Security News for 4Jun2020

#security #cybersecurity #itsecurity #privacy #hangover #neon #viceroytiger #monsoon #backconfig #malware #nhs cycldek #goblinpanda #conimes #usbculprit #zloader #mazeransomware #bec #tycoon
Image by https://recordedfuture.com
  1. “Hangover Group is a cyberespionage group that was first observed in December 2013 carrying on a cyberattack against a telecom corporation in Norway. Cybersecurity firm Norman reported that the cyberattacks were emerging from India and the group sought and carried on attacks against targets of national interest, such as Pakistan and China. However, there have been indicators of Hangover activity in the U.S. and Europe. Mainly focusing on government, military, and civilian organizations. The Hangover Group’s initial vector of compromise is to carry out spear-phishing campaigns. The group uses local and topical news lures from the South Asia region to make their victims more prone to falling into their social engineering techniques, making them download and execute a weaponized Microsoft Office document. After the user executes the weaponized document, backdoor communication is established between BackConfig and the threat actors, allowing attackers to carry on espionage activity, potentially exfiltrating sensitive data from compromised systems.” https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/
  2. “All National Health Service (NHS) and social care organisations in the United Kingdom have always been and will always be a target for bad actors. The nature of their business and the sensitive data they hold make these entities appealing to bad actors who know that legacy systems, and/or, not regularly patched systems, such as those employed by healthcare organizations are easy to penetrate. Such attackers also figure that they can easily use disrupted IT assets within hospitals to get what they want.” https://www.tripwire.com/state-of-security/healthcare/nhs-uk-healthcare-orgs-boost-security-covid-19/
  3. “The deep web and the dark web are two distinctly different things. The dark web is merely dark because of its more limited accessibility; however the public misconception has led to the belief that the dark web is a realm for cybercrime. Still, cybersecurity is a huge issue for companies and individuals. Personal data such as name, address, email address, and phone number are on the Internet. Data breaches and hacking cost the global economy more than $400 billion of losses annually. Most cyberattacks happen through the dark web.” https://www.threathunting.se/2020/06/04/what-is-the-dark-web/
  4. “A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos.”   https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html
  5. “The app, created by Jaipur, India-based developer OneTouch AppLabs, purported to scan Android phones for any apps with links to China. It used market research to identify apps from a named list and would then offer users the chance to wipe them from the user’s phone. Demos found online showed it deleting TikTok, the popular messaging app owned by Chinese developer ByteDance, and UC Browser, developed by Alibaba-owned UCWeb. It also also reportedly deleted the app for the Zoom videoconferencing service, which the Munk School’s Citizen Lab revealed was sending encryption keys to Chinese servers.” https://nakedsecurity.sophos.com/2020/06/04/google-deletes-indian-app-that-deleted-chinese-apps/
  6. “The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Then the attackers used the hijacked domain to launch spear-phishing attacks against some of its customers.” https://securityaffairs.co/wordpress/104272/hacking/hackers-hijacked-coincheck-domain.html
  7. “Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers – but actually spreads banking credential-stealing malware” https://threatpost.com/zloader-laced-emails-unemployed-victims/156222/
  8. Sky News reported on Wednesday that the contractor, Westech International, has confirmed that it’s been hacked and that its computers have been encrypted. It’s not yet clear if the extortionists managed to steal classified military information. Investigations to identify exactly what they got away with are still ongoing.  However, the attackers have already leaked files that suggest they had access to sensitive data – including payroll and emails – that they copied before they encrypted it, Sky News reports. They’re threatening to publish all of the files.”  https://nakedsecurity.sophos.com/2020/06/04/nuclear-missile-contractor-hacked-in-maze-ransomware-attack/
  9. “Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private.” https://threatpost.com/google-faces-privacy-lawsuit-over-tracking-users-in-incognito-mode/156269/
  10. “An aggressive tool hitting a sizable number of popular web services and platforms is trying to brute force its way in with login combinations obtained from parsing metadata from the target.  The malware looks for various systems for managing content, databases, and file transfers as well as backup files and administrator login paths.” https://www.bleepingcomputer.com/news/security/bruteforce-malware-probes-login-for-popular-web-platforms/
  11. “A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies out of hundreds of thousands of dollars.  Kenenty Hwan Kim (who sometimes went by the name Myung Kim) took advantage of a simple trick that has proven highly effective to fraudsters in recent years.  The method of tricking businesses into handing over large amounts of money is known as Business Email Compromise (BEC), and comes in a variety of flavours.” https://www.tripwire.com/state-of-security/featured/the-scammer-launder-business-email-compromise/
  12. “Recorded Future catalogued more than 200 publicly reported ransomware attacks against banking and financial institutions outside of the United States between April 2019 and April 2020. During the same period, there were just over 40 publicly reported ransomware attacks against financial institutions in the United States.” https://www.recordedfuture.com/finance-ransomware-attacks/
  13. Signal, the popular encrypted messaging app, will release a feature that enables users to blur faces in photos they share, Signal Foundation co-founder Moxie Marlinspike said Wednesday. The feature will be built into forthcoming versions of Signal for Android and iOS to automatically detect faces and obscure them. For faces that aren’t detected, the user can manually blur the image before sending” https://www.cyberscoop.com/george-floyd-protest-phone-security/
  14. “After researchers conducted forensic investigations at a European educational institution, they uncovered that attackers had gained access to the unnamed institution through an internet-connected remote desktop server, according to the Blackberry Research and Intelligence Team. The ransomware, which Blackberry has dubbed Tycoon, uses a little known Java image format to avoid detection and then encrypts file servers, locking administrators out unless they pay a ransom.” https://www.cyberscoop.com/tycoon-ransomware-java-blackberry-kpmg/
  15. “The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly sophisticated business email compromise (BEC) attacks that rely on social engineering and lack the common threat signals to trigger detection.” https://threatpost.com/understanding-payload-less-email-attacks/156299/
  16. “The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.  Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.  Today, Maze Ransomware posted a new entry to their data leak site that states that they breached the network for Conduent in May 2020.” https://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/
  17. “Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.” https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/
  18. “Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.” https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/

#security #cybersecurity #itsecurity #privacy #hangover #neon #viceroytiger #monsoon #backconfig #malware #nhs cycldek #goblinpanda #conimes #usbculprit #zloader #mazeransomware #bec #tycoon