Round Up of Major Breaches and Scams
While in 2019 the adversary used commercially available ransomware to encrypt victims’ files, more recent activity employed the commercial remote administration tool NetSupport, hosted on a user’s Google Drive account. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.
Researchers discovered an unprotected database holding 800GB of personal user information, including 200 million detailed user records. The entirety of the database was wiped on March 3. User records inside the database held what appeared to be profiles of US users, according to researchers with Lithuanian research group CyberNews.
vpnMentor researchers claim they have discovered 343GB worth of files on an AWS server belonging to Doxzoo. They say the company was notified on January 26, but it never responded and the leak was only addressed on February 11, nearly a week after AWS was contacted. According to vpnMentor, the unprotected server stored more than 270,000 records, and the incident could impact over 100,000 users.
Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.”
FBI’s Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. The FBI issued another warning about a phishing scam impersonating the Internal Revenue Service (IRS) in 2008 and trying to steal tax payers’ personal information using economic stimulus checks as bait.
Sextortion scammers are now also attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their “dirty secrets”. If you have received such an email, it is important to know that this is just a scam and that no hacker has stolen your passwords or can infect you or your family with an actual real-life virus. Just paying attention to their threats should be reason enough to discard their attempts at extortion and delete such emails immediately.
Round Up of Major Malware and Ransomware Incidents
Finastra, a London-based company that provides financial software and adjacent services to the world’s banking sector, has disclosed a security incident today. In a statement posted on its website, the fintech giant said it was infected with ransomware strain. The UK company said it discovered the intrusion into its systems after staff detected what they described as “potentially anomalous activity.”
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of the World Health Organization (WHO).
Round Up of Major Vulnerabilities and Patches
A new variant of Mirai malware is targeting a recently uncovered critical vulnerability in network-attached storage devices and exploiting them to rope the machines into an Internet of Things botnet. Dubbed Mukashi, the malware uses brute force attacks using different combinations of default credentials in an effort to log into Zyxel network-attached storage products, take control of them and add them to a network of devices that can be used to conduct Distributed Denial of Service (DDoS) attacks.