Breach Malware Phishing Ransomware

Ransomware hits Finastra, Extortion emails threaten to spread SARS-CoV-2, and more

Major cybersecurity events on 20th March 2020: Russia-linked cybercriminals’ recent attacks involve legitimate tools to avoid detection. Finastra staff detects potentially anomalous activity. FBI warns of phishing emails impersonating the govt. Scammers attempt to capitalize on coronavirus fear through extortion mails.

Round Up of Major Breaches and Scams

Russia-linked cybercriminals use legitimate tools in attacks on German Firms

While in 2019 the adversary used commercially available ransomware to encrypt victims’ files, more recent activity employed the commercial remote administration tool NetSupport, hosted on a user’s Google Drive account. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.

200M records of US citizens leaked in unprotected database

Researchers discovered an unprotected database holding 800GB of personal user information, including 200 million detailed user records. The entirety of the database was wiped on March 3. User records inside the database held what appeared to be profiles of US users, according to researchers with Lithuanian research group CyberNews.

UK printing company exposed military documents

vpnMentor researchers claim they have discovered 343GB worth of files on an AWS server belonging to Doxzoo. They say the company was notified on January 26, but it never responded and the leak was only addressed on February 11, nearly a week after AWS was contacted. According to vpnMentor, the unprotected server stored more than 270,000 records, and the incident could impact over 100,000 users.

Hackers breach FSB contractor and leak details about IoT hacking project

Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.”

FBI warning: Phishing emails push fake Govt stimulus checks

FBI’s Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. The FBI issued another warning about a phishing scam impersonating the Internal Revenue Service (IRS) in 2008 and trying to steal tax payers’ personal information using economic stimulus checks as bait.

Extortion email threaten to infect your family with Coronavirus

Sextortion scammers are now also attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their “dirty secrets”. If you have received such an email, it is important to know that this is just a scam and that no hacker has stolen your passwords or can infect you or your family with an actual real-life virus. Just paying attention to their threats should be reason enough to discard their attempts at extortion and delete such emails immediately.

Round Up of Major Malware and Ransomware Incidents

Fintech company Finastra hit by ransomware

Finastra, a London-based company that provides financial software and adjacent services to the world’s banking sector, has disclosed a security incident today. In a statement posted on its website, the fintech giant said it was infected with ransomware strain. The UK company said it discovered the intrusion into its systems after staff detected what they described as “potentially anomalous activity.”

Revamped HawkEye keylogger swoops in on Coronavirus fears

There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of the World Health Organization (WHO).

Round Up of Major Vulnerabilities and Patches

This new variant of Mirai botnet malware is targeting network-attached storage devices

A new variant of Mirai malware is targeting a recently uncovered critical vulnerability in network-attached storage devices and exploiting them to rope the machines into an Internet of Things botnet. Dubbed Mukashi, the malware uses brute force attacks using different combinations of default credentials in an effort to log into Zyxel network-attached storage products, take control of them and add them to a network of devices that can be used to conduct Distributed Denial of Service (DDoS) attacks.