There is no denial of the fact that the advancement of technology has reached greater heights in the world of the attackers. Now and then, the name of some new form of a cyber-attack can be heard or read. These attacks are so well planned and executed that as users of the internet, anything we do as an anti-phishing measure is barely ever enough to meet the standards of sophistication employed by the attacker. However, continually studying the recent trail of attacks helps gain at least some insight into the minds and functioning of the cyber adversaries, which enables us to exhibit some preparedness. That is why we have come up with a list of the significant cyber-attacks throughout the week to help you study the attackers better.
Alexa And Siri Prone To ‘Light Commands’ Attack
Researchers at the University of Michigan and the University of Electro-Communications, Tokyo, have recently found that there exists a security flaw in the micro-electromechanical systems (MEMS) microphones that convert voice commands into electrical signals. This loophole can be exploited by attackers to misguide a voice assistant and instruct it to unlock a door or make any other malicious operations. The attack technique makes use of a new ‘Light Commands’ vulnerability that can easily hack the smart speakers of Alexa and Siri.
In the ‘Light Commands’ loophole, attackers make use of laser light beam and inject malicious inaudible commands into several voice-controlled devices like smart speakers, tablets, phones across vast distances, and through glass windows. The vulnerability could be exploited from a range as far as 110 meters, and it can even take place between two separate buildings. The two university research groups proved this through an experiment.
Among the many functions that an attacker can perform after manipulating the voice assistant are unlocking the smart-lock protected front doors, open garage doors, shop on e-commerce websites at the victim’s expense, locate, unlock and start various vehicles if they happen to be connected to the victim’s Google account. The devices that are vulnerable so far are Google Nest Cam IQ, Amazon Echo, Facebook Portal, iPhone XR, Samsung Galaxy S9, and Google Pixel 2.
The phishing prevention tips extended by the university include implementing two-layer authentication, acquiring audio input from multiple microphones, and for extra caution, implementing a cover that obstructs any light hitting the mics.
Ransomware Attack Hits Nunavut
A major ransomware attack recently hit Nunavut – the largest and most northern territory in Canada. The attack was launched on Nunavut’s government network, and most probably, the ransomware came to action when an employee clicked a link in a malicious email or web advertisement. They later confirmed that the ransomware was ‘DoppelPaymer’ and that Nunavut was ill-equipped to deal with such ransomware.
The attack led to quick and swift encryption of multiple Word documents and PDF files on the Nunavut government’s network. All users who tried to access the government’s network post the attack were greeted with a message that said that a powerful algorithm had penetrated their network and that the attackers have exclusive decryption software for the user, which shall, however, cost them. It further informed them that the users need to download an encrypted browser and visit a particular URL within the next 21 days and make the payment. The more they delay, the more they have to pay to retrieve their encrypted files.
Looking at the consequences, the government had shut down parts of its network, which made employees incapable of accessing their email or voicemail. The attack also disrupted the file servers of different departments and some of their communities, as well. However, no loss of personal information has been identified so far.
The anti-phishing protection measures employed include the implementation of contingency plans to ensure uninterrupted services. But total recovery is bound to take at least a week.
BEC Scam Makes Nikkei Lose $29 Million
In a recent cyber attack, attackers could trick Nikkei – one of the leading Japanese media houses into transferring as huge an amount as $29 million into bank accounts controlled by them. The attack was a Business Email Compromise (BEC) attack – one of the most popular forms of attacks employed by adversaries which prove to be highly rewarding for cybercriminals.
Nikkei is quite popular among people and has over 4 million active subscribers. The present attack was successful because an employee of Nikkei America (a subsidiary of Nikkei Inc.) fell for the trap set by attackers and transferred money to their bank account. The attackers had impersonated one of the executives of Nikkei Inc. and could, therefore, fool the American employee.
As a phishing protection measure, Nikkei is trying to preserve and recover the funds that have been transferred. Simultaneously, it is extending full cooperation to the investigations.
