Cybersecurity is assured when the tools used for protection are at par with the latest attack schemes. And yet, no tool is 100% fool-proof, as vulnerabilities continue to emerge out, even for the global pioneer technology organizations, which malicious actors exploit to their advantage to get access to details of millions of users every year. This has made it crucial to keep oneself updated on the latest tricks and techniques used by these threat actors so as to avoid falling victim to their nefarious activities. Below, we have a list of the top cyber attacks from the bygone week to aid your search
Lazarus Uses TFlower Ransomware with the MATA Malware
The North Korean hacking group Lazarus (Hidden Cobra) was recently found using the TFlower ransomware in its MATA malware framework. Lazarus is using the Mata framework since 2019; now, the deployment of TFlower suggests that perhaps Lazarus has ties with the ransomware or was masquerading as TFlower for some of its attacks.
TFlower has launched several data exfiltration or extortion campaigns in the past. On the other hand, the MATA framework comes with an initial loader that uses an .EXE file to load the malware and a second loader that executes and decrypts the payload. Deploying the TFlower payload using MATA sets up a command-and-control channel connecting victim systems to the threat actor servers. The hackers then gain access to the victim’s device and can even screen record.
Such engagement of two dangerous malware, particularly the MATA malware framework, proves that cyberattackers are always trying to evade detection. It’s about time we take email security services seriously.
Unpatched Bug in WiFi Mouse Desktop Software
An unpatched bug in the mobile application WiFi Mouse allows adversaries to hijack computers regulated using the app. While the app itself isn’t flawed, its accompanying server software, which needs to be downloaded on the Windows system, lets hackers gain full access to the PC. The app’s publisher Shimeng Wang (for the company Nectar), hasn’t commented on the security incident yet. It’s unclear whether it’s just the 1.7.8.5 version of WiFi Mouse desktop software that’s affected.
Since the vulnerability is related to poor PIN security and password, it is perhaps a result of an oversight on negligence at the developer’s end. Resultantly, having the WiFi Mouse server desktop software installed on a PC alone is sufficient to give complete remote command execution to the threat actors. The attackers can even impersonate the mobile app and send connection requests to the WiFi Mouse desktop server, readily accepted. WiFi Mouse users must adopt cybersecurity measures while the developers find a fix for the flaw.
3D Secure Can Be Exploited With These Hacker Strategies
The 3D Secure (3DS) protocol works as a cybersecurity tool that requires the owner’s authorization for online purchases. However, cyber adversaries are always on the lookout for ways of breaking through the 3DS.
The dark forum is full of discussions between adversaries on making fake purchases at shops using 3DS for securing customer transactions. Individuals on multiple dark-web platforms share their knowledge on making fraudulent purchases on shops that implemented 3DS to protect customer transactions.
In a typical breach, the hackers get hold of the victims’ card details, such as their name, email ID, phone number, address, etc., and use this to win the victim’s trust when they impersonate a bank employee. The adversaries use the exact details to make purchases later. Their scam also uses a phone number spoofing app and a voice changer.
These 3DS compromising techniques aren’t uncommon, and it is speculated that the adversaries will come up with social engineering schemes to compromise 3DS shortly. Even renowned cybersecurity tools get a tough competition before such well-executed scams!
DoS Vulnerability in Eclipse Jetty
The open-source web server and servlet container – Eclipse Jetty is widely used for products and projects in production and development. CyRC researchers have recently discovered a denial-of-service (DoS) vulnerability in Eclipse Jetty (CVE-2020-27223), making a server take a lot of time to process one request.
Dirk Schrader (global VP at New Net Technologies) calls this Eclipse Jetty vulnerability a digital nightmare because of its use in the embedded devices of industrial control systems which are usually not patchable. Cybersecurity remains at risk with this DoS vulnerability as it lets attackers launch extortion campaigns. Perhaps Jetty should be upgraded, or blockages should be used to avoid large requests.
Beware of Fraudulent Capital Call Notices
Sometimes, investment funds ask investors for their money when the right investment time arrives. They do this by issuing a ‘capital call’ notice which formally requests the investor to send the decided amount. However, Business email compromise (BEC) scammers have come in the way and are now issuing fake capital call notices to investors. Resultantly, the leverages payouts have gone up from an average of $72,000 to $809,000.
In such BEC scams, the adversaries impersonate the investment fund or firm and request the victim’s money. No< a href=”https://www.bleepingcomputer.com/news/security/investors-are-the-next-target-of-large-scale-cyberattacks/” target=”_blank” rel=”noopener noreferrer”>insider knowledge is used in such attacks where fictitious investments are made. In this particular scam, Most of the fake capital call emails come from a Czech Republic-based webmail provider –centrum.cz. Once an unsuspecting investor transfers the amount, adversaries move it to their other accounts and withdraw it immediately. So how can we avoid such fraudulent emails? Perhaps now is the time when email authentication services come into the picture as saviors!
Google Chrome Patches Zero-Day Vulnerability
Google Chrome has updated a patch for yet another zero-day vulnerability, the details of which are curtailed to avoid adversaries from exploiting them. The patch Chrome 89.0.4389.72 applies to Windows, Mac, and Linux and includes 47 security fixes. The most severe flaw was linked to an audio-related object lifecycle issue.
This security bug CVE-2021-21166, along with a second one, was detected by Microsoft’s Alison Huffman of Microsoft Browser Vulnerability Research on 11th February. A similar flaw was also reported on 4th February. It’s fascinating to think that both these bugs are interconnected! Concerned Chrome users must go to their Settings and get the patch at the earliest to avoid cybersecurity mishaps.