Cyber Crime
INTERPOL Collaboration Reduces Cryptojacking by 78%
Learn about how Trend Micro’s collaboration with INTERPOL’s Global Complex for Innovation helped reduce cryptojacking by 78% in Southeast Asia. Also, three malicious apps in the Google Play Store may be linked to the SideWinder threat group.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro’s collaboration with INTERPOL’s Global Complex for Innovation helped reduce cryptojacking by 78% in Southeast Asia. Also, read about three malicious apps in the Google Play Store that may be linked to the SideWinder threat group.
Read on:
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
Trend Micro found three malicious apps in the Google Play Store that work together to compromise a device and collect user information. The three malicious apps -- disguised as photography and file manager tools -- are likely to be connected to SideWinder, a known threat group that has reportedly targeted military entities’ Windows machines.
Operation Goldfish Alpha Reduces Cryptojacking Across Southeast Asia by 78%
Interpol announced the results of Operation Goldfish Alpha, a six-month effort to secure hacked routers across the Southeast Asia region. The international law enforcement agency said its efforts resulted in a drop of cryptojacking operations across Southeast Asia by 78%, compared to levels recorded in June 2019. Private sector partners included the Cyber Defense Institute and Trend Micro.
Celebrating Decades of Success with Microsoft at the Security 20/20 Awards
Trend Micro, having worked closely with Microsoft for decades, is honored to be nominated for the Microsoft Security 20/20 Partner awards in the Customer Impact and Industry Changemaker categories. Check out this blog for more information on the inaugural awards and Trend Micro’s recognitions.
Security Predictions for 2020 According to Trend Micro
Threat actors are shifting and adapting in their choice of attack vectors and tactics — prompting the need for businesses and users to stay ahead of the curve. Trend Micro has identified four key themes that will define 2020: a future that is set to be Complex, Exposed, Misconfigured and Defensible. Check out Digital Journal’s Q&A with Greg Young, vice president of cybersecurity at Trend Micro, to learn more about security expectations for this year.
The Everyday Cyber Threat Landscape: Trends from 2019 to 2020
In addition to security predictions for the new year, Trend Micro has listed some of the biggest threats from 2019 as well as some trends to keep an eye on as we begin 2020 in this blog. Many of the most dangerous attacks will look a lot like the ones Trend Micro warned about in 2019.
5 Key Security Lessons from the Cloud Hopper Mega Hack
In December 2019, the U.S. government issued indictments against two Chinese hackers who were allegedly involved in a multi-year effort to penetrate the systems of companies managing data and applications for customers via the computing cloud. The men, who remain at large, are thought to be part of a Chinese hacking collective known as APT10.
The Summit of Cybersecurity Sits Among the Clouds
Shifts in threats in the security landscape have led Trend Micro to develop Trend Micro Apex One™, a newly redesigned endpoint protection solution. Trend Micro Apex One™ brings enhanced fileless attack detection and advanced behavioral analysis and combines Trend Micro’s powerful endpoint threat detection capabilities with endpoint detection and response (EDR) investigative capabilities.
New Iranian Data Wiper Malware Hits Bapco, Bahrain’s National Oil Company
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. The incident took place on December 29th and didn’t have the long-lasting effect hackers might have wanted, as only a portion of Bapco's computer fleet was impacted and the company continued to operate after the malware's detonation.
Ransomware Recap: Clop, DeathRansom, and Maze Ransomware
As the new year rolls in, new developments in different ransomware strains have emerged. For example, Clop ransomware has evolved to integrate a process killer that targets Windows 10 apps and various applications; DeathRansom can now encrypt files; and Maze ransomware has been targeting U.S. companies for stealing and encrypting data, alerted by the Federal Bureau of Investigation (FBI).
4 Ring Employees Fired for Spying on Customers
Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure comes in a recent letter to senators from Amazon-owned Ring as it attempts to defend the privacy of its platform, which has been plagued by data privacy incidents over the past year.
Web Skimming Attack on Blue Bear Affects School Admin Software Users
A web skimming attack was recently used to target Blue Bear, a school administration software that handles school accounting, student fees, and online stores for educational institutions. Names, credit card or debit card numbers, expiration dates and security codes, and Blue Bear account usernames and passwords may have been collected.
Patched Microsoft Access ‘MDB Leaker’ (CVE-2019-1463) Exposes Sensitive Data in Database Files
Researchers uncovered an information disclosure vulnerability (CVE-2019-1463) affecting Microsoft Access, which occurs when the software fails to properly handle objects in memory. The vulnerability, dubbed “MDB Leaker” by Mimecast Research Labs, resembles a patched information disclosure bug in Microsoft Office (CVE-2019-0560) found in January 2019.
Cryptocurrency Miner Uses Hacking Tool Haiduc and App Hider Xhide to Brute Force Machines and Servers
A Trend Micro honeypot detected a cryptocurrency-mining threat on a compromised site, where the URL hxxps://upajmeter[.]com/assets/.style/min was used to host the command for downloading the main shell script. The miner, a multi-component threat, propagates by scanning vulnerable machines and brute-forcing (primarily default) credentials.
What are your thoughts on the rise of cryptomining malware and cryptojacking tactics? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.