Cyber Security Headlines – October 20, 2020

US files charges against high profile attackers

The unsealed charges are against six Russian nationals believed to work for the prominent Russian hacking group Sandstorm and are members of the Russian Main Intelligence Directorate. The group is believed that have been involved with the BlackEnergy, Industroyer, and KillDisk malware that hit Ukraine in 2015 and 2016, as well as efforts to disrupt French elections in April 2017, spear phishing attacks against PyeongChang Winter Olympics partners, and the NotPetya attacks that caused over $1 billion in damages in 2017, among others. Ordinarily espionage operations are not subject to international prosecution, but US officials said that the groups indiscriminate use of malware with destructive capabilities showed a disregard for international norms. 

(ZDNet)

A new browser wants to look at social media algorithms

The publication The Markup announced the Citizen Browser project, which aims to create a custom web browser to audit information sharing algorithms used by social media platforms. Initially the browser will focus on auditing YouTube and Facebook, looking at what information is served to specific users, how news is shown on those platforms, and what communities users are encouraged to join. The Markup will pay a nationally representative panel of 1,200 people to install the browser and share real time data, made up to be a statistically valid sample of the American population across age, race, gender, geography, and political affiliation, with all personally identified information removed and discarded before analysis. 

(The Markup)

Microsoft Exchange and OWA are increasingly malware targets

This comes from Accenture’s 2020 Cyber Threatscape report which found that APT’s have looked to the Microsoft stalwarts to steal business credentials and other sensative data. The report highlights the Russian group BELUGASTURGEON and APT39, both of which use Microsoft services as beachheads to hide traffic, relay commands, compromise e-mail, exfiltrate data and gather credentials for future espionage attacks. Other groups were found to craft malware specifically for Exchange, exploiting known security-feature bypass vulnerabilities to execute arbitrary commands. Microsoft is also a top target for impersonations, used in phishing attacks against government and oil and gas targets. 

(ThreatPost)

Dark Reading report looks at the COVID-19 impact on security priorities

The report identified remote access systems as the most commonly cited security priorities with 39% of respondents, with VPNs the second most cited with 36%, and authentication number three with 35%. Overall 54% of respondents said their organizations planned to use more cloud services in 2021, with only 7% predicting a decrease. Looking at the perceived effectiveness of security technology, endpoint protection, VPNs, and next gen firewalls saw at least 75% of respondents finding them effective. On the less effective side, 45% of less or respondents found user and entity behavior analysis, network access controls, honeypots, and ML and AI-based security systems to be effective. 49% of respondents identified managing security complexity as their biggest challenge, up from 38% last year. 

(Dark Reading)

Thanks to our episode sponsor, SecureLayer7

Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots.
SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net

GravityRAT spyware comes to new operating systems

The remote access trojan has been identified by Kaspersky going back to 2015, but previously has only been seen on Windows systems. However researchers have now spotted updated GravityRAT code suggesting the spyware is now a multi platform tool. Code analysis of an Indian travel app for Android showed malware with C2 addresses related to the actors behind GravityRAT, with researchers now identifying more than 10 different versions of the spyware on Android and macOS in addition to Windows. The overall operation of the malware is similar, with researchers noting it seems focused on India, and with increasingly sophisticated ways of using digital signatures to make apps look legitimate. 

(ThreatPost)

Akamai sees DDoS ransom attacks increase

Research from the company shows that since August, peak DDoS attacks have shifted from gaming companies to financial services, with intensity increasing to 200 Gbps. This comes even as the vectors for the attack remain largely the same. Attackers have sent multiple organizations ransom demands, delivering a small scale DDoS to prove their intentions. This is different from other extortion attempts that threaten a DDoS, which usually are not followed up on. Akamai says its seen DDoS attacks triple since January, up to three million a day, with a 200% increase in attacks against web application firewalls.

(InfoSecurity Magazine)

Vizom malware operating in Brazil

The malware was discovered by researchers at IBM. Vizom is distributed through phishing emails, designed to look like a Zoom URL. Once downloaded, the malware uses DLL hijacking to create a child process for itself in the Zoom directory. From there a Remote Access Trojan is extracted, and chained to an instance of the Vivaldi Internet browser running in the background. Once Vizom detects a user going to a list of online banking services, it will use the remote access to put an overlay on screen to get a user to enter in their credentials.  

(ZDNet)

Facebook rejects over 2 million ads attempting to “obstruct voting”

This comes from Facebook’s vice president of global affairs and communications Nick Clegg, with the ads coming from across Facebook and Instagram. Aside from the 2.2 million rejected ads, an additional 120,000 posts were withdrawn for the same reason. The platform also posted warnings on 150m examples of false information posted on its platform. Clegg said Facebook uses artificial intelligence that can flag billions of posts with election misinformation before they are seen by users. 

(The Guardian)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.