APT BEC Breach Bug Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Spearphishing Vulnerability

Corporate CEOs face jail time for IoT attacks, Chinese Professor steals US trade secrets, jailed, and more

Major cybersecurity events on 2nd September 2020 (Evening Post): Phishing email scam uses Sharepoint and One Note targeting passwords. AusCERT says alleged DoE hack came from a third-party. Chinese APT releases new malware Sepulcher, uses it in spear-phishing attacks.

Round Up of Major Breaches and Scams

CEOs Could Face Jail Time for IoT Attacks by 2024

Corporate CEOs could soon be personally liable if they fail to adequately secure IT systems connected to the physical world, Gartner has warned. The analyst firm predicted that as many as 75% of business leaders could be held liable by 2024 due to increased regulations around so-called “cyber-physical systems” (CPSs) such as IoT and operational technology (OT). Gartner defines CPSs as “engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world, including humans.”

Phishing scam uses Sharepoint and One Note to go after passwords

Here’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes. From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way. Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in the hope of avoiding being just one more “unexpected email that goes directly to an unlikely login page” scam.

Chinese Professor Jailed for Stealing US Trade Secrets

A Chinese university professor has been handed an 18-month jail sentence for stealing IP from two US companies several years ago. Hao Zhang was charged in 2015 along with five other Chinese nationals with economic espionage and theft of trade secrets. While the five remain at large, most likely in China, Zhang made the mistake of re-entering the US and was promptly arrested. He is said to have met one of the co-conspirators, Wei Pang, while the two were studying doctorates in electrical engineering at a California university.

AusCERT says alleged DoE hack came from a third-party

The Australian Computer Emergency Response Team (AusCERT) denied claims today that hackers had breached the Department of Education, Skills, and Employment (DoE), and downloaded the personal details of more than one million students, teachers, and staff. Rumors of a supposed hack first surfaced yesterday after a hacker shared an archive file on a hacker forum, which they initially advertised as data obtained from the Australian DoE.

Round Up of Major Malware and Ransomware Incidents

Attackers abuse Google DNS over HTTPS to download malware

Earlier this year, BleepingComputer reported on hackers hiding malware in fake Windows error logs. After gaining access to a Windows system and achieving persistence, the malware would read from a “.chk” file that impersonated event logs. The apparent hexadecimal characters on the right side are actually decimal characters used to construct an encoded payload via rogue scheduled tasks.

China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks

A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher. Researchers discovered the new malware being distributed over the past six months through two separate campaigns. The first, in March, targeted European diplomatic and legislative bodies, non-profit policy research organizations and global organizations dealing with economic affairs. The second, in July, targeted Tibetan dissidents.

Tesla employee offered $1 million in bitcoin by hacker in ‘serious’ Russian ransomware attack

Elon Musk, chief executive of Tesla TSLA -4.7% confirmed in a tweet that the company dealt with a potentially harmful attack planned by Russian National to install ransomware software on Tesla’s computer network. The ransomware attack would have encrypted Tesla’s files exposing them to the hacker’s servers. However, the Tesla employee notified the $1 million bitcoin bribe to authorities leading the FBI to arrest Russian hacker Egor Igorevich Kriuchkov on August 22 in LA. Kriochkov now faces up to 5 years in prison for his scheme.

Round Up of Major Vulnerabilities and Patches

Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers

Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software and could allow an unauthenticated, remote attacker to immediately crash the Internet Group Management Protocol (IGMP) process, the company warned in an advisory over the weekend.

Hackers actively exploiting severe bug in over 300K WordPress sites

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions. On the morning of September 1, Arsys’s Gonzalo Cruz was the first to discover the flaw and the fact that it was already being exploited by attackers to upload malicious PHP files onto vulnerable websites.