IT Security Newsletter - 9/24/2019
More U.S. Utility Firms Targeted in Evolving LookBack Spearphishing Campaign
A spearphishing campaign, first spotted in July targeting three U.S. utility companies with a new malware variant, has evolved its tactics and extended its targeting to include nearly 20 companies. The campaign was first discovered in phishing emails, sent between July 19 and 25, which targeted utility companies with malicious attachments attempting to spread the new malware variant LookBack. The malware has capabilities to view system data and reboot machines.
Busy North Korean hackers have new malware to target ATMs
Hackers widely believed to work for North Korea’s hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday. One piece of malware, dubbed ATMDtrack by researchers with the Moscow-based security firm, has been targeting Indian ATMs since last summer.
World of Warcraft’s suspected DDoS attacker has been arrested
Blizzard, the developers of World of Warcraft Classic, has revealed that a person suspected of orchestrating a disruptive Distributed Denial of Service (DDoS) attack against the games’ servers has been arrested. In a Blizzard forum post, community manager Kaivax told players that the suspected perpetrator had been identified and arrested.
Microsoft delivers emergency security update for antiquated IE
Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers. The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google's Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic "zero-day," a vulnerability actively in use before a patch is in place.
Emotet Tries to Infect You By Claiming It's Snowden's Book
Emotet has started a new spam campaign that pretends to be a scanned copy of Edward Snowden's new book. Unsuspecting users who open the attachment and enable its content will find that they have become infected with Emotet, most likely Trickbot, and possibly other malware. After approximately four months of inactivity, Emotet woke up again on September 16th and since then has been spewing forth a legion of spam.
No summer vacations for Zebrocy
While summer is usually synonymous with vacations, it seems that the Sednit group has been developing new components to add to the Zebrocy malware family. The Sednit group – also known as APT28, Fancy Bear, Sofacy or STRONTIUM – has been operating since at least 2004 and has made headlines frequently in recent years. On August 20th, 2019, a new campaign was launched by the group targeting their usual victims – embassies of, and Ministries of Foreign Affairs in, Eastern European and Central Asian countries.