News – May 2020


  • NCA launches UK ad campaign to divert kids searching for cybercrime tools

    May 29, 2020

    The UK’s National Crime Agency (NCA) has launched a new advertising campaign designed to divert young people searching for cybercrime services to white hat alternatives. As spotted by cybersecurity expert Brian Krebs, using a UK IP address when searching Google for particular terms that can relate to cybercrime, such as Distributed Denial-of-service (DDoS) for hire, booters, stressers, ...

  • Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module

    May 28, 2020

    First discovered in 2016, TrickBot is an information stealer that provides backdoor access sometimes used by criminal groups to distribute other malware. TrickBot uses modules to perform different functions, and one key function is propagating from an infected Windows client to a vulnerable Domain Controller (DC). TrickBot currently uses three modules for propagation. As early as April ...

  • Hackers Compromise Cisco Servers Via SaltStack Flaws

    May 28, 2020

    Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that is running the vulnerable salt-master service. The first is Cisco Modeling Labs Corporate Edition (CML), ...

  • ‘[F]Unicorn’ Ransomware Impersonates Legit COVID-19 Contact-Tracing App

    May 27, 2020

    A fresh ransomware strain known as “Unicorn” has emerged, first seen this week targeting users by pretending to be an official government COVID-19 contact tracing app. According to an advisory from the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID), the malware family is taking advantage of the rollout of “Immuni” – ...

  • Spam and phishing in Q1 2020

    May 26, 2020

    Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process is a challenge all by itself (there are several stages, registration ...

  • Forward-looking security analysis of smart factories [Part 2] Security risks of industrial application stores

    May 26, 2020

    On May 11, 2020, Trend Micro released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of 5 columns, based on the results of this research, we will look at the security risks to be aware of when promoting smart factories by examining overlooked attack ...

  • Factory Security Problems from an IT Perspective (Part 2): People, processes, and technology

    May 26, 2020

    This article is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. Before beginning to consider countermeasures, in the first article we explained the source of the challenges while focusing on the differences ...

  • Turla APT Revamps One of Its Go-To Spy Tools

    May 26, 2020

    The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan (RAT) to attack governmental targets. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. “It is a ...

  • Europol, Capgemini team up in cybercrime prevention, awareness campaigns

    May 26, 2020

    Europol and Capgemini have agreed to pool their resources in new cybersecurity awareness campaigns and the expansion of existing collaboration on threat intelligence. On Tuesday, Europol’s European Cybercrime Centre (EC3) said a Memorandum of Understanding (MoU) has been signed with the consultancy giant that is expected to lead to new “joint exercises, capacity building, and prevention campaigns.” Europol and ...

  • Qakbot Resurges, Spreads through VBS Files

    May 25, 2020

    Through managed detection and response (MDR), we found that a lot of threats come from inbound emails. These messages usually contain phishing links, malicious attachments, or instructions. However, in our daily investigation of email metadata, we often detect threats not just in inbound emails, but even in the users’ own sent items folder. This involves ...

  • Mozilla, Twitter, Reddit join forces in effort to block browsing data from warrantless access

    May 25, 2020

    A group of seven internet companies are vowing to stand up for the privacy of its users this week when the United States House of Representatives considers the USA FREEDOM Reauthorization Act of 2020. Mozilla, Engine, Reddit, Reform Government Surveillance, Twitter, i2Coalition, and Patreon have asked four US legislators to explicitly prohibit the warrantless collection of internet ...

  • eBay port scans visitors’ computers for remote access programs

    May 24, 2020

    When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote access applications. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can ...

  • Threat Spotlight: The Andromeda Botnet

    May 22, 2020

    The Andromeda botnet, also known as Gamarue or Wauchos, was first introduced to the public in 2011. During this time it was used to distribute large quantities of malware. According to Microsoft the Andromeda botnet was used to spread more than 80 malware families including ransomware, worms, and more. Andromeda is a modular malware, meaning additional components can ...

  • NSO Group Impersonates Facebook Security Team to Spread Spyware — Report

    May 22, 2020

    According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage ...

  • Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

    May 22, 2020

    Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat (APT) group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East. This most recent wave of cyberattacks ...

  • Windows malware opens RDP ports on PCs for future remote access

    May 22, 2020

    Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts. Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime ...

  • Home Chef Serves Up Data Breach for 8 Million Records

    May 22, 2020

    Mail-order meal kits have become even more popular as the coronavirus pandemic has kept people home and cooking on a regular basis. Unfortunately, one of these, the popular Kroger’s Home Chef service, recently served up a side of data breach along with its perfectly measured ingredients. According to a notice posted on the Home Chef website, the company ...

  • Factory Security Problems from an IT Perspective (Part 1): Gap between the objectives of IT and OT

    May 21, 2020

    In the cybersecurity industry, key words such as “smart factories,” the “Industrial Internet of Things (IIoT),” and “Industry 4.0” have come to the fore. The business environment that the manufacturing industry operates in is undergoing drastic changes and entering a transition period. Nowadays, it may be difficult to find companies that do not include Digital ...

  • Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

    May 21, 2020

    Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two malware files that pose as Zoom installers but when decoded, contains the malware code. These malicious fake ...

  • Silent Night Banking Trojan Charges Top Dollar on the Underground

    May 21, 2020

    A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range ...