Novel device registration trick enhances multi-stage phishing attacks
Microsoft has shared details of a large-scale phishing campaign that leverages stolen credentials to register devices on a target’s network to extend the attack to other enterprises. The attack exploits the concept of bring-your-own-device (BYOD) by registering a device using freshly stolen credentials, the second stage of the campaign observed by Microsoft was successful against victims that did not implement multi factor authentication (MFA). In this scenario, threat actors were able to register their own rogue devices into the victim’s network. Microsoft provides recommendations to defend against multi-staged phishing campaigns, such as enabling MFA, adopting good credential hygiene, and implementing network segmentation.
US bans major Chinese telecom over national security risks
The Federal Communications Commission (FCC) has revoked China Unicom Americas’ license, one of the world’s largest mobile service providers, over “serious national security concerns.” This effectively bans the telecom company from providing domestic and international telecommunication services within the United States. “The Order finds that China Unicom Americas, a US subsidiary of a Chinese state-owned enterprise, is subject to exploitation, influence, and control by the Chinese government and is highly likely to be forced to comply with Chinese government requests without sufficient legal procedures subject to independent judicial oversight,” the FCC said.
Over 20,000 data center management systems exposed to hackers
Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks. Years of pursuing operational efficiency have introduced “lights-out” data centers, which are fully automated facilities managed remotely and generally operating without staff. In most cases, the applications, used default passwords or were severely outdated, allowing threat actors to compromise them or override security layers fairly easily. Exposing these systems without adequate protection means that anyone could change temperature and humidity thresholds, configure voltage parameters to dangerous levels, deactivate cooling units, turn consoles off, put UPS devices to sleep, create false alarms, or change backup time intervals.
New Android malware factory resets your phone after stealing your money
Research published earlier this week describes an Android banking malware that has the ability to factory reset your device after stealing your money. The malware in question is called BRATA, short for “Brazilian Remote Access Tool Android,” and originally appeared in Brazil several years ago.It has since spread to many other parts of the globe. Researchers with security firm Cleafy wrote this week that the newest version of the malware, first spotted in December, has a number of additional features that give criminals an even better advantage over their victims than previous iterations. BRATA developers are known to use fake, trojanized apps to infiltrate victims’ phones. Such apps can be trafficked onto Google Play or other legitimate sites, where they then ensnare unsuspecting users.
(Gizmodo)
Thanks to our episode sponsor, Pentera
North Korean hackers using Windows update service to infect PCs with malware
The notorious Lazarus Group has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload. Detected by Malwarebytes on January 18, it originates from weaponized documents made to look like they’re from Lockheed Martin. Opening the emailed Microsoft Word attachment executes a malicious macro that, in turn, executes a Base64-decoded shellcode to inject a number of malware components into the “explorer.exe” process. The next phase, “drops_lnk.dll,” leverages the Windows Update Client to run a command that loads a second module called “wuaueng.dll”under cover of a legitimate update.
Surge in malicious QR codes sparks FBI alert
The FBI is warning people to remain vigilant when using QR codes, whose popularity has increased over the past 2 years as a contactless way to do things in person, such as select from restaurant menus or and do banking. The warning identifies typical threats one would expect such as the QR code sending a person to a spoofed site, and allowing malware to be downloaded. They warn that QR codes can be easily manipulated, including by simply placing a sticker of a different code over the original. 87 percent of respondents in a recent poll from Ivanti said they felt secure carrying out financial transactions using QR codes.
HP wins multibillion-dollar fraud case over Autonomy sale
Cambridge-based Autonomy was sold to the US tech giant for $11bn in 2011. HP sued its founder and former chief financial officer, claiming they “artificially inflated Autonomy’s reported revenues, revenue growth and gross margins.” Mr Justice Hildyard said HP had “substantially won” its case. This is believed to be the UK’s biggest civil fraud trial, which was heard over nine months in 2019. U.K. interior minister Priti Patel has ruled that Lynch can be extradited to the US to face criminal charges related to the sale of the company.
China pilots nationwide blockchain development over real-world use cases
The Cyberspace Administration of China (CAC) announced the commencement of an in-house effort to expedite blockchain development and innovation across 15 zones and 164 entities. The key areas of blockchain development include manufacturing, energy, government data sharing and services, law enforcement, taxation, criminal trials, inspection, copyright, civil affairs, human society, education, healthcare, trade finance, risk control management, equity market and cross-border finance. Despite a strong stance against crypto adoption, the Chinese government continues to show interest in related ecosystems including blockchain and nonfungible tokens (NFT).