Novel device registration trick enhances multi-stage phishing attacks
Microsoft is sharing “details of a large-scale phishing campaign that uses stolen credentials to register devices on victims network in order to extend the attack to other enterprises.” This attack campaign combines a creative exploitation of the bring-your-own-device (BYOD) approach by first registering a device using stolen credentials. Thieves then target individuals who did not implement multi factor authentication (MFA). This combination allowed threat actors to register their own devices as part of a victim’s network. Microsoft is offering recommendations to defend against such multi-staged phishing campaigns, such as “enabling MFA, adopting good credential hygiene, and implementing network segmentation.”
US bans major Chinese telecom over national security risks
The Federal Communications Commission (FCC) has revoked the licence of China Unicom Americas, which is one of the world’s largest mobile service providers. The revocation came as a result of “serious national security concerns,” and bans the telecom company from providing domestic and international telecommunication services within the United States. The FCC stated, “the Order finds that China Unicom Americas, a US subsidiary of a Chinese state-owned enterprise, is subject to exploitation, influence, and control by the Chinese government and is highly likely to be forced to comply with Chinese government requests without sufficient legal procedures subject to independent judicial oversight.”
Over 20,000 data center management systems exposed to hackers
Researchers at Cyble “have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks.” Much of this has to do with the economic preference for “lights-out” data centers, which are fully automated facilities managed remotely and generally operating without staff. In many cases with these centers, applications used default passwords or were severely outdated. The danger of making these systems easily accessible to threat actors includes means that “anyone could change temperature and humidity thresholds, configure voltage parameters to dangerous levels, deactivate cooling units, turn consoles off, put UPS devices to sleep, create false alarms, or change backup time intervals.”
New Android malware factory resets your phone after stealing your money
Research from security firm Cleafy published in a report earlier this week illustrates “an Android banking malware that has the ability to factory reset your device after stealing your money.” The malware being used is called BRATA, short for “Brazilian Remote Access Tool Android,” and it originally appeared in Brazil several years ago, before spreading globally. The newest version of the malware, first spotted in December, has a number of additional features and improvements. “that give criminals an even better advantage over their victims than previous iterations. “BRATA developers are known to use fake, trojanized apps to infiltrate victims’ phones. Such apps can be trafficked onto Google Play or other legitimate sites, where they then ensnare unsuspecting users.”
(Gizmodo)
Thanks to our episode sponsor, Pentera
North Korean hackers using Windows update service to infect PCs with malware
North Korea’s Lazarus Group has launched a new campaign that exploits the Windows Update service to deliver malware. Detected by Malwarebytes on January 18, the group has been sending weaponized documents made to look like they’re from Lockheed Martin. Victims who opening the email’s Microsoft Word attachment will execute a macro that, in turn, “executes a Base64-decoded shellcode to inject a number of malware components into the “explorer.exe” process. The next phase, “drops_lnk.dll,” leverages the Windows Update Client to run a command that loads a second module called “wuaueng.dll”under cover of a legitimate update.”
Surge in malicious QR codes sparks FBI alert
The FBI is warning people to remain vigilant when using QR codes, whose popularity has increased over the past 2 years as a contactless way to do things in person, such as select from restaurant menus or and do banking. The warning identifies typical threats one would expect such as the QR code sending a person to a spoofed site, and allowing malware to be downloaded. They warn that QR codes can be easily manipulated, including by simply placing a sticker of a different code over the original. 87 percent of respondents in a recent poll from Ivanti said they felt secure carrying out financial transactions using QR codes.
HP wins multibillion-dollar fraud case over Autonomy sale
After Cambridge-based Autonomy was sold to the US tech giant for $11bn in 2011, HP sued its founder and former chief financial officer, Mike Lynch, claiming the company “artificially inflated Autonomy’s reported revenues, revenue growth and gross margins.” The presiding judge, Mr. Justice Hildyard said HP had “substantially won” its case. This is believed to be the UK’s biggest civil fraud trial, which was heard over nine months in 2019. U.K. interior minister Priti Patel has ruled that Lynch can be extradited to the US to face criminal charges related to the sale of the company.
China pilots nationwide blockchain development over real-world use cases
The Cyberspace Administration of China (CAC) has announced the start of “an in-house effort to expedite blockchain development and innovation across 15 zones and 164 entities.” It will focus on “manufacturing, energy, government data sharing and services, law enforcement, taxation, criminal trials, inspection, copyright, civil affairs, human society, education, healthcare, trade finance, risk control management, equity market and cross-border finance.” Despite a strong public stance against crypto adoption, the Chinese government “continues to show interest in related ecosystems including blockchain and nonfungible tokens (NFT).”