News


  • Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

    March 3, 2020

    Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries, of which the latter two were quite ...

  • TrickBot Adds ActiveX Control, Hides Dropper in Images

    March 2, 2020

    The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX—a feature in Remote Desktop Protocol (RDP) – to ...

  • What to know about cyberattacks targeting energy pipelines

    March 1, 2020

    The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...

  • RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus

    February 28, 2020

    Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...

  • Roaming Mantis, part V

    February 27, 2020

    Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. The attackers’ focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis environment detection and so on. We’ve also observed new malware families: Fakecop (also ...

  • Ransomware Hits U.S. Electric Utility

    February 27, 2020

    The Reading Municipal Light Department (RMLD) was infected with ransomware, as revealed in a statement by the electric utility. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware. There was also no indication of plans to pay ransom to the threat actors. RMLD is an electric utility in ...

  • Billions of Devices Open to Wi-Fi Eavesdropping Attacks

    February 26, 2020

    A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug (CVE-2019-15126) stems from the use of an all-zero encryption key in chips made by Broadcom and Cypress, according to researchers at ESET, which results in data decryption. This ...

  • How to Identify and Control DoH On Your Network

    February 25, 2020

    Along with bandwidth, privacy and security are the major concerns shared by everybody and everything on the Internet. Engaging in man-in-the-middle style attacks, today hackers from cyber criminal organizations, state sponsored or masse surveillance interception, can intercept clear-text DNS lookups, track and monitor users’ activities or interfere with commerce and undermine confidence in the platform. ...

  • Data Breach Occurs at Agency in Charge of Secure White House Communications

    February 24, 2020

    Hackers have compromised the Department of Defense (DoD) agency in charge of securing and managing communications for the White House, leaking personally identifiable information (PII) of employees and leading to concerns over the safety of the communications of top-level U.S. officials in the run-up to the 2020 presidential election. Reuters first reported the data breach at the Defense Information ...

  • PowerGhost Spreads Beyond Windows Devices, Haunts Linux Machines

    February 24, 2020

    Trend Micro researchers encountered a PowerGhost variant that infects Linux machines via EternalBlue, MSSQL, and Secure Shell (SSH) brute force attacks. The malware was previously known to target only Windows systems. PowerGhost is a fileless cryptocurrency-mining malware that attacks corporate servers and workstations, capable of embedding and spreading itself undetected across endpoints and servers. It was known to exploit PowerShell, a ...

  • Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

    February 24, 2020

    Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims across a variety of industry verticals many millions of dollars in ransom and ...

  • ObliqueRAT linked to threat group launching attacks against government targets

    February 21, 2020

    Researchers have uncovered a new Remote Access Trojan (RAT) that appears to be the handiwork of a threat group specializing in attacks against government and diplomatic targets. On Thursday, Cisco Talos researchers said the malware, dubbed ObliqueRAT, is being deployed in a new campaign focused on targets in Southeast Asia. The latest campaign started in January 2020 and ...

  • Croatia’s largest petrol station chain impacted by cyber-attack

    February 20, 2020

    A security incident described as “a cyber-attack” has crippled some business operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain. The attack took place last Friday, on February 14, at 22:00, local time, the company said. Multiple sources have told ZDNet the cyber-attack is a ransomware infection that infected and then encrypted ...

  • Details of 10.6 million MGM hotel guests posted on a hacking forum

    February 19, 2020

    The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s ...

  • BlueKeep Flaw Plagues Outdated Connected Medical Devices

    February 19, 2020

    While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol (RDP) flaw. Researchers said they found that 22 percent of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even ...

  • Assessment of Ransomware Event at U.S. Pipeline Operator

    February 19, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on 18 February 2020 on a ransomware incident impacting a natural gas compression facility at an unidentified U.S. pipeline operator. The ransomware event impacted both IT and ICS assets by causing loss of view and control impacts that caused the facility to implement controlled shutdown processes ...

  • Threat Spotlight: Nuke Ransomware

    February 19, 2020

    Nuke ransomware, first identified in 2016, encrypts files with an AES 256-bit encryption key that is protected by asymmetrically encrypting it using 2048-bit RSA. Once a file is encrypted, Nuke changes the file name to a combination of random characters followed by a .nuclear55 extension. For example, an infected file name might be “ab0a+afbamcdEcmf.nuclear55”. Once Nuke executes it ...

  • SMS Attack Spreads Emotet, Steals Bank Credentials

    February 19, 2020

    Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Emotet has continued to evolve since its return in September, including a new, ...

  • Five years after the Equation Group HDD hacks, firmware security still sucks

    February 18, 2020

    In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures. According to researchers, many device makers still don’t sign the firmware they ship for their components. Furthermore, even if they sign a device’s firmware, they don’t ...

  • Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

    February 18, 2020

    Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain, APT34/OilRig and APT33/Elfin appear to be linked to the campaign (which they ...