News – September 2020


  • APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

    September 17, 2020

    Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. Meanwhile, the Department of Treasury also imposed sanctions on individuals and organizations associated with Iran-linked APT39. APT41 (a.k.a. Barium, Winnti, Wicked Panda or Wicked Spider) is known for nation-state-backed cyber-espionage activity as ...

  • Maze ransomware now encrypts via virtual machines to evade detection

    September 17, 2020

    The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine. In May, we previously reported that Ragnar Locker was seen encrypting files through VirtualBox Windows XP virtual machines to bypass security software on the host. The virtual machine would mount a host’s drives ...

  • Mozi Botnet Accounts for Majority of IoT Traffic

    September 17, 2020

    The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things (IoT) devices, according to researchers. IBM X-Force noticed Mozi’s spike within it’s telemetry, amid a huge increase in overall ...

  • Alert issued to UK universities and colleges about spike in cyber attacks

    September 17, 2020

    British universities and colleges have been warned about a spike in ransomware attacks targeting the education sector by the UK’s National Cyber Security Centre (NCSC), a part of GCHQ. Academic institutions are being urged to follow NCSC guidance following a sharp increase in attacks which have left some teachers fearing they won’t be able to accept ...

  • “Zerologon” and the Value of Virtual Patching

    September 16, 2020

    A new CVE was released recently that has made quite a few headlines – CVE-2020-1472. Zerologon, as it’s called, may allow an attacker to take advantage of the cryptographic algorithm used in the Netlogon authentication process and impersonate the identity of any computer when trying to authenticate against the domain controller. To put that more simply, ...

  • Cerberus banking Trojan source code released for free to cyberattackers

    September 16, 2020

    The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction. Speaking at Kaspersky NEXT 2020 on Wednesday, Kaspersky cybersecurity researcher Dmitry Galov said that the leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector ...

  • New MrbMiner malware has infected thousands of MSSQL databases

    September 16, 2020

    A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner. Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent. In a report published earlier this month, Tencent Security has named this ...

  • Adobe out-of-band patch released to tackle Media Encoder vulnerabilities

    September 16, 2020

    Adobe has released an out-of-band patch to resolve a trio of vulnerabilities discovered in Media Encoder. Adobe Media Encoder, software used to encode audio and video in different formats, is the sole subject of the security update issued outside of the company’s usual monthly release. On Tuesday, Adobe said that three vulnerabilities — CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 ...

  • Boosting Impact for Profit: Evolving Ransomware Techniques for Targeted Attacks

    September 15, 2020

    While more enterprises have adjusted to the new normal, so have cybercriminals who take advantage of the ever-changing work, home, and security landscape. As described in our 2020 Midyear Roundup, the numbers pertaining to ransomware no longer tell the story at first glance. While the number of infections, company disclosures, and ransomware families has gone ...

  • Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits

    September 15, 2020

    From May 1-July 21, 2020, Unit 42 researchers captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. The majority of attacks we observed were classified as high severity (56.7%), and nearly one quarter (23%) were classified as critical. The most common vulnerabilities exploited ...

  • The State of Industrial Cybersecurity 2020

    September 15, 2020

    In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More than 330 industrial companies and organizations across the globe were surveyed online and 10 industry representatives were interviewed at trade fairs and ARC forums worldwide. This ...

  • Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw

    September 15, 2020

    Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol. BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to ...

  • Surge in DDoS attacks targeting education and academic sector

    September 15, 2020

    As education institutions across the world moved to online learning, cyber threat disruptions have amplified more than ever. Malware, vulnerability exploits, distributed denial-of-service (DDoS), phishing attacks have all struck this sector, increasing in frequency over the past two months. As schools in the U.S. restarted in remote learning mode, cybersecurity companies noticed a surge in DDoS ...

  • U.S. Dept of Veterans Affairs data breach affects 46,000 veterans

    September 15, 2020

    The U.S. Department of Veterans Affairs (VA) has suffered a data breach that has led to the exposure of personal information for over 46,000 veterans. The VA department was created to ensure United States veterans receive the health services, benefits, and care they deserve. In a data breach notification released yesterday, the VA states that hackers breached ...

  • Windows 10 ‘Finger’ command can be abused to download or steal files

    September 15, 2020

    The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently. These are known as living-off-the-land binaries (LoLBins) and can help attackers bypass security controls to fetch malware without triggering a security alert on the system. The latest addition is finger.exe, a command that ships ...

  • MITRE releases emulation plan for FIN6 hacking group, more to follow

    September 15, 2020

    MITRE and cyber-security industry partners have launched a new project that promises to offer free emulation plans that mimic today’s biggest hacking groups in order to help train security teams to defend their networks. Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity’s Center for Threat-Informed Defense. The project, hosted on GitHub, ...

  • Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

    September 15, 2020

    Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The ...

  • QR Codes Serve Up a Menu of Security Concerns

    September 15, 2020

    Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus ...

  • 1H 2020 Cyber Security Defined by Covid-19 Pandemic

    September 15, 2020

    When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken advantage of big news to use as lures for ...

  • MSPO – essential and very much in demand

    September 14, 2020

    All eyes on Targi Kielce in September – not only the military business sector but the broadly defined industry is focused on the Kielce events. There are two reasons why this year has been so exceptional. First of all, it has been the Kielce autumn tradition to offers the world’s biggest military concerns’ the presentation ...