Weekly Cybersecurity Roundup #6
"Being able to break security doesn't make you a hacker anymore than being able to hotwire cars makes you an automotive engineer." - Eric Raymond
Hackers say they stole millions of credit cards from Banco BCR
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data.
This attack was allegedly conducted by the operators of the Maze Ransomware, who have been behind numerous cyberattacks against high-profile victims such as IT services giant Cognizant, cyber insurer Chubb, and drug testing facility Hammersmith Medicines Research LTD.
On their data leak site, the hackers claim to have gained access to Banco BCR's network in August 2019, but did not proceed with encrypting the devices as "the possible damage was too high."
Maze claims that the bank never secured their network and once again gained access to the bank's network in February 2020.
How gamification can transform cybersecurity training
The global coronavirus health crisis has seen many adopt a more rigorous hygiene routine in their lives. Unfortunately, cyber hygiene practices inside businesses of all sizes still desperately need improving. Everything from secure passwords to security patches on systems have room for improvement in a world where remote workers are now using their own devices.
The Wall Street Journal reported that the Coronavirus cybersecurity fallout might not be felt for months. Many believe that we need a new approach to data security and embed a more proactive mindset. But there is also an argument that the road ahead is much more complicated than that.
A survey by Webroot revealed that although 80% of employees claim they know how to discern between a phishing email and a legitimate message. But 49% admitted they had clicked on a link from an unknown sender at work. These results highlight how no one sets out to be reactive and how they often believe they are actually taking a proactive stance.
Now that human error represents the biggest cybersecurity risk in organizations, maybe it’s time to admit that employees deserve more than an animated video and newsletter every few months.
Google Confirm Two New High-Severity Vulnerabilities in Chrome 81
The new Chrome 81 version released on April 7th by Google for Windows, Mac, and Linux primarily focused on security owing to the vulnerability users are subjected to due to the coronavirus pandemic. The launch of the update was delayed for similar reasons. It brought along new features, bug fixes, and over 30 security flaw patches from Google's security researchers and some experts from outside.
The new Chrome 81 version is being promoted to the Stable channel, meanwhile, Chrome 83 and Chrome 84 will be promoted to the Beta version and the Canary version respectively. As per sources, Chrome 82 will be disregarded because of the COVID-19 charged atmosphere, and all progress from the version will be channelized into the subsequent version, Chrome 83.
How Cybercriminals are Weathering COVID-19
In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it’s not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals. Here’s a look at how they’re adjusting to these new realities.
Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore.
Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks.
According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors.
Only 41% of Cybersecurity Teams Can Securely Work Remotely
New research by ISACA has found that only 59 percent of cybersecurity teams are equipped to perform their jobs effectively while working from home.
The finding emerged from the recent COVID-19 Study in which more than 3,700 IT audit, governance, and cybersecurity professionals from 123 countries were questioned about the impact of the global health crisis on their organizations and their own jobs.
Only 51 percent of technology professionals and leaders surveyed said they were "highly confident" that their cybersecurity teams were ready to detect and respond to the surge in cybersecurity attacks that has accompanied the spread of the novel coronavirus.
Just 41 percent said that their cybersecurity teams had the necessary tools and resources at home to perform their jobs effectively.
WebMonitor RAT Bundled with Zoom Installer
The coronavirus pandemic has highlighted the usefulness of communication apps for work-from-home (WFH) setups. However, like they always do, cybercriminals are expected to exploit popular trends and user behavior. We have witnessed threats against several messaging apps including Zoom.
In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT (detected by Trend Micro as Backdoor.Win32.REVCODE.THDBABO).
Note that although the installers are legitimate, the ones bundled with malware do not come from official sources of the Zoom app like Zoom’s own download center or legitimate app stores such as the Apple App Store and Google Play Store. They instead come from malicious sources. We also note that the Zoom app has been updated to version 5.0.
Plenty of malware variants pose as legitimate applications to conceal their malicious intent. Zoom is not the only app used for this type of threat, as many other apps have been used for this attack as well. For this particular instance, cybercriminals may have repackaged the legitimate installers with WebMonitor RAT and released these repackaged installers in malicious sites.
Upgraded Cerberus Spyware Spreads Rapidly via MDM
A newly discovered variant of the Cerberus Android trojan has been spotted, with vastly expanded and more sophisticated info-harvesting capabilities, and the ability to run TeamViewer.
It was spotted by researchers being used in a targeted campaign on a multinational conglomerate. Unusually, the sample propagated through the employee pool via the infected company’s mobile device management (MDM) server.
Cerberus first emerged last August on underground forums, offered in a malware-as-a-service (MaaS) rental model. At the time it was presented as a standard banking trojan that set itself apart mainly in the way it determines whether it’s running in a sandbox environment: It uses the device’s accelerometer sensor to implement a step-counter. It activates the malware’s functions once it hits a preconfigured threshold.
Hackers breach LineageOS servers via unpatched vulnerability
Hackers have gained access to the core infrastructure of LineageOS, a mobile operating system based on Android, used for smartphones, tablets, and set-top boxes.
The intrusion took place last night, on Saturday, at around 8 pm (US Pacific coast), and was detected before the attackers could do any harm, the LineageOS team said in a statement published less than three hours after the incident.
The LineageOS team said the operating system's source code was unaffected, and so were any operating system builds, which had been already paused since April 30, because of an unrelated issue.