating a network misconfiguration that was causing delays in their service, they discovered that an unauthorized user had gained access to their network and a database that included user information.

Facebook takedowns reveal sophistication of Russian trolls

Facebook and Twitter said they have removed dozens of fake accounts and pages from their services. Facebook said the network of accounts it removed was in the “early stages” of building an audience. The accounts posted about topics such as black history, celebrity gossip and fashion. Twitter, meanwhile, said the accounts it removed tried to sow discord by emphasizing social issues such as race and civil rights without favouring any particular candidate or ideology.

European police nab 26 suspects in SIM swapping dragnet

Police in Europe have arrested 26 people in an effort against two gangs of scammers who would take over victims’ phones, then steal financial and personal data from the devices. Law enforcement in Spain and Romania, in coordination with Europol, arrested 12 and 14 people, respectively, in actions against two distinct groups of SIM swappers, Europol announced Friday.

Princess Cruises confirms data breach

Carnival-owned Princess Cruises reports that a breach may have compromised passenger data. A notice published on the Princess website says suspicious activity was identified in late May 2019. Forensics experts were hired to launch an investigation, which found an unauthorized party gained access to some employee accounts between April 11 and July 23, 2019.

Round Up of Major Malware and Ransomware Incidents

State-sponsored hackers are now using coronavirus lures to infect their targets

Government-backed hacking groups from China, North Korea, and Russia are not letting a global pandemic go to waste and have begun using coronavirus-based phishing lures as part of their efforts to infect victims with malware and gain access to their infrastructure.

‘Cookiethief’ Android malware hijacks Facebook accounts

Referred to as Cookiethief (Trojan-Spy.AndroidOS.Cookiethief), the Trojan features a package name similar to that of the Roblox Android gaming client Kaspersky’s security researchers reveal. While it’s uncertain how the Trojan infects devices — it does not exploit flaws in the Facebook application or the browser — it achieves root by connecting with another backdoor installed on the smartphone, and passes it a shell command.

China-linked APT hackers launch Coronavirus-themed attacks

The subject matter automatically contains at least two of the primary social engineering triggers, fear and urgency, making it an obvious lure for use by criminals. Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign. Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China.

Uzbekistan surveillance campaign leverages new spyware against human rights activists

Human rights activists and journalists in Uzbekistan, whom researchers have long claimed are victims of intrusive surveillance, are facing an increasingly sophisticated campaign in Uzbekistan, according to new findings from Amnesty International. Last year, a Canadian non-profit, eQualitie, revealed that a group of unidentified attackers has targeted journalists and human rights defenders in Uzbekistan with spearphishing emails since 2016. In June, the attackers escalated their activity, and are now trying to leverage spyware against hundreds of targets.

Ransomware attack hits Champaign-Urbana Public Health District

Champaign-Urbana Public Health District’s website was taken down by a ransomware attack, hampering the organization’s response efforts amid the Coronavirus pandemic. The attack, which is attributed to the ransomware variant known as NetWalker, shut down the organization’s website, which was providing updates and information on the Coronavirus response efforts.

Round Up of Major Vulnerabilities and Patches

WordPress plugin bug allows malicious code injection on 100k sites

Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites.

Critical flaw in VMware Workstation, Fusion allows code execution on host from guest

VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. The critical flaw, tracked as CVE-2020-3947, is caused by a use-after-free bug in the vmnetdhcp component.