News – November 2020


  • Weaponizing Open Source Software for Targeted Attacks

    November 20, 2020

    Trojanized open-source software is tricky to spot. This is because it takes on the façade of legitimate, non-malicious software, making it especially stealthy and useful for targeted attacks. However, a closer investigation can reveal suspicious behavior that exposes their malicious intent. How are open-source software trojanized? How can we detect them? To answer these questions, let ...

  • QBot partners with Egregor ransomware in bot-fueled attacks

    November 20, 2020

    The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware. Victims usually become infected with Qbot through phishing emails ...

  • The UK’s new offensive cyber unit takes on organised crime and hostile states

    November 19, 2020

    A new offensive force made up of spies, cyber experts and the members of the military is already conducting cyber operations to disrupt hostile state activities, terrorists and criminals, the UK government has revealed. The new group – known as the National Cyber Force – aims to tackle threats to the UK’s national security such as ...

  • Android chat app with 100 million installs exposes private messages

    November 19, 2020

    GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. By abusing a flaw in the app, unauthenticated attackers can gain access to private voice messages, videos, and photos shared by GO SMS Pro users as Trustwave security researchers discovered three months ago. The ...

  • Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

    November 19, 2020

    Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by researchers, in particular targets vacuums with LiDAR sensors, as the name ...

  • Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes

    November 19, 2020

    So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright ...

  • Huge U.K. Defense Spending Boost Funds Cyber Force, Space Command And AI

    November 19, 2020

    U.K. Prime Minister Boris Johnson announced on Wednesday evening that the Ministry of Defence would receive an extra £16.5 bn / $21.8bn over the next four years. This is the largest investment in defense for 30 years and is on top of already agreed increases in spending. Johnson said that the massive increase was justified despite ...

  • Advanced Threat predictions for 2021

    November 19, 2020

    Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in ...

  • Exploiting AI – How Cybercriminals Misuse and Abuse Artificial Intelligence and Machine Learning

    November 19, 2020

    Artificial intelligence (AI) is swiftly fueling the development of a more dynamic world. AI, a subfield of computer science that is interconnected with other disciplines, promises greater efficiency and higher levels of automation and autonomy. Simply put, it is a dual-use technology at the heart of the fourth industrial revolution. Together with machine learning (ML) ...

  • German COVID-19 Contact-Tracing Vulnerability Allowed RCE

    November 19, 2020

    A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Labs were chasing down RCE vulnerabilities on the platform and found one in the infrastructure ...

  • Food-Supply Giant Americold Admits Cyberattack

    November 19, 2020

    Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain (and soon, COVID-19 vaccine distribution), has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission (SEC). The filing was brief and read in part: “As a precautionary measure, the company took immediate steps to help contain the incident ...

  • Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

    November 18, 2020

    The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...

  • APT10: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign

    November 17, 2020

    A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-gathering operation. Companies in multiple sectors are targeted in this campaign, including those operating in the automotive, pharmaceutical, and engineering sector, as well as managed service providers (MSPs). The scale and sophistication of ...

  • More than 200 systems infected by new Chinese APT ‘FunnyDream’

    November 17, 2020

    A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years. The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender. The attacks ...

  • CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

    November 17, 2020

    Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2020. This surge eclipsed the total number of attacks against organizations’ industrial ...

  • Information Leakage in AWS Resource-Based Policy APIs

    November 17, 2020

    Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts. Researchers confirmed that 22 APIs across 16 different AWS services could be abused the same way and the exploit works across all three AWS ...

  • Cybercriminal ‘Cloud of Logs’ – The Emerging Underground Business of Selling Access to Stolen Data

    November 16, 2020

    In this latest research by the Trend Micro Forward-Looking Threat Research (FTR) team, we take a closer look at an emerging underground market that is driven by malicious actors who sell access to troves of stolen data, frequently advertised in the underground as “clouds of logs.” This underground market affects not just users whose credentials ...

  • Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

    November 16, 2020

    The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a ...

  • Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords

    November 16, 2020

    A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. Jupyter infostealer has been detailed by cybersecurity company Morphisec who discovered it on the network of an unnamed higher ...

  • Israeli companies targeted with new Pay2Key ransomware

    November 16, 2020

    Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained to Israel. “As days go ...