Round Up of Major Breaches and Scams
Two weeks ago, ZDNet reported on the results of a very interesting experiment that analyzed how banks implemented EMV (chip) cards on their networks. In the experiment, researchers from Cyber R&D Lab signed up for EMV (chip) cards at 11 banks from the US, the UK, and the EU. The research team then used tools similar to the ones used by criminal gangs to copy the information stored on EMV cards and their magnetic stripes.
Over the past few years, online disinformation has taken evolutionary leaps forward, with the Internet Research Agency pumping out artificial outrage on social media and hackers leaking documents—both real and fabricated—to suit their narrative. More recently, Eastern Europe has faced a broad campaign that takes fake news ops to yet another level: hacking legitimate news sites to plant fake stories, then hurriedly amplifying them on social media before they’re taken down.
The European Union has imposed sanctions today against China, Russia, and North Korea for past cyber-attacks carried out against European citizens and businesses. In a ruling from the European Council, the EU has sanctioned: China for “Operation Cloud Hopper” a series of intrusions against cloud providers. Russia for NotPetya — a ransomware strain created and released by the Russian military in Ukraine, but which spread to all over the globe.
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence. Throughout this series of attacks dubbed ‘Operation North Star’ by McAfee Advanced Threat Research (ATR) researchers who spotted it, the spear-phishing emails were camouflaged as fake job offers from high-profile defense contractors, a tactic used by other similar campaigns targeting the same industries in 2017 and 2019.
The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather “sophisticated” cyberattack. The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys.
Round Up of Major Malware and Ransomware Incidents
The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet. A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control (C2) domain names. Doki however is meant to provide a persistent capability for code-execution on an infected host, setting the scene for any number of malware-based attacks.
The Federal Bureau of Investigation this week released an alert to warn businesses of ongoing cyberattacks involving the NetWalker ransomware. NetWalker, also known as Mailto, has become a widely known threat following a series of high-profile attacks in March 2020, such as those targeting a transportation and logistics company in Australia, and a public health organization in the United States. In June, the University of California San Francisco (UCSF) revealed that it paid over $1 million to recover from a ransomware attack.
Round Up of Major Vulnerabilities and Patches
A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim’s computers simply by tricking them into downloading an archive and extracting it. KDE is a desktop environment found in Linux distributions such as OpenSUSE, Kali, KUbuntu, and others that offers a graphical user interface to the operating system. A path traversal vulnerability has been found in the default ARK archive utility that allows malicious actors to perform remote code execution by distributing malicious archives.
A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect meeting password attempts. The six-digit, numeric passwords protect Zoom meetings, and were added to meetings by default by Zoom in April as an extra security measure to prevent “Zoom bombers” from freely entering and hijacking meetings.
Cisco informed customers on Wednesday that it has patched critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) network management platform. One of the security flaws, CVE-2020-3382, has been classified as critical. It allows a remote, unauthenticated attacker to bypass authentication and perform actions with admin privileges on the targeted device.