Cyber Security Headlines – October 29, 2021

Android spyware spreading as antivirus software in Japan

A new variant of the Android info-stealer called FakeCop has been spotted by Japanese security researchers, who warn that the distribution of the malicious Android Package Kit is picking up pace. It is being distributed in phishing campaigns impersonating Japanese telecom company KDDI. Furthermore, the malware is only detected by 22 out of 62 Antivirus engines on VirusTotal, showing a concerted effort by the threat actor to remain hidden. In a new report by cybersecurity firm Cyble, researchers have dubbed the malware ‘FakeCop’ and state it is masquerading as Anshin Security, a popular antivirus product in Japan.

(Bleeping Computer)

Half of home workers buy potentially insecure technology 

Incidents of shadow IT have snowballed during the pandemic as remote workers bought devices without vetting from the IT department, a new report from HP has warned. Based on a global survey of 1100 IT decision-makers and a separate poll of more than 8400 home workers in the US, the UK, Mexico, Germany, Australia, Canada, and Japan, 45% said they’d bought IT equipment such as printers or PCs to support home working over the past year. However, 68% said security wasn’t as big a consideration as other factors like price or functionality when purchasing, and 43% didn’t have their new laptop or PC checked or installed by IT. The report also says 70% of home workers who had clicked on malicious phishing emails said they didn’t report it to IT.

(Infosecurity Magazine)

EU investigating leak of private key used to forge Covid passes

The Digital Covid certificate, or the “Green Pass” helps European Union residents travel across borders seamlessly by proving that they have either been vaccinated against COVID-19, received a negative test result, or have successfully recovered from COVID-19. This week, users reported seeing the private key for EU Digital Covid certificates circulating on messaging apps like Telegram. The key has also been misused to generate forged certificates, including for Adolf Hitler, Mickey Mouse, and SpongeBob Squarepants —all of which are being recognized as valid by the official government apps.

(Bleeping Computer)

North Korea’s Lazarus Group targets IT supply chains with MATA malware

This latest malware campaign represents the group’s growing interest in leveraging trusted IT supply chain vendors as a gateway to corporate networks. The attackers obtained access to a South Korean security software vendor’s network to exploit the corporate software and a Latvia-based IT asset-monitoring product vendor by deploying Blindingcan and Copperhedge backdoors, which CISA had already issued security alerts about. The MATA malware discovered in this campaign has evolved compared to previous versions and uses a legitimate, stolen certificate to sign some of its components.

(CISO Magazine)

Thanks to our episode sponsor, Banyan Security

Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments.
Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information.

Russian-speaking ransomware gang says it hacked the National Rifle Association

According to Cyberscoop, a ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if it doesn’t pay an extortion fee of an undisclosed sum. CyberScoop has not independently verified the documents, and the NRA has declined to comment. Multiple researchers have said that Grief is affiliated with the Russian ransomware group Evil Corp, which could potentially put the NRA at risk of violating U.S. sanctions if it pays the attackers after the Treasury Department sanctioned that gang in 2019.

(Cyberscoop)

Apple patches critical iOS bugs; one under attack

On Monday and Tuesday, Apple released updates to iOS, iPadOS, watchOS, and tvOS, patching 24 CVEs in total. In one case – a memory-corruption issue in IOMobileFrameBuffer, an iOS 15.0.2 vulnerability, is exploitable from the browser, making it “perfect for one-click & waterholing mobile attacks,” according to mobile security firm ZecOps.

(Threatpost)

Nearly all US execs have experienced a cybersecurity threat, but some say there’s still no plan

On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US). The research — including insight from those in CEO, CISO, and other leadership roles — suggests that 98% of US executives have come across at least one cybersecurity event over the past year. The research suggests that the common consequences experienced by today’s firms after an incident include disruption, a drop in share value, intellectual property theft, damage to reputation that prompts a loss in customer trust, and a change in leadership roles. Of interest in the report is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of “well-meaning” employees who may inadvertently create avenues for attackers to exploit.

(ZDNet)

Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment terminals in more than 120 countries. The PAX terminals were allegedly being used to house or run malware and act as command-and-control points for staging attacks on other networks and for collecting information. 

(The Register)

Coronal mass ejection forecast for this weekend

And now turning to the weather, SpaceWeatherLive is reporting a significant coronal mass ejection coming from the sun, which might lead to a significant geomagnetic storm activity this weekend. Geomagnetic storms carry the potential to disrupt radio transmissions and cause damage to satellites, electrical transmission line facilities, and digital technologies, and could result in potentially massive and long-lasting power outages.

(SpaceWeatherLive


Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.