Round Up of Major Breaches and Scams
Every fifth fact of theft in Russia is associated with the theft of funds from a Bank account. In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled. According to the Prosecutor General’s Office, now every fifth fact of theft is associated with the theft of funds from accounts.
Russian state-sponsored hackers were behind a breach of the Norwegian parliament in August in which attackers stole data from lawmakers’ email accounts, Norwegian officials alleged on Tuesday. “This is a very serious incident, affecting our most important democratic institution,” Norway Foreign Affairs Minister Ine Eriksen Søreide said in a statement. “Based on the information the government has, it is our view that Russia is responsible for these activities.”
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers. A new analysis of business email compromise (BEC) attacks reveals the global footprint of BEC activity: Twenty-five percent of perpetrators behind these threats are located in the United States. Of these attackers, nearly half are based in five states: California, Georgia, Florida, Texas, and New York.
Round Up of Major Malware and Ransomware Incidents
The TrickBot botnet has survived a takedown attempt orchestrated by a coalition of tech companies on Monday. TrickBot command and control (C&C) servers and domains seized yesterday have been replaced with new infrastructure earlier today, multiple sources in the infosec community have told ZDNet. Sources from companies monitoring TrickBot activity described the takedown’s effects as “temporal” and “limited,” but praised Microsoft and its partners for the effort, regardless of its current results.
Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency. Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with several interesting tricks up its sleeve. While the botnet has been active since at least the end of December 2018, researchers observed an increase in DNS requests connected with its command-and-control (C2) and mining servers since the end of August.
If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory reactions have ranged from confusion to silence, from yawns to raised eyebrows, from praise to fear of a blizzard of potentially unintended consequences.
PoetRAT was first discovered by Cisco Talos, it was being distributed using URLs that falsely appeared as Azerbaijan’s government domains, giving researchers a reason to believe that the adversaries intended to target citizens of the Eurasian country, Azerbaijan. The threat actors also attacked private organizations in the SCADA sector such as ‘wind turbine systems’.
Round Up of Major Vulnerabilities and Patches
There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates. Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable. This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI claimed that cybercriminals obtained unauthorized access to government networks by exploiting multiple legacy vulnerabilities in VPNs and the Windows platform. In a joint security alert, the agencies stated that they observed advanced persistent threat (APT) actors targeting federal and state, local, tribal, and territorial (SLTT) government networks, and non-government networks.
Bugs and vulnerabilities in built-down-to-a-price devices made for kids are, very sadly, not a new or even an unusual problem. However, according to the Norwegian cybersecurity researchers who analysed the XPLORA 4 watch described below, the company that sells it claims to have close to half a million users, and annual revenues approaching $10,000,000.
Cybercriminals are chaining Microsoft’s Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns. U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems. Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), CISA and FBI published a joint advisory warning of further attacks.
The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more. A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control. A successful exploit would allow attackers to steal social-networking account tokens, Wi-Fi passwords, cookies, saved passwords, user-location data, message history, emails, contacts and more, researchers said.
Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe states that hackers could exploit this vulnerability, tracked as CVE-2020-9746, by inserting malicious strings in HTTP responses when users visit a website. “Exploitation of CVE-2020-9746 requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.”