HomePodcastCyber Security HeadlinesCyber Security Headlines – October 22, 2021

Cyber Security Headlines – October 22, 2021

Cybercrime matures as hackers are forced to work smarter

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hacker groups worldwide. One key finding of their study is that with the level of security on office software, web services, and email platforms getting better, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits. Hacking groups are now optimizing its member structure and providing distinct functional roles to each person, and are buying their tools from the Dark Web rather than creating them themselves.

(Bleeping Computer)

FIN7 tries to trick pentesters into launching ransomware attacks

The group, famous for its ATM hacking malware, as well as for its role in the Colonial Pipelines incident, is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting. It set up a new firm to lure legitimate IT specialists, offering between $800 and $1,200 per month to recruit programmers, Windows system administrators, and reverse engineering specialists, who would have the ability to map compromised corporate systems, perform network reconnaissance, and locate backup servers and files.

(Bleeping Computer)

China VPN exposes data for 1M users

Free VPN service Quickfox, which provides access to Chinese websites from outside the country, has exposed the personally identifiable information of more than a million users, according to researchers at WizCase. “Quickfox had set up access restrictions from its Kibana service but had not set up the same security measures for its Elasticsearch server,” according to the report. “This means that anyone with a browser and an internet connection could access Quickfox logs and extract sensitive information on Quickfox users.” Quickfox users in China, Indonesia, Japan, Kazakhstan and the U.S. were affected, the researchers found, adding that a total of 500 million records and 100GB of data were exposed. The incident has some security practitioners questioning whether VPNs are an outdated technology.


Bug in popular WinRAR software could let attackers hack your computer

A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems. Investigation into WinRAR began after observing a JavaScript error rendered by Trident, a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.

(The Hacker News)

Thanks to our episode sponsor, Tessian and the Human Layer Security Summit

Want to know what we learned from analyzing 2 million malicious emails?
At Tessian’s Human Layer Summit you’ll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn about what we discovered by registering now at tessian.com/summit

Decline in ransomware claims could spark change for cyber insurance

New research indicates that ransomware attack and payment claims are in decline as resiliency takes priority for organizations. Corvus Insurance’s Risk Insights Index, shows that while there was a rise in ransomware claims from Q2 2020 through Q1 2021, they dropped by 50% in Q2 2021, a trend that largely sustained through Q3 2021. The firm surmised that the changes were due to improved focus on preparedness and resiliency by policyholders, with strategies such as effective data backup management allowing for better and more efficient ransomware recovery. The report noted also that a company with 250 or more employees is 216% more likely to sue their tech vendor than a company with 10 or fewer employees.

(CSO Online)

Research finds consumer-grade IoT devices showing up on corporate networks

Increasing numbers of “non-business” Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations’ threat models. The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org’s networks, including smart lightbulbs, heart rate monitors, gym equipment, coffee machines, and even pet feeders.

(The Register)

‘Bulletproof’ hosting operators sentenced for $100 million Zeus malware

A federal judge sentenced two men to multi-year prison terms for their role in providing services to cybercriminals. Chief Judge Denise Page Hood of the U.S. District Court for the Eastern District of Michigan gave an Estonian national and a Lithuanian national 24 and 48 months respectively for pleading guilty to providing “bulletproof hosting,” which involved hosting rented IP addresses, servers, domains, and malware to scammers in a way that provided more anonymity and protection from law enforcement than more legitimate hosting providers would provide. The operation hosted the Zeus malware, which was used to steal more than $100 million from victims. 


Threat actors abusing Discord to spread malware

Researchers have discovered new multi-function malware abusing the core functions of popular group app platform Discord. Check Point explained in a blog post yesterday that it found several malicious GitHub repositories featuring malware based on the Discord API and malicious bots. It included various features, including keylogging, taking screenshots and executing files. Discord bots help users automate tasks on the Discord server. However, they can also be used for malicious ends, such as turning into a simple Remote Access Trojan (RAT). This doesn’t even require the Discord app to be downloaded to a target’s machine. Since communications between attacker, Discord server and victim’s machine are encrypted this makes it much harder to detect.



Most Popular