Breach Cyber Security Malware Phishing RAT Vulnerability

Remcos RAT cloaked as SMB grants, Malicious USBs doing the rounds, Hacked Linksys routers, and more

Major cybersecurity events on 27th March 2020: Teleworking attracts brute-force attacks on Linksys routers. European companies targeted by hackers, suspected to be the Silence and TA505 groups. FBI warns of malicious USB drives delivered via USPS. Remcos RAT payloads target U.S. SBA.

Round Up of Major Breaches and Scams

Purported brute-force attack aims at Linksys routers as more people work remotely

The attack first compromises vulnerable routers by purportedly trying weak or default credentials and mainly targeting Linksys routers, the company said. Once an attacker gains access, they hijack DNS functionality, redirecting victims to a page that attempts to convince them to download a malicious, information-stealing program known as Oski. The attacker’s page aims to harness the fear of the coronavirus pandemic to fool victims.

Round Up of Major Malware and Ransomware Incidents

Russian-speaking hackers attack pharma, manufacturing companies in Europe

Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries. Based on the tools employed in the attacks, the suspects are likely the Silence and TA505 financially-motivated groups.

Hong Kong targeted in new sweeping mobile malware campaign

The attackers, which Kaspersky suspects are Chinese-speaking, lure their victims by posting links to local news sites in general discussion sections of forums that are popular among Hong Kong residents. But when victims click through to see the news, attackers deploy a hidden iFrame that runs an iOS malware variant, a modular backdoor.

FBI: Hackers sending malicious USB drives & teddy bears via USPS

Hackers from the FIN7 cybercriminal group have been targeting various businesses with malicious USB‌ devices acting as a keyboard when plugged into a computer. Injected commands download and execute a JavaScript backdoor associated with this actor.

US Small Business Administration grants used as phishing bait

Attackers are attempting to deliver Remcos remote access tool (RAT) payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA). They are taking advantage of the financial problems experienced by SMBs during the current COVID-19 pandemic to lure them into opening malicious attachments camouflaged as disaster assistance grants and testing center vouchers.

Round Up of Major Vulnerabilities and Patches

Unofficial patches released for exploited Windows font processing flaws

Microsoft revealed earlier this week that it had become aware of targeted attacks exploiting two Windows zero-days related to the way the Adobe Type Manager library handles Type 1 PostScript fonts. Adobe told SecurityWeek that the impacted library is exclusively supported by Microsoft and Adobe customers are not at risk. Hackers can exploit the flaws by convincing users to open specially crafted documents or viewing them in the Windows preview pane.

Apple unpatched VPN bypass bug impacts iOS 13, warn researchers

An unpatched bug in the latest version of Apple’s iOS is blocking virtual private network (VPN) applications from cloaking some private data transmitted between a device and the servers they are requesting data from. While the bug remains unpatched, Apple is suggesting steps users can take to reduce risk, researchers state.