Cyber Round-up for 3rd December
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Four Android banking trojans have been seen infecting devices through the Google Play Store over the last few months, with more than 300,000 recorded infections. The trojans are being contained in dropper apps and have been specially designed to deliver malware such as Anatsa, Alien, ERMAC and Hydra.
Here is a list of the applications carrying trojans:
- Two Factor Authenticator (com.flowdivison)
- Protection Guard (com.protectionguard.app)
- QR CreatorScanner (com.ready.qrscanner.mix)
- Master Scanner Live (com.multifuction.combine.qr)
- QR Scanner 2021 (com.qr.code.generate)
- QR Scanner (com.qr.barqr.scangen)
- PDF Document Scanner – Scan to PDF (com.xaviermuches.docscannerpro2)
- PDF Document Scanner Free (com.doscanner.mobile)
- CryptoTracker (cryptolistapp.app.com.cryptotracker)
- Gym and Fitness Trainer (com.gym.trainer.jeux)
REvil and Gandora are some of the most well-known Ransomware-as-a-Service operators in the world, and work by offering ransomware services to third parties, often referred to as affiliates. It was announced last week that one of these affiliates was caught by the FBI, who managed to seize $2.3 million worth of Bitcoin from the hackers. There are no further details on how the wallet was accessed, but it was confirmed that it was found through a cryptocurrency storage solution known as Exodus.
Providers of IT services could be forced to undergo new changes to their business infrastructure to support new regulations for cyber security. Current plans are being made to force businesses to be more secure from cyber security threats such as malware and confidential information breaches. Other plans include new procurement rules to guarantee that public sector businesses can only be supplied with IT Services through secure trusted providers, as well as guidance and advice for businesses on how to manage cyber threats.
Panasonic, a Japanese electrical goods provider has disclosed a 4-month long data breach that the company was previously unaware of. The data breach was discovered on November 11th however some news reports seem to discuss that the breach had been happening since June 22nd. Panasonic has neither confirmed nor denied these allegations. Panasonic has said that it is working hard to find if the data breach involved customer data.
Emotet has been found to be hiding in fake Adobe PDF software installer package for windows. This is shared through phishing emails trying to trick the victim to go to a website and install the malware on their device. Once complete the malware steals the victim’s email contacts and forwards a copy of the email to all contacts to further infection. Once a device is infected TrickBot and Qbot can be installed which can lead to a ransomware attack.
After a series of raids the Ukrainian police have seized incriminating evidence and members of the cyber gang phoenix. They have been accused of using phishing schemes to gain access to online accounts of phone manufacturers, such as Samsung and Apple, harvested banking details, and selling personal data. The group is believed to still be active but laying low after the recent raids and arrests.
Vulnerabilities & Updates
A new strain of ransomware has been spotted recently, known as BlackByte. Reports suggest the ransomware is leveraging the ProxyShell flaws in Microsoft Exchange servers to gain access, elevate privileges and execute arbitrary code. After exploitation, the attacker can simply install and execute the ransomware via Cobalt Strike and completely lock down the target system. There is a patch available for the ProxyShell flaws being exploited, and we recommend applying the latest updates as soon as possible.
More details on the nature of this attack can be found here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #169 – 3rd December 2021
Why not follow us on social media:
Ironshare – Security Simplified