Blog

Archive for the ‘cybercrime/malcode’ category: Page 99

Jan 29, 2022

Lazarus hackers use Windows Update to deploy malware

Posted by in category: cybercrime/malcode

North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.

The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.

After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder.

Jan 22, 2022

Cybersecurity in 2022 — A Fresh Look at Some Very Alarming Stats

Posted by in categories: biotech/medical, business, climatology, cybercrime/malcode, sustainability

*The past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.

* Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.

Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).y affected firms in the past year. past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.

Jan 21, 2022

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

Posted by in category: cybercrime/malcode

Google researchers detail two zero-day vulnerabilities reported in Zoom client software and MMR servers.

Jan 21, 2022

DoNot Hacking Team Targeting Government and Military Entities in South Asia

Posted by in categories: cybercrime/malcode, government, military

Researchers reveal details about recent cyberattacks carried out by the Donot Hacking Team against government and military entities in South Asia.

Jan 19, 2022

Google Docs comment feature exploited to distribute phishing links

Posted by in category: cybercrime/malcode

A team of security researchers at Avanan is reporting that hackers are taking advantage of a Google Docs security vulnerability—one that takes advantage of a comment feature. They are claiming that they saw hackers using the vulnerability to target 500 inboxes of 30 Outlook users involving over 100 individual email accounts.

The at Avanan claims that they found an earlier exploit in Google Docs last June—one that allowed hackers to send phishing links to users. Then, this past October, they discovered that hackers had found another way to send phishing links to unsuspecting users, using the comment feature. They further claim that the vulnerability was not fixed by Google and because of that they began seeing hackers taking advantage of the vulnerability last month.

The hacking approach is both simple and straightforward—a creates a Google Docs document and adds comments to it that include an @ symbol followed by an email address. The symbol automatically alerts the system to send an email to the person designated in the email address—the email that is sent has phishing links in it, sending the user to a webpage that could lead to malicious code.

Jan 18, 2022

Hacking backdoor? Security flaws in China’s mandatory Olympics app | DW News

Posted by in categories: biotech/medical, cybercrime/malcode, encryption, health, mobile phones, surveillance

Athletes headed to the Beijing Olympic Winter Games are making final travel preparations, including keeping in line with China’s health measures on the “My 2022″ smartphone app. However, inadequate encryption measures within the app can leave Olympians, journalists and sports officials vulnerable to hackers, privacy breaches, and surveillance, according to a cybersecurity report by the Citizen Lab obtained exclusively by DW. Additionally, the IT forensic specialists found that the app includes a censorship keyword list. The findings come as international concern over digital safety at the Games mounts. Germany, Australia, UK and US have urged their athletes and National Olympic Committees to leave their personal phones and laptops behind and to travel with special devices over fears of digital espionage. The Dutch Olympic Committee outright banned its athletes from bringing personal phones and laptops due to surveillance concerns.

In the Olympic Playbook for athletes and team officials, the International Olympic Committee states that the “My 2022″ app is “in accordance with international standards and Chinese law.” But based on its findings, Citizen Lab concludes that the insecure transmission of personal information “may constitute a direct violation of China’s privacy laws.” This is because China’s data protection laws require that a person’s health and medical records held digitally be transmitted and stored in an encrypted manner. Citizen Lab’s findings also raise questions concerning two Western tech giants that carry the “My 2022″ app: Apple and Google. “Both Apple’s and Google’s policies forbid apps to transmit sensitive data without proper encryption, so Apple and Google will need to determine whether the app’s unresolved vulnerabilities warrant delisting,” Citizen Lab’s Knockel told DW. The Beijing Organizing Committee has stood by its app, however, saying it “passed the examination” of international mobile application markets such as Google, Apple and Samsung.“We have taken measures such as personal information encryption in the app to ensure privacy security,” the committee said Monday to Xinhua News Agency.

Continue reading “Hacking backdoor? Security flaws in China’s mandatory Olympics app | DW News” »

Jan 18, 2022

Protecting EV Charging Stations from Cyberattacks

Posted by in categories: cybercrime/malcode, internet, sustainability

As the number of electric cars on the road grows, so does the need for electric vehicle (EV) charging stations and the Internet-based managing systems within those stations. However, these managing systems face their own issues: cybersecurity attacks.

Elias Bou-Harb, director of the UTSA Cyber Center for Security and Analytics, and his colleagues — Claud Fachkha of the University of Dubai and Tony Nasr, Sadegh Torabi and Chadi Assi of Concordia University in Montreal — are shedding light on the vulnerabilities of these cyber systems. The researchers are also recommending measures that would protect them from harm.

The systems built into electric cars perform critical duties over the Internet, including remote monitoring and customer billing, as do a growing number of internet-enabled EV charging stations.

Jan 16, 2022

Linux malware sees 35% growth during 2021

Posted by in categories: cryptocurrencies, cybercrime/malcode

The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks.

IoTs are typically under-powered “smart” devices running various Linux distributions and are limited to specific functionality. However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.

Besides DDoS, Linux IoT devices are recruited to mine cryptocurrency, facilitate spam mail campaigns, serve as relays, act as command and control servers, or even act as entry points into corporate networks.

Jan 15, 2022

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

Posted by in category: cybercrime/malcode

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems.

The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News.

Using existing legitimate infrastructure to facilitate intrusions is increasingly becoming part of an attacker’s playbook as it obviates the need to host their own servers, not to mention be used as a cloaking mechanism to evade detection by security solutions.

Jan 15, 2022

FIN7 Uses Flash Drives to Spread Remote Access Trojan

Posted by in categories: cybercrime/malcode, electronics

The use of trojanized USB devices for keystroke injection is not a new technique, even for FIN7. Typically the attack targets specific persons with access to the computer systems of the intended victim company. As FIN7 has recently ventured into ransomware, it makes sense for them to look for alternative avenues of infecting computers that are monitored by layers of protective systems, such as firewalls, email scanners, proxy servers, and endpoint security. The tactics and techniques involved in trojanized USB attacks enable FIN7 actors to avoid many of these network-level and endpoint protections by dispensing with malware transmission over the network, minimizing the use of files on disk and employing multiple layers of encoding of the malware’s scripts and executable code.

Pertinently, FIN7 recently created “Bastion Secure”, a fake information security company, and employed system administrators to unknowingly assist in system exploitation. It is possible that trojanized USBs are being constructed and used by these administrators for penetration testing. Alternatively, they might also be providing trojanized USBs to clients or prospective clients through some form of ruse (for example, telling the client it contains documentation on the fake company’s services). In either case, the clients or prospective clients could become victims of a trojanized USB attack, resulting in FIN7 gaining unauthorized remote access to systems within victims’ networks.

Gemini Advisory Mission Statement