Round Up of Major Breaches and Scams
US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. The men – Danil “Cronuswar” Potekhin, 25, and 35-year-old Dmitrii Karasavidi, of Voronezh and Moscow respectively – are said to be responsible for a phishing campaign that targeted customers of cryptocurrency exchanges between July 2017 until at least October 2018.
Actors behind a pill scam campaign are trying a new technique, betting on unconventional representation of URLs in spam messages to keep them undetected by email protection systems and URL block lists. In a massive campaign observed by security researchers, the operators put in some effort to ensure wider reach of their messages promoting dubious pharmaceutical products. The spammers combined convincing messages with IP addresses encoded in the hexadecimal numeral system that lead to fake pharma sites after a few redirects.
German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. The Duesseldorf University Clinic’s systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software,” which it didn’t identify.
Chinese firm Zhenhua Data Information Technology has been accused of collecting data on millions of people worldwide. The Chinese tech company has reported links with the country’s military and intelligence networks, and thus, this action could be an act of espionage, according to Internet 2.0, an Australia-based cybersecurity consultancy that discovered this hidden data trove. This dataset consists of the personal information of nearly 250,000 people worldwide, including 10,000 Indians that consists of prominent personalities like Narendra Modi, Ramnath Kovind, Ratan Tata, Sachin Tendulkar, etc.
Australia has been a hotbed for cyberattacks and the country’s Prime Minister, Scott Morrison, has been very vocal about it. Owing to the surge in cyberattacks, especially targeted towards the country’s critical infrastructure, Morrison recently allocated AU$1.66 billion (approximately US$1.19 billion) funds to bolster the cybersecurity defenses for enterprises. However, as a personal recommendation, he also asked businesses to ramp up their own defenses and help the greater cause of defending Australian citizens from such malicious activities.
Round Up of Major Malware and Ransomware Incidents
A relatively new player in the threat arena, the Mozi botnet, has spiked among Internet of things (IoT) devices, IBM X-Force has discovered. This malware has been active since late 2019 and has code overlap with Mirai and its variants. Mozi accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020. This startling takeover was accompanied by a huge increase in overall IoT botnet activity, suggesting Mozi did not remove competitors from the market. Rather, it flooded the market, dwarfing other variants’ activity.
This may help some Texas school districts and other public agencies in Texas. I usually don’t post press releases that promote commercial services, but am making an exception because I like the idea that a state is trying to provide more proactive and defensive support to school districts as well as other state agencies: FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that it is working with the Texas Department of Information Resources (DIR) through Carahsoft.
The U.S. Department of Justice announced today charges against five Chinese nationals fort cyberattacks on more than 100 companies, some of them being attributed to state-backed hacking group APT41. APT41 is one of the oldest threat groups, known primarily for cyber-espionage operations against a variety of entities, including software developers, gaming companies, hardware manufacturers, think tanks, telcos, social, universities, or foreign governments.
Google this week announced improved malware protection capabilities for all users who are enrolled in its Advanced Protection Program. Aimed at providing high-risk users such as politicians and their staff, business executives, journalists, and activists with an additional layer of protection for their accounts, the Advanced Protection Program was launched in October 2017. Any user can enroll to take advantage of the improved security options.
Academia has faced fresh warnings of cyber-attacks after a rise was recorded in August when students returned. According to an alert issued by the National Cyber Security Centre (NCSC) there has been a recent spike in ransomware attacks against UK schools, colleges and universities. It claimed that, in recent incidents, it has observed remote desktop protocols and unpatched software and hardware being utilized, as well as attackers using phishing emails to deploy ransomware.
While conducting an investigation into an attack in July in which the attackers repeatedly attempted to infect computers with Maze ransomware, analysts with Sophos’ Managed Threat Response (MTR) discovered that the attackers had adopted a technique pioneered by the threat actors behind Ragnar Locker earlier this year, in which the ransomware payload was distributed inside of a virtual machine (VM).
Round Up of Major Vulnerabilities and Patches
The U.K.’s National Cyber Security Centre (NCSC) released a new “Vulnerability Reporting Toolkit,” which is intended to help organizations manage their vulnerability disclosure processes in a simplified manner. The Toolkit is helpful for all types of organizations that are planning to implement a vulnerability disclosure process in their system. It provides a comprehensive guide to develop a disclosure program that was built based on three essential components, which include Communication, Policy, and Security.txt.