The industry saw lot of phishing and smishing in the second month of 2020. Most of this was related to the coronavirus epidemic. Read some of the most interesting and useful infosec articles from early February.
For more articles, check out our #onpatrol4malware blog.
The Cofense Phishing Defense Center uncovered a phishing campaign that specifically targets users of Android devices that could result in compromise if unsigned Android applications are permitted on the device. Read more.
Magecart Group 12’s Latest: Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign
Source: Risk IQ
A recent blog post highlighted Magecart activity targeting ticket re-selling websites for the 2020 Olympics and EUFA Euro 2020. Read more.
Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers. Read more.
Traffic exchange is probably one of the oldest types of grey-hat business on the internet. Different companies compete to buy or sell real traffic for your projects. Read more.
Researchers periodically scanned and collected metadata from Docker hosts exposed to the internet and this research reveals some of the tactics and techniques used by attackers in the compromised Docker engines. Read more.
Source: F-Secure Labs
F-Secure Labs were able to demonstrate a proof of concept for introducing a fraudulent payment message to move £0.5M from one account to another, by manually forging a raw SWIFT MT103 message. Read more.
In July 2018, the Chinese-based research group 360 TIC produced a report Sapphire Mushroom (APT-C-12) Technical Details Revealed. This report analysed a malicious LNK file allegedly used by the APT group “Sapphire Mushroom”. Read more.
Source: The Morning Paper
The results from this paper are all too predictable: channels on Over-The-Top (OTT) streaming devices are insecure and riddled with privacy leaks. Read more.
Source: Secure List
Researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. Read more.
“Distinguished Impersonator” Information Operation Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests
Source: Fire Eye
FireEye published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that was organized in support of Iranian political interests. Read more.
Source: MeltXOR Security
Goblin Panda has historically had information theft and espionage related motives that align with Chinese interests. Their targets have primarily been defense, energy, and government organizations located in South/Southeast Asia. Read more.
The South Korean government has warned the public of a sharp rise in smishing attempts — scam text messages — that use misinformation about the novel coronavirus outbreak. Read more.
Consumers are increasingly using mobile banking apps as their primary means to manage their finances. It has not gone unnoticed by cybercriminals who are starting to exploit it as a new attack vector. Read more.
Source: We Live Security
In one way, the proliferation of domain name service (DNS) attacks throughout the world has helped to raise awareness about a deep problem in the “plumbing” of the internet. Read more.
Source: CheckPoint Research
Earlier, IDF’s spokesperson revealed that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’. Read more.
Source: Bleeping Computer
An advanced threat actor has been targeting gambling and betting companies in multiple regions of the globe with malware that links to two Chinese hacker groups. Read more.
Source: Bleeping Computer
In 2019, Black Banshee launched multiple parallel cyber espionage campaigns, from large-scale credential harvesting to narrowly targeted espionage and exfiltration operations. Read more.
CyberMDX gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. Read more.
Working with U.S. Government partners, DHS, FBI, and DoD identified Trojan malware variants used by the North Korean government. Read more.
The threat actor behind the internet’s largest WordPress botnet is using an anti-adblocker script to make sure the ads they inject on hacked sites are showing up in users’ browsers and generating a profit. Read more.
Source: Marco Ramilli
Defending our financial assets is always one of the top priorities in the cybersecurity community but it is one of the most romantic attacks performed by cyber-criminals in order to steal money. Read more.
Prevailion’s Tailored Intelligence team has followed an active supply chain attack that has been ongoing since late 2017, we named this campaign “PHPs Labyrinth.” Read more.