Adrozek malware can infect over 30K Windows PCs a day
This new credential-stealing malware injects ads into search engine results pages often on top of legitimate ads from search engines in order to hijack Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox. The malware uses malicious scripts downloaded from servers controlled by its operators to inject these ads after altering the hijacked web browser’s settings and components. The Microsoft 365 Defender Research Team said, “End users who find this threat on their devices are advised to re-install their browsers,”
(ZDNet)
Subway UK finds TrickBot on its menu
The UK division of sandwich maker Subway has disclosed that a hacked system used for marketing campaigns is responsible for malware-laden phishing emails sent on Friday. Customers in the UK started receiving personalized emails from ‘Subcard’ about a Subway order that had been placed. The emails contained links to documents supposedly confirming their order, but that would actually install the latest version of the TrickBot malware. As these emails contained customers’ names and email addresses that some users had created specifically for Subway, it raised suspicion that Subway may have been breached. Representatives from Subway UK say they are looking into the problem and advise that customers delete the email.
Ransomware in schools grew in 2020, more on the way in 2021
In a joint security alert published on Thursday, CISA and the FBI warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services. “In August and September, 57% of ransomware incidents reported involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July,” they said, a number that is expected to grow in 2021.
(ZDNet)
Foxconn hit with record-breaking $34 million ransom demand after cyber attack
The Juárez, Mexico, facility of the world’s largest electronics manufacturer has suffered a ransomware attack over the US Thanksgiving holiday period by hackers who stole data from the company’s servers before encrypting systems. The DoppelPaymer gang has claimed responsibility for the ransomware attack, and has begun to publish stolen data on a website it created earlier this year to coerce companies into paying huge ransom demands. Foxconn, like other victims before it, will have been told by the criminals that it risks facing difficult questions by partners, customers, and the press if sensitive data is shared online.
Thanks to our episode sponsor, ReversingLabs
Covid whistleblower was raided over a publicly available password
A development in the story of data scientist Rebekah Jones who had her home raided by Tallahassee police last Monday, on the suspicion of unauthorized access of a state emergency-responder system. It turns out that not only do all state employees with access to that system share a single username and password, but also those credentials are publicly available on the Internet for anyone to read. Jones repeatedly denied she had anything to do with the message, which urged members of Florida’s emergency-response team to “speak up before another 17,000 people are dead.” The Florida Department of Health has declined to answer media questions about its security practices.
Ledger crypto wallets stolen in fake breach announcement
Users of the Ledger crypto-wallet have been targeted by a phishing scam that alerted them to a purported data breach based on a real breach that occurred earlier this year and urged them to keep their assets safe users by installing the latest version of Ledger Live and secure the assets with a new pin. The real breach hit Ledger in July 2020, giving the threat actors access to customers’ contact details. In October 2020, Ledger users began to receive phishing emails about the data breach that was supposedly from Ledger, at which point they were urged to update their Ledger Live application, but who were directed to a malware app that retrieved and stole their recovery phrases.
Rogue ex-Cisco employee who crippled WebEx conferences goes to prison
As a follow-up to a story we reported on August 31, the former Cisco employee Sudhish Kasaba Ramesh who logged back into Cisco five months after leaving the company and deleted virtual machines on Webex, has been sentenced to 24 months in prison. His activities resulted in 16,000 WebEx Teams accounts becoming unusable for two weeks in some cases, and costing Cisco $2.4m in refunds and repair work. Along with the sentence, Ramesh must also pay a $15,000 fine.
Israel shaken by data leak after ransomware attack at Shirbit insurance company
A hacking gang calling itself Black Shadow has demanded a US $3.8 million ransom after encrypting and stealing sensitive data and documents about its clients. Shirbit’s customers have been advised to consider obtaining new identity cards and driving licenses due to the risk of identity theft after the hackers released a third wave of stolen data this past weekend. Leaked data has included scans of identity cards, marriage certificates, and financial and medical documents. Initially, the attackers requested a 50 bitcoin (approximately $950,000) ransom be paid, but this increased to 100 bitcoin after Friday 9am, and then to 200 bitcoin by Saturday morning.