This Week in Security News - April 30, 2021
Hacktivism’s reemergence explained and Hello ransomware uses updated China Chopper web shell
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about the reemergence of hacktivism. Also, learn about the technical features of a new Hello Ransomware attack.
Read on:
Hacktivism’s Reemergence Explained: Data Drops and Defacements for Social Justice
In the past few months, the volume of data made public by hacktivists skyrocketed. Many tend to be politically motivated, but a few also expose ways in which technology can be used against people. In this article, I explain how the future of hacktivism could mean more defacements and data drops, perhaps attacks against critical business assets, to shut down a business’s day-to-day operations and a possible shift to a profit model versus a cause model.
Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability
In January, a new ransomware family dubbed as the Hello ransomware (aka WickrMe) was discovered, using .hello as its extension in one case that possibly arrived via a SharePoint server vulnerability. This blog explains the technical features of a recent Hello ransomware attack, including its exploitation of CVE-2019-0604 and the use of a modified version of the China Chopper web shell.
Trend Micro announced a major refresh of its partner program that provides more cloud service resources and rewards partners with additional discounts for enabling organizations to better secure public cloud computing environments. The objective of the revamped program is to make it more profitable for partners that work with customers to deploy Trend Micro cloud security services via authorized distributors and the AWS Marketplace or the AWS Consulting Partner Private Offer program.
Water Pamola Attacked Online Shops Via Malicious Orders
A threat campaign dubbed “Water Pamola” initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emails with malicious attachments. Recent telemetry data indicates that the attacks are not being launched via spam anymore. Instead, malicious scripts are being executed when the administrators look at customer orders in their online shop’s administration panel.
The FBI has handed over 4.3 million email addresses that were harvested by the Emotet botnet to the Have I Been Pwned service to make it easier to alert those affected. Emotet was responsible for distributing ransomware, banking trojans and other threats through phishing and malware-laden spam and was taken down by law enforcement in the US, Canada and Europe, disrupting what Europol said was the world's most dangerous botnet that had been plaguing the internet since 2014.
Locked, Loaded, and in the Wrong Hands: Legitimate Tools Weaponized for Ransomware in 2021
Security researchers predict that ransomware in 2021 will become an even more sinister threat as it becomes more targeted and new families emerge with cybercriminals continuing to abuse legitimate tools to facilitate ransomware attacks. On their own, these tools are not inherently malicious, but cybercriminals have found a way to exploit them as typical components of ransomware campaigns.
Breach at Click Studios-Owned Password Manager Left Clients Exposed for More Than 24 Hours
For more than 24 hours, hackers had unfettered access to Click Studios, the Australian firm that owns the Passwordstate password manager that has 370,000 IT security professionals and 29,000 organizations across sectors such as banking, manufacturing, defense and aerospace as customers. The malicious code found in the Passwordstate software offered the unidentified attackers a potential foothold onto any customer network that downloaded the update during that time.
Deepfakes Are Getting Closer to Reality
The first malicious uses of video deepfakes have been observed, making one of Trend Micro’s long-standing predictions a looming reality. This blog explains what deepfakes are and what security teams need to prepare for in the rise of malicious use of AI.
The Encryption Elephant in the Room: Getting to Secure Encrypted Traffic
In this article, Steve Quane, chief product officer at Trend Micro, discusses why encryption is great for securing traffic when you know with 100% confidence that the traffic is what it should be. However, that isn’t something that can always be guaranteed. The encryption elephant in the room is that no one can inspect that network traffic to ensure nothing malicious gets through. Businesses need a security solution that can view more about the data without cracking the encryption.
Steganography is the practice of hiding information inside something normal-looking. Cybercriminals use steganography to hide stolen data or malicious code in images, audio files and other media. Effective steganography often goes undetected and is hard to avoid. In this article, I share information on different types of steganography and how to prevent falling for it at work.
What are your thoughts on hacktivism’s reemergence? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.