Cybercrime matures as hackers are forced to work smarter
This is what researchers at Kaspersky have discovered after analyzing 500 hacking incidents across a wide range of industries, with a particular focus on the prolific Russian cybercrime underground, which serves as a common denominator for hacker groups worldwide. They have found that the level of security on office software, web services, and email platforms has become better, which means hacking groups are now waiting for a PoC or patch to be released, using that information to create their own exploits. They are also optimizing their member structures, providing distinct functional roles to each person, and are buying their tools from the Dark Web rather than creating them themselves.
FIN7 tries to trick pentesters into launching ransomware attacks
The group, famous for its ATM hacking malware, as well as for its role in the Colonial Pipelines incident, is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting. It set up a new firm to lure legitimate IT specialists, offering between $800 and $1,200 per month to recruit programmers, Windows system administrators, and reverse engineering specialists, who would have the ability to map compromised corporate systems, perform network reconnaissance, and locate backup servers and files.
China VPN exposes data for 1M users
According to researchers at WizCase, the free VPN service Quickfox, which provides access to Chinese websites from outside the country, has exposed the personally identifiable information of more than a million users. “Quickfox had set up access restrictions from its Kibana service but had not set up the same security measures for its Elasticsearch server,” according to the report. “This means that anyone with a browser and an internet connection could access Quickfox logs and extract sensitive information on Quickfox users.” Quickfox users in China, Indonesia, Japan, Kazakhstan and the U.S. were affected, the researchers found, adding that a total of 500 million records and 100GB of data were exposed. The incident has some security practitioners questioning whether VPNs are an outdated technology.
Bug in popular WinRAR software could let attackers hack your computer
According to The Hacker News, “a new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems.” Investigation into WinRAR began after observing a JavaScript error rendered by Trident, a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.
Thanks to our episode sponsor, Tessian and the Human Layer Security Summit
At Tessian’s Human Layer Summit you’ll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn about what we discovered by registering now at tessian.com/summit
Decline in ransomware claims could spark change for cyber insurance
Ransomware attack and payment claims appear to be in decline. According to Corvus Insurance’s Risk Insights Index, while there was a rise in ransomware claims from Q2 2020 through Q1 2021, they dropped by 50% in Q2 2021, a trend that largely sustained through Q3 2021. The firm surmised that the changes were due to improved focus on preparedness and resiliency by policyholders, with strategies such as effective data backup management allowing for better and more efficient ransomware recovery. The report noted also that a company with 250 or more employees is 216% more likely to sue their tech vendor than a company with 10 or fewer employees.
Research finds consumer-grade IoT devices showing up on corporate networks
Palo Alto Networks is warning that increasing numbers of non-business-related IoT devices are appearing inside corporate networks. Smart lightbulbs and internet-connected pet feeders, they say, might not be listed in the threat models of most organizations. “The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org’s networks, including smart lightbulbs, heart rate monitors, gym equipment, coffee machines, and even pet feeders.”
‘Bulletproof’ hosting operators sentenced for $100 million Zeus malware
A federal judge has sentenced two men to multi-year prison terms for their role in providing services to cybercriminals. Chief Judge Denise Page Hood of the U.S. District Court for the Eastern District of Michigan gave an Estonian national and a Lithuanian national 24 and 48 months respectively for pleading guilty to providing “bulletproof hosting,” which involved hosting rented IP addresses, servers, domains, and malware to scammers in a way that provided more anonymity and protection from law enforcement than more legitimate hosting providers would provide. The operation hosted the Zeus malware, which was used to steal more than $100 million from victims.
Threat actors abusing Discord to spread malware
Researchers at Check Point have discovered “new multi-function malware abusing the core functions of popular group app platform Discord.” Posting in a blog yesterday. the company says it found “several malicious GitHub repositories featuring malware based on the Discord API and malicious bots. It included various features, including keylogging, taking screenshots and executing files.” Discord bots help users automate tasks on the Discord server. However, they can also be used for malicious ends, such as turning into a simple Remote Access Trojan (RAT). This doesn’t even require the Discord app to be downloaded to a target’s machine. Since communications between attacker, Discord server and victim’s machine are encrypted this makes it much harder to detect.