Data Breach On Indian Ed-Firm Vedantu
Vedantu – the Indian ed-tech provider underwent a severe data breach in July this year, where the private details of over 687,000 users were lost to attackers. These details included the email and IP address, names, phone numbers, genders, and passwords of thousands of teachers and students who use Vedantu.
However, Vedantu did not care to inform the affected users about the breach until recently, and upon being questioned, they said that they were aware of the breach and were taking steps to inform their customers. Although the threat factor for targeted phishing and other forms of attack has risen, yet the good thing is that the passwords remain encrypted in the breach.
To prevent phishing attacks, all affected customers whose phone numbers, names and addresses had been stolen in the attack have been asked to stay extra cautious as it is very likely that phone scams designed at stealing their money, SIM swap attacks, etc. might be launched on them. Any user who feels victimized because of this attack is asked to stay alert while checking emails and messages or taking phone calls as these might be the ways of spreading malware from the attackers’ end.
Major Cyberattack Hits Georgia
A major cyberattack hit Georgia on October 28, 2019, which had adversely affected thousands of websites and two Georgian TV broadcasters, Imedi TV and Maestro. The attackers also breached into the network of Pro-Service (a local web-hosting provider) and defaced over 15,000 websites that were hosted by Pro Service.
The attack had an uneven pattern of targets with the personal, business, and local newspaper sites being defaced in it. The peculiar thing about the attacks is that the home pages of the damaged sites were replaced by images of former President Mikheil Saakashvili, who is also a criminal with multiple charges in Tbilisi. Saakashvili’s image appeared with the caption, “I’ll be back.”
However, Pro Service is taking phishing prevention measures in collaboration with the Ministry of Internal Affairs and experts from the field to get rid of the problem forever.
Persistent Malicious App Causes Dismay To Over 45,000
Xhelper is one of its kind malicious Android app found to be in action only in the US, India, and Russia. The app keeps itself hidden and goes on to display ads and download additional malicious apps automatically on devices. The app is so persistent that it becomes challenging to get rid of it as it is designed to remain concealed from the system’s launcher.
One can not get Xhelper out of his system because the app keeps reinstalling itself even after being manually removed or after a device has been restored to factory settings.
To date, Xhelper has infected over 45,000 devices, and researchers believe that it is an app that grows more sophisticated with time.
How does it work?
- The app has no visible icon on the launcher and gets activated through external events to evade phishing prevention software.
- It registers itself on the device as a foreground service, reducing its chances of being eliminated when there is less storage on the device.
- It keeps restarting its service if stopped, which is an innate characteristic of mobile malware.
- After settling into a device, the app decrypts its malicious payload into the device memory, which connects the device to the attacker’s command and control (C&C) server to proceed with further commands.
- With these done, new payloads like droppers, clickers, and rootkits are auto-downloaded on the device.
Major Cybersecurity Firm’s Employee Selling Customer Data?
A customer’s trust in a company is the most important for its smooth operation, but keeping the customer’s trust is their duty too. It was reported earlier in August 2019 this year that an employee of Trend Micro illegally sold the company’s customer data to a malicious buyer. Data leakage leads to a lot of threatening calls and suspicious incidents. Customers reported about fraud calls made to them, and the person on call introduced themselves as Trend Micro’s support personnel.
After a lot of investigations that weren’t successful until October 2019, it was reported that it was an insider from the company who posed a threat in reality. The information that was leaked included names, telephone numbers, and emails of the customers.
The scammer who bought the data and the amount paid for the information is still a mystery. A statement made from a Trend Micro spokesperson revealed that an employee laid hands on the database by the wrong means. Also, he stated that the database also had the customer support ticket numbers apart from the valuable details like name, phone numbers, and emails of the customer.
A sigh of relief came when the spokesperson also stated that no financial, business, or government payment or other vital information was wrongfully accessed. A trust wounding incident that it was; the company immediately fired the culprit and immediately untheorized them of any access to the company. The matter is still under investigation.
Last but not least, Trend Micro has assured its customers to be alert as the company never makes unsolicited calls to their customers and never asks any details about them. Any suspicious calls should be immediately reported to the company.
Indian Nuke Plant Infected With Korean Malware
The Kudankulam Nuclear Power Plant (KNPP) in India was recently hit by a malware infection, which was identified by researchers to be Dtrack. It is speculated that the malware has roots in North Korea.
Sure about the efficiency of its anti-phishing solutions, the Indian government initially denied accepting that an attack might hit them, but the Nuclear Power Corporation of India (NPCIL) later released a statement confirming the same. The attackers seem to have infected the device of someone who used the plant’s internet network for administrative purposes. But the plant systems have been marked safe from the attack.
The purpose of this attack is not known yet, it might have been an accidental attack, an intended multistage IP-stealing mission, or something even crueler, but that is still a mystery.
Telecom Providers Singtel And Ninja Logistics To Pay Penalty
The Personal Data Protection Commission (PDPC) – Singapore’s security watchdog has penalized two telecom providers, namely, Singtel and Ninja Logistics, for a data breach that occurred due to their negligence. While Singtel is asked to pay a fine of $25,000, Ninja Logistics has to pay $90,000 for the said data breach.
The Personal Data Protection Commission was informed anonymously about the security flaw in Singtel’s system, which was found to be valid upon investigations. The firm had kept the personal details of over 330,000 customers public because of a design flaw in its app. This flaw made anyone with a phone and internet connection capable of accessing the accounts of Singtel’s customers, thereby exposing their billing information, names, and addresses.
The PDPC also mentions that Singtel did hire a third-party vendor for security tests, but they could not detect the design flaw, and thus the breach took place. But PDPC also adds that the firm received enough professional advice to take precautions against vulnerabilities, but having failed to abide by those phishing attack prevention techniques has led to this exploitation.
As for Ninja Logistics, it had established an unnecessary second layer of authentication, which requires users to enter their name or mobile number to verify their identity. This breach exposed the details of over 1.26 million people using their website. Because of this security flaw, users could easily view the details of fellow customers by merely entering their tracking numbers. This revealed information such as names, addresses, signatures of customers.
However, both the firms have now released updated versions of their websites wherein, Singtel has patched its design flaw, and Ninja Logistics has taken measures to uphold the privacy of its users.
Russian Influencers Affecting African Users Removed By Facebook
Facebook has decided to ban the Russians trying to influence Facebook users in African countries illegally. It is speculated that this action of the Russians is connected to the malicious financer Yevgeniy Prigozhin, who was also involved in the information warfare efforts before the 2016 US Presidential election.
Facebook has removed three distinct networks from Russia, which attempt to influence Madagascar, Central African Republic, Mozambique, the Democratic Republic of the Congo, Côte d’Ivoire, Cameroon, Sudan, and Libya.
Here is a detailed list of the three removals:
- The first one involved 35 Facebook accounts, 53 Pages, 7 Groups, and 5 Instagram accounts centering users in Madagascar, the Central African Republic, Mozambique, the Democratic Republic of the Congo, Côte d’Ivoire, and Cameroon. One of these pages had about 475,000 followers, and over $77,000 were spent in promotions.
- The second one involved 17 Facebook accounts, 18 Pages, 3 Groups, and 6 Instagram accounts with over 457,000 followers in total.
- The third one involved a network of 14 Facebook accounts, 12 Pages, 1 Group, and 1 Instagram account with roots in Russia targeting Libya.
Setting an example of ensuring protection against phishing and exhibiting zero tolerance to cyber crimes, Facebook has brought down these pages, groups, and accounts looking at their behavior. As per Facebook’s statement, this has nothing to do with the kind of content they post.