Botnet Cyber Security Hacking Malware Maze Phishing Ransomware Spam Spoofing Spying Vulnerability

Pill scam campaign bypasses spam filters, Duesseldorf University Clinic hacked, patient dies, and more

Major cybersecurity events on 17th September 2020 (Evening Post): Zhenhua Data Information Technology accused of collecting data on millions of people. Maze attackers adopt Ragnar Locker virtual machine technique. Winnti hackers attack 100+ companies, US announces charges.

Round Up of Major Breaches and Scams

Hackers pumped and dumped GAS cryptocurrency for $16.8 million

US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. The men – Danil “Cronuswar” Potekhin, 25, and 35-year-old Dmitrii Karasavidi, of Voronezh and Moscow respectively – are said to be responsible for a phishing campaign that targeted customers of cryptocurrency exchanges between July 2017 until at least October 2018.

Drug spammers start using new technique to bypass spam filters

Actors behind a pill scam campaign are trying a new technique, betting on unconventional representation of URLs in spam messages to keep them undetected by email protection systems and URL block lists. In a massive campaign observed by security researchers, the operators put in some effort to ensure wider reach of their messages promoting dubious pharmaceutical products. The spammers combined convincing messages with IP addresses encoded in the hexadecimal numeral system that lead to fake pharma sites after a few redirects.

German Hospital Hacked, Patient Taken to Another City Dies

German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. The Duesseldorf University Clinic’s systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software,” which it didn’t identify.

Zhenhua Data Leak Takes the Data Spying Trail Back to China

Chinese firm Zhenhua Data Information Technology has been accused of collecting data on millions of people worldwide. The Chinese tech company has reported links with the country’s military and intelligence networks, and thus, this action could be an act of espionage, according to Internet 2.0, an Australia-based cybersecurity consultancy that discovered this hidden data trove. This dataset consists of the personal information of nearly 250,000 people worldwide, including 10,000 Indians that consists of prominent personalities like Narendra Modi, Ramnath Kovind, Ratan Tata, Sachin Tendulkar, etc.

A Pilot to Block Phishing Texts Spoofing Launched in Australia

Australia has been a hotbed for cyberattacks and the country’s Prime Minister, Scott Morrison, has been very vocal about it. Owing to the surge in cyberattacks, especially targeted towards the country’s critical infrastructure, Morrison recently allocated AU$1.66 billion (approximately US$1.19 billion) funds to bolster the cybersecurity defenses for enterprises. However, as a personal recommendation, he also asked businesses to ramp up their own defenses and help the greater cause of defending Australian citizens from such malicious activities.

Round Up of Major Malware and Ransomware Incidents

A New Botnet Attack Just Mozied Into Town

A relatively new player in the threat arena, the Mozi botnet, has spiked among Internet of things (IoT) devices, IBM X-Force has discovered. This malware has been active since late 2019 and has code overlap with Mirai and its variants. Mozi accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020. This startling takeover was accompanied by a huge increase in overall IoT botnet activity, suggesting Mozi did not remove competitors from the market. Rather, it flooded the market, dwarfing other variants’ activity.

Texas Teams Up with FireEye to Tackle Ransomware

This may help some Texas school districts and other public agencies in Texas. I usually don’t post press releases that promote commercial services, but am making an exception because I like the idea that a state is trying to provide more proactive and defensive support to school districts as well as other state agencies: FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that it is working with the Texas Department of Information Resources (DIR) through Carahsoft.

U.S. charges Chinese Winnti hackers for attacking 100+ companies

The U.S. Department of Justice announced today charges against five Chinese nationals fort cyberattacks on more than 100 companies, some of them being attributed to state-backed hacking group APT41. APT41 is one of the oldest threat groups, known primarily for cyber-espionage operations against a variety of entities, including software developers, gaming companies, hardware manufacturers, think tanks, telcos, social, universities, or foreign governments.

Google Ups Malware Protection for ‘Advanced Protection’ Users

Google this week announced improved malware protection capabilities for all users who are enrolled in its Advanced Protection Program. Aimed at providing high-risk users such as politicians and their staff, business executives, journalists, and activists with an additional layer of protection for their accounts, the Advanced Protection Program was launched in October 2017. Any user can enroll to take advantage of the improved security options.

Universities Face Increase in Ransomware Attacks as Students Return

Academia has faced fresh warnings of cyber-attacks after a rise was recorded in August when students returned. According to an alert issued by the National Cyber Security Centre (NCSC) there has been a recent spike in ransomware attacks against UK schools, colleges and universities. It claimed that, in recent incidents, it has observed remote desktop protocols and unpatched software and hardware being utilized, as well as attackers using phishing emails to deploy ransomware.

Maze attackers adopt Ragnar Locker virtual machine technique

While conducting an investigation into an attack in July in which the attackers repeatedly attempted to infect computers with Maze ransomware, analysts with Sophos’ Managed Threat Response (MTR) discovered that the attackers had adopted a technique pioneered by the threat actors behind Ragnar Locker earlier this year, in which the ransomware payload was distributed inside of a virtual machine (VM).

Round Up of Major Vulnerabilities and Patches

NCSC Launches New Vulnerability Reporting Toolkit

The U.K.’s National Cyber Security Centre (NCSC) released a new “Vulnerability Reporting Toolkit,” which is intended to help organizations manage their vulnerability disclosure processes in a simplified manner. The Toolkit is helpful for all types of organizations that are planning to implement a vulnerability disclosure process in their system. It provides a comprehensive guide to develop a disclosure program that was built based on three essential components, which include Communication, Policy, and Security.txt.