Category: Cyber Threat

Fewer Affected in Marriott Hack, but Passports a Red Flag

Fewer Marriott guest records that previously feared were compromised in the massive data breach, but the largest hotel chain in the world confirmed that approximately 5.25 million unencrypted passport numbers were accessed. The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies.

The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA. The hackers also accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data.

Read more about the Marriott data breach investigation on SecurityWeek.

New Android malware hit more than 100,000 users in 196 countries

Researchers have spotted a new Android malware hidden behind six different Android applications that were available for download in Google Play. The six apps include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six apps, five have been removed from Google Play since February 2018.

However, these applications have been downloaded at least 100,000 times by users across 196 countries with the majority of victims residing in India.

Read more about the massive Android malware campaign on Cyware.

New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit

A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%). The new version either updates existing NRSMiner infections, or spreads to new systems using the EternalBlue exploit.

EternalBlue is one of the NSA exploits stolen by the Shadow Brokers and leaked to the public. It was patched by Microsoft in March 2017, leaked by Shadow Brokers in April 2017, and used by WannaCry in May 2017. That EternalBlue is still being used to spread malware nearly two years after it was patched by Microsoft points to a massive failure in patching.

Read more about the new NRSMiner attacks on SecurityWeek.

Emotet Malware Gets More Aggressive

Emotet, a nasty botnet and popular malware family, has proven increasingly dangerous over the past year as its operators adopt new tactics. Now armed with the ability to drop additional payloads and arriving via business email compromise (BEC), it’s become a major threat to organizations.

Security watchers are wary of Emotet, which was among the first botnets to spread banking Trojans laterally within target organizations, making removal difficult. After ramping up in early 2018, Emotet increased again during the holiday season. Through the start of 2019, the malware continued to spread.

Read more about the rise and rise of the Emotet botnet on DarkReading.

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

Data Resolution LLC provides software hosting, business continuity systems, cloud computing and data center services to some 30,000 businesses worldwide. The company has not yet responded to requests for comment.

Read more about the ransomware attack on KrebsOnSecurity.

Don’t Get Caught in a SMiShing Scam

The word ‘SMiShing’ may sound like gibberish — we think it’s a weird one — but some of the world’s largest enterprises are losing millions of dollars to these scams every year. Similar to phishing, the fraudulent act of sending imitation emails claiming to be a corporation in order to obtain personal information from customers, SMiShing uses SMS (short message service) to achieve the same outcome.

Scammers are taking to SMS to prey on people’s trust, panic or sense of urgency. These messages are disguised as a warning from your bank about an unauthorized charge or an alert about an unidentified user accessing one of your accounts. The goal? To lure you into providing account information  by tapping on a link and entering your information into a look-alike website.

Read more about SMiShing scams and learn how to avoid them on Tripwire.

Attacks Against Critical Infrastructure Poise to Reshape Cyber Landscape

Over the last couple of years, we have seen a marked shift in cyber-attacks. Traditionally, hackers have focused on theft; stealing data is easily monetizable, which meant that headline attacks tended to involve the breach of personal information or intellectual property. But now a new kind of threat is on the rise.  Attacks now involve sabotaging and disrupting the technology systems that support manufacturing, energy generation, and transportation.

Hackers have increasingly focused their attention to breaking into industrial environments. Against the ongoing backdrop of cyber conflict between nation states and escalating warnings from the Department of Homeland Security, critical infrastructure is becoming a central target for threat actors.

Read more about critical infrastructure attacks on SecurityWeek.

EU Looks to Reduce Exposure to Chinese 5G Risk: Report

The European Union is hoping to lead a more coordinated response to security concerns over Chinese 5G equipment makers, it has emerged. Brussels wants to ensure it doesn’t end up with a situation where member states have unwittingly allowed Chinese kit to dominate across the region, according to the FT.

One unnamed diplomat told the paper that although 5G auctions can raise billions for governments, the EU is “urging everyone to avoid making any hasty moves they might regret later.” The US, Australia, New Zealand, Taiwan and Japan have all banned Huawei products on security fears to a lesser or greater extent, despite the firm repeatedly protesting its innocence.

Read more about this story on Infosecurity Magazine.

Dark Overlord rings in New Year with threat to release 9/11-related docs pilfered from law firm

Saying it was “welcoming 2019 with open arms and a big announcement,” the Dark Overlord hacker group Monday threatened via a Pastebin post to release files it said were nicked from a law firm – believed to have advised insurer Hiscox Syndicares Ltd. – that handled September 11-related cases.

Information pilfered includes “emails, retainer agreements, non-disclosure agreements, settlements, litigation strategies, liability analysis, defence formations, collection of expert witness testimonies, testimonies, communications with government officials in countries all over the world, voice mails, dealings with the FBI, USDOJ, DOD, and more, confidential communications, and so much more,” the group wrote.

Read more about this story on SC Magazine.

Cyberwar predictions for 2019: The stakes have been raised

Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure.

It’s therefore no surprise to find nation-state cyber activity high on the agendas of governments. In 2019, nation-state cyber activity is expected to increase to unprecedented levels.

Read more about the predictions for nation-state cyber activity in 2019 on ZDNet.