Cyber Round-up for 10th April
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The COVID-19 pandemic has given cyber criminals a lot of new ideas, and the virus-related activity is only increasing. NCSC has joined forces with CISA and the US’ homeland security to deliver an advisory, designed to help individuals and organisations protect against these COVID-19 related exploits. The guidance includes a list of indicators of compromise that users can look out for, as well as mitigation techniques. The full guidance document is available for download here; we advise taking advantage of this to prevent the risk of an attack.
As a result of the COVID-19 pandemic, many NASA workers are isolated to their homes. Cyber criminals see this as an opportunity to flood them with increasing waves of attacks. It is not just common criminals doing this however, NASA has also seen an increase in attacks from state-backed hackers, including attempts to exploit personal devices of those working from home. The majority of these malicious actors are focused on phishing attempts to gain access to sensitive information such as login credentials; these actors have also begun targeting mobile devices to trick their victims. NASA advises taking a look at the advisory issued by CISA on protecting against phishing and social engineering.
Interpol has issued serious warnings of a significant increase in ransomware attacks, specifically targeting overwhelmed hospitals. While the staff in these hospitals are working tirelessly to save the lives of those affected by the pandemic, cyber criminals are doing everything they can to profit from their struggle; Interpol are working closely with police in an attempt to combat the ‘heightened’ ransomware threat. Technical support is being provided to its member countries, as well as actively hunting the threat through investigation of suspicious domains related to COVID-19. The pandemic has everyone on their toes; hospital workers are desperate to save the lives of patients, while cyber police are doing the same to keep the hospitals operational.
During the pandemic, the number of people working from home has drastically increased, making conferencing applications a necessity; as expected, cyber criminals have seen this as an opportunity. Applications such as Skype, Zoom, and WebEx have all been targets of this new campaign, and a recent report from Kaspersky revealed that 120,000 packages disguised as these applications had been spotted in the wild. A lot of these packages are just adware and knockoff versions, however a significant number of them have been found to contain various bundles of malware and trojans. It is vital during these times that we are mindful of what we are downloading from the internet; ensure that you are visiting a legitimate source, so you don’t become a victim of this campaign.
A new IoT botnet, known as dark_nexus, is emerging that reportedly uses compromised smart devices as part of a DDoS-for-hire service. The botnet utilises credential stuffing attacks on various devices to take control of them and add them to its list of bots; this number currently sits at 1,372. This botnet shares a lot of features with others we have seen previously, however it has been developed in a much better way making it much more dangerous and robust; it is also believed to be inspired by botnets such as Qbot and Mirai.
Vulnerabilities & Updates
The latest Android malware package to hit the market, known as xHelper, has become extremely prominent in Russia, Europe and Southwest Asia. Reports suggest this malware is almost impossible to remove once it has made its way onto your device, and it is affecting Android 6 and 7 devices; these make up approximately 15% of its user base. Although this is a big problem, there is a simple solution; the malware has to be downloaded from an unofficial app store. If users just stop using unofficial sources to get their apps this would not have spread as much as it has. As always, we advise using only the trusted GooglePlay store, and to avoid all third-party sources.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #86 – 10th April 2020
Why not follow us on social media:
Ironshare – Security Simplified