IT Security Newsletter - 10/16/2019
North Korea is using front companies to steal cryptocurrency
North Korean government-backed hackers are targeting cryptocurrency exchanges to try to steal financial resources as Pyongyang searches for ways to fund its regime, two researchers discovered within the past week. Lazarus Group, also known as APT38, has carried out hacks against central banks and exploited monetary exchanges as part of an effort to boost Kim Jong-un’s financial and military goals. The United Nations revealed in August North Korea had gained approximately $2 billion from hacking banks and cryptocurrency companies.
Chinese Hackers Use New Cryptojacking Tactics to Evade Detection
Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection. Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories.
Domain Typosquatters Target the 2020 Presidential Election
With a large playing field of candidates for the upcoming 2020 United States presidential election, political campaigns and scammers are capitalizing on searchers mistypeing a candidate's name in order to bring them to sites they weren't expecting. Popular sites or keywords are commonly targeted by domain typosquatters who purposely register misspelled domain names in order to funnel visitors to their own products, scams, or malware.
Streaming devices track viewing habits, study finds
Steadily, we are adopting more and more technology into our households. Our homes are becoming more interconnected, with IoT (Internet of Things) devices becoming regular parts of our lives. One of the devices that is the centerpiece of most households is the television set – and with it often come internet-connected streaming services. So, what is the trade-in for having the convenience of a vast library of content at your fingertips?
On-Board ‘Mystery Boxes’ Threaten Global Shipping Vessels
Commercial shipping environments are rife with vulnerabilities, according to researchers – up to and including unpatched “mystery boxes” that no one knows anything about. “In every single [nautical pen] test to date we have unearthed a system or device, that of the few crew that were aware, no one could tell us what it is was for,” said Andrew Tierney, researcher with Pen Test Partners, writing in a blog on Monday. “In other scenarios an undocumented system or device would be considered a malicious implant. In maritime cyber security it’s business as usual.”
Cryptojacking worm infects exposed Docker deployments
Attackers are exploiting Docker Engine deployments that are exposed to the internet without authentication to deploy and run cryptojacking malware on servers. A new cryptojacking botnet with self-spreading capabilities has infected over 2,000 such Docker deployments so far. There have been incidents of cryptojacking malware spreading as a worm, but this is the first time we see a cryptojacking worm spread using containers in the Docker Engine.
Adobe splats bucketful of bugs in Acrobat and Reader
If you thought that Adobe skipped this month’s Patch Tuesday because there were no immediate vulnerabilities to fix, you were wrong: a week later the company dropped security updates for several of its products, including Acrobat and Reader and the Download Manager. All in all, 82 security holes – most of which are critical – have been plugged. The good news is that none are under active exploitation.