Weekly Cybersecurity Roundup #12

One of the best ways to achieve justice is to expose injustice.” – Julian Assange


A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch. 

This article examines three recent zero-day attacks, which targeted Microsoft, Internet Explorer, and Sophos. Finally, you will learn about four zero-day protection and prevention solutions—NGAV, EDR, IPsec, and network access controls. 

MalwareBytes

Evil Corp blocked from deploying ransomware on US companies

The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies.

“The vast majority of targets are major corporations, including many household names,” Symantec said. Aside from a number of large private companies, there were 11 listed companies, eight of which are Fortune 500 companies.”

The group was involved in the past in the distribution of the Dridex malware toolkit later used to also deliver other threat actors’ malware payloads, as well as of Locky ransomware and their own ransomware known as BitPaymer until 2019.

Evil Corp refreshed their tactics after two of their members were indicted by the US Department of Justice in December 2019 and are now again in the ransomware business deploying WastedLocker in corporate networks and asking for ransoms of millions of dollars.

BleepingComputer

Biggest-ever packets-per-second DDoS attack hits large European bank

Akamai said that the attack on a bank earlier this week was the largest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. The attack generated 809 million packets per second (Mpps). The targeted bank has not been revealed.

In a report, Akamai claimed this was a new industry record for pps focused attacks, and well over double the size of a previous attack it had mitigated.

What made attack unique, according to Akamai, was the massive increase in the amount of source IP addresses observed.

SC Magazine

Police arrested 32 people while investigating underground economy forum

According to prosecutors in Frankfurt and Bamberg, the German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of the “crimenetwork.co” illegal underground economy forum.

The operation involved 1,400 agents that raided sites in 15 of 16 states in Germany and in Austria and Poland.

As a result of the raids on 232 sites, the agents have found weapons, drugs, computers, around 50,000 euros ($56,300) in cash, cryptocurrency, the police also seized 300 terabytes of data.

The crimenetwork.co underground forum was an aggregation place for crooks and hackers trading illegal goods and services.

Security Affairs

Ding-dong! Your Smart Home Device Has Been Hacked

Smart home devices like Alexa, the Ring doorbell, and Google Nest allow users to check the weather, monitor home deliveries, stream music, and a lot of other things. They are convenient, and for that reason, they’ve grown incredibly popular.  

These devices, however, have given hackers a cheap and easy way to invade privacy, spy on private moments, and bully families.

In most cases, threat actors are breaking into these systems for fun. They troll innocent victims from afar to entertain themselves. 

The trolling and bullying that dominate home tech hacks obscure more serious security risks attached to these devices. The ease with which hackers gain access to home tech devices poses serious implications for corporate and organizational cybersecurity as millions of workers have started working from home amid the coronavirus pandemic. 

SixGILL

WikiLeaks’ Julian Assange Accused Of Conspiring With LulzSec & Anonymous Hackers

The U.S. Department of Justice (DOJ) on Wednesday filed a superseding indictment charging Wikileaks founder, Julian P. Assange, for collaborating with the infamous with the “Anonymous” and “LulzSec” groups. 

“The new indictment does not add additional counts to the prior 18-count superseding indictment returned against Assange in May 2019,” the DOJ said in a press release. However, it does broaden the scope of the conspiracy surrounding alleged computer intrusions with which Assange was previously charged.

TechWorm

Docker servers infected with DDoS malware in extremely rare attacks

Up until recently, Docker servers misconfigured and left exposed online have been historically targeted with cryptocurrency-mining malware, which has helped criminal groups generate huge profits by hijacking someone else’s cloud resources.

However, in a report published this week, security researchers from Trend Micro have discovered what appears to be the first organized and persistent series of attacks against Docker servers that infect misconfigured clusters with DDoS malware.

ZDNet

Related posts

  1. Weekly Tech Roundup #8
  2. “Psychic Paper”: an amazingly simple iOS sandbox escape exploit
  3. New iOS zero-days allows unassisted attacks via Mail.app
  4. My Weekly RoundUp #132
  5. My Weekly RoundUp #128