The bygone week in cybersecurity is full of exciting incidents like threat actors hiding from ransomware protection tools. Read on to find the latest updates from the cyber world
Sophisticated Ransomware Attacks On The Way
The strategies threat actors employee is getting sophisticated with time and a panel of IT experts emphasized this at the 2021 Incident Response Forum Masterclass. They said that apart from double extortion technique, and cartel formation, adversaries employ other technical strategies to pressurize victims. These include Active Directory compromises (as in the SolarWinds attack) where attackers stay within a compromised system or a long time looking for all connected systems that they can hack.
The adversaries often encrypt the whole virtual machine environment to delay the forensic analysis. Their copying methods have improved; they now use open-source tools, like Rclone, instead of traditional tools like Megaupload or FileZilla to quicken the process and leave behind a minimal footprint. Since the attacking techniques aren’t getting any simpler, it’s time for us to strengthen our ransomware protection strategies!
The attackers are leveraging on the proof-of-concept code of two bugs in the Chromium browser engine. WeChat Windows uses this code to open links without a separate browser, and the adversaries connivingly used the post on Twitter and GitHub to their benefit. They were able to run malicious code in all Chromium-based browsers using this proof-of-concept code. However, the exploit code couldn’t infect many browsers because most of them had enabled the sandbox security feature to act as a cybersecurity measure and prevent malicious code from infecting the operating system. Experts have warned that the proof-of-concept code continues to be a threat for all Chromium projects without sandbox protection. The good thing is that the WeChat developer (Tencent) has been updated about the security flaws, and it has updated the new Chromium patches.
Why Isn’t Turning You Whatsapp Pink A Good Idea?
Any new WhatsApp update is usually fun and exciting, but this message circulated on Whatsapp downloads an auto-reply worm instead of the promised ‘WhatsApp Pink.’
Distributed over a Whatsapp forward, the link to WhatsApp Pink leads users to a page that downloads the WhatsApp Pink APK. WhatsApp Pink is a variant of a fake Huawei app discovered earlier this year. This WhatsApp auto-reply worm replies to messages received on all instant messaging apps such as Telegram, Signal, Skype, and Viber. Cybersecurity tools may not detect the WhatsApp Pink app on a device because it disappears after being downloaded and works in the background. The worst part is that even WhatsApp’s end-to-end encryption cannot stop auto-replies by the WhatsApp Pink APK because it is one of the ‘end’ devices that the adversaries compromise in such attacks!
Therefore, the safest thing would be not downloading the WhatsApp Pink app, and in case you have already downloaded it, you should go to your settings, restrict all permissions to the app and delete it. Consider scanning your device with an antivirus solution for security!
Applejeus Makes A Comeback
The North-Korean state-sponsored threat actor Lazarus group is infamous for its malicious attacks. It hits the cybersecurity headlines again this week for reviving the AppleJeus malware it used in February this year to target Mac devices. The Lazarus or Hidden Cobra group now uses AppleJeus to attack cryptocurrency exchanges, financial services, and others. They are propagating the malware through malicious crypto trading apps.
Keeping in mind the relentless attacks launched by the Lazarus group in the past, the FBI and CISA have released a joint advisory that provides organizations with proactive email protection measures. They recommend enterprises adopt cybersecurity measures beforehand to mitigate risks associated with AppleJeus.
BRATA Apps Circulating As App Security Scanners On Google Play Store
News of malicious apps being available on the Google Play Store has startled us time and again. But this time, some malicious apps are impersonating app security scanners, making it very difficult for unsuspecting users even to guess the prospects of the app being fake! These so-called app security scanners are new strains of the Brazilian Remote Access Tool Android (BRATA) malware family. The BRATA apps have been downloaded over 1000 times in the U.S, Brazil, and Spain and spread a backdoor that steals confidential info.
In addition to BRATA, DefenseScreen (another corrupt app) was downloaded over 10,000 times before Play Store brought it down. Since these malicious apps can easily pass for genuine ones, it is wise to take cybersecurity measures from our end and remember that Play Store auto-updates them, and we do not need to grant permission to third parties for the same.
Telegram And Google Forms Are The New Attack Tools
When we think the cyber adversaries have exhausted their stock of ideas on stealing user data, they come up with new online scams. This latest one uses Telegram and Google Forms to curate data stolen from phishing attacks. They combine this accumulation of stolen data with automated phishing platforms that are readily available on the dark web as Telegram bots.
Such cybercrime-as-a-model attacks are increasing rapidly. Phishing kits targeted over 260 brands in 2020. Cybersecurity tools often miss these attacks because of the automated attacks and instant replacements for blocked websites that characterize phishing kits.