News – March 2020

March 31, 2020

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot since ...

March 31, 2020

Hotel chain Marriott International has today announced that it has been hit by a second data breach exposing the personal details of “up to approximately 5.2 million guests”. The breach, which began in mid-January 2020 and was discovered at the end of February 2020, saw contact details, including names, addresses, birth dates, gender, email addresses and ...

March 31, 2020

In 2019, Business Email Compromise (BEC) maintained its rankings as both the most profitable and the most prominent threat facing our customers. According to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3), which recently released its annual report, US$1.77 billion in losses were attributed to BEC attacks over the course of 2019. This number ...

March 30, 2020

Google has registered a significant drop in government-backed cyberattacks against its properties and the people who use its products. Google sends out warnings if it detects that an account is a target of government-backed phishing or malware attempts. For 2019, the internet giant sent almost 40,000 warnings – which, while a large number, is still a ...

March 30, 2020

According to researchers Amir Gandler and Limor Kessem at IBM X-Force, Sphinx (a.k.a. Zloader or Terdot) began resurfacing in December. However, the researchers observed a significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. First seen in August 2015, Sphinx is a modular ...

March 28, 2020

Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting ...

March 27, 2020

Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation and small business loans. Although campaigns employing themes relevant to ...

March 27, 2020

Criminals are only just getting started when it comes to exploiting the global spread of coronavirus to profit from hacking and cybercrime, and the number of attacks is likely to rise, Europe’s law enforcement agency Europol has warned. The new report on how criminals profit from the COVID-19 pandemic details the increase in coronavirus-themed attacks, including phishing emails and spam ...

March 26, 2020

The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic. With the amount of strain healthcare organizations are under during this pandemic, I was hoping that ransomware operators would ...

March 26, 2020

The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura. The main goal of the ransomware is to crypt all files that it can in an infected system and then demand a ransom to recover the files. However, the most important characteristic of Maze is the ...

March 26, 2020

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain that targets iOS vulnerabilities in versions 12.1 ...

March 25, 2020

A prolific state-backed Chinese cyber espionage operation started 2020 with one of its largest hacking campaigns – even though the coronavirus lockdown in China appeared to have an impact on the group’s output. The global operation by hacking group APT 41 – widely believed to linked to the Chinese government – targeted businesses in telecoms, manufacturing, healthcare, defence, ...

March 24, 2020

The ongoing global response to COVID-19 infections has become a critical public health, economic, and national security priority. The crisis has been made worse by ransomware and other disruptive intrusion incidents, threatening the continued provision of healthcare services to patients affected by the disease. U.S. Health and Human Services disclosures of known data breaches — even prior ...

March 24, 2020

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have ...

March 23, 2020

There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, ...

March 20, 2020

Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.” Read more… Source: ZDNet  

March 20, 2020

The coronavirus disease (COVID-19) is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains.  As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on coronavirus-related malicious campaigns. This report also includes ...

March 20, 2020

The Department for Business, Energy and Industrial Strategy (BEIS) is looking for organisations who can support in the supply of ventilators and ventilator components across the United Kingdom as part of the Government’s response to COVID-19. These questions aim to identify the suitability and readiness of organisations to be involved in the initiative. There are three ...

March 19, 2020

As soon as the proof-of-concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel network-attached storage (NAS) devices with a new Mirai variant – Mukashi. Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful ...

March 19, 2020

Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets. For years, ...