Weekly Cyber Threat Report, Feb 7-12

Weekly Cyber Threat Report, Feb 7-12

From the good news:

  • PwC UK and Panaseer partner to offer continuous Cyber Risk Monitoring
  • Celerium announce a partnership with CenSec to bring better cybersecurity to the Danish defense industry
  • Bodyguