IT Security Newsletter - 10/05/2020
New Jersey hospital paid ransomware gang $670K to prevent data leak
University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of the data. After the SunCrypt operators publicly posted an archive of 48,000 documents belonging to UHNJ, a representative of the hospital contacted the threat actors. READ MORE...
US arrests suspected hackers accused of video game piracy
The alleged leaders of an international video game piracy group apparently didn't do enough to protect their scheme from the prying eyes of the feds. The Department of Justice says two men have been arrested on felony charges of helping run Team Xecuter, which sold modification kits and other tools that allowed users of the Nintendo Switch and other gaming devices to play pirated versions of games. The federal indictment charges Canadian national Gary Bowser, French national Max Louarn and Chinese national Yuanning Chen with 11 counts of wire fraud. READ MORE...
Hackers Steal Swiss University Salaries
As yet unidentifed hackers have managed to steal employee salary payments at several Swiss universities, officials said Sunday. "According to our information, several top schools in Switzerland have been affected," Martina Weiss, director general of the rectors group of Switzerland's public universities, told AFP. The hackers used information obtained by phishing -- tricking a person into passing on their personal details -- for their attacks on at least three universities. READ MORE...
A North American merchant's point-of-sale (POS) terminals were infected with a mix of POS malware earlier this year, Visa reports.
A North American merchant's point-of-sale (POS) terminals were infected with a mix of POS malware earlier this year, Visa reports. In May and June 2020, the company analyzed malware variants used in independent attacks on two North American merchants, one of which employed a TinyPOS variant, while the other involved a mix of malware families such as MMon (aka Kaptoxa), PwnPOS, and RtPOS. As part of the first attack, phishing emails were sent to a North American hospitality merchant's employees to compromise user accounts. READ MORE...
The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company.
A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a "mass-media" release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are united toward a common purpose - apropos for a ransomware gang. According to an analysis from Appgate, the code seems to be a spinoff of the Sekhmet ransomware. READ MORE...
DoD, DHS Warn of Attacks Involving SLOTHFULMEDIA Malware
The U.S. Department of Defense's Cyber National Mission Force (CNMF) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) last week published a malware analysis report for what they described as a new malware variant named SLOTHFULMEDIA. SLOTHFULMEDIA is described as a dropper that deploys two files when executed, including a RAT designed to allow hackers to control compromised devices, and a component that removes the dropper. READ MORE...
Researchers use 'fingerprints' to track Windows exploit developers
Researchers can now find the developer of a specific Windows exploit using a new "fingerprinting" technique specifically devised to keep track of exploit developers' activity. More to the point, Check Point security researchers Itay Cohen and Eyal Itkin were able to track 16 Windows Kernel Local Privilege Escalation (LPE) exploits to two different exploit developers known as Volodya (or BuggiCorp) and PlayBit (or luxor2008). 15 of the exploits Check Point successfully matched to a known exploit dev were created between 2015 and 2019, READ MORE...
Emotet malware takes part in the 2020 U.S. elections
Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention's Team Blue initiative. When the Emotet gang sends out spam, their main goal is to convince recipients to open the attached malicious document. This is usually done through email themes that pretend to be shipping documents, invoices, payment receipts, and voicemails. During the holidays or major political events, Emotet is known to send more intricately-themed emails. READ MORE...
Attacks Aimed at Disrupting the Trickbot Botnet
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. On Sept. 22, someone pushed out a new configuration file to Windows computers currently infected with Trickbot. READ MORE...
Russia's Fancy Bear hackers likely penetrated a federal agency
A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified-and appear likely to be part of a notorious team of cyberspies working in the service of Russia's military intelligence agency, the GRU. Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. READ MORE...
XDSpy cyber-espionage group operated discretely for nine years
Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Going largely unnoticed for this long is a rare occurrence these days as malicious campaigns from long-standing adversaries overlap at one point or give sufficient clues for researchers to determine that the same actor is behind them. At the Virus Bulletin 2020 security conference today. READ MORE...
Top sites infiltrated with credit card skimmers and crypto miners
An investigation into the top 10,000 Alexa sites reveals that many of these popular were infected with cryptocurrency miners and credit card skimming scripts. Alexa is an online service that scores websites and ranks them based on their popularity, traffic earned, and various other factors. In a shocking revelation made by Palo Alto Networks, some of these top sites that receive the highest amounts of internet traffic had ongoing malicious activity resulting from crypto miners and credit card stealing skimmers. READ MORE...
HP Device Manager backdoor lets attackers take over Windows systems
HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover. HP Device Manager is used by admins to remotely manage HP thin clients, devices that use resources from a central server for various tasks. When chained together, the security flaws discovered by security researcher Nick Bloor could allow attackers to remotely gain SYSTEM privileges on targeted devices running vulnerable versions of HP Device Manager. READ MORE...
Google Announces Android Partner Vulnerability Initiative
Google on Friday announced the Android Partner Vulnerability Initiative (APVI), an effort aimed at improving patching of security issues specific to Android OEMs. Through the new initiative, the tech giant also expects to improve transparency around vulnerabilities identified by Google's own researchers, but which impact device models coming from the company's Android partners. Google already provides security researchers with various programs through which they can report security issues. READ MORE...
Archaeologists find evidence of neurons in glassy brain of Vesuvius victim
A unique vitrification process "froze" neuronal structures, preserving them intact. Remember when we told you that the extreme heat produced during the eruption of Mt. Vesuvius in 79 AD may have been sufficient to vaporize body fluids and explode skulls-possibly even turning one victim's brain into glass? We now have fresh evidence that this might, indeed, have been the case, according to a new paper in PLOS ONE, reporting the discovery of preserved human neurons in the victim with the "glassified" brain. READ MORE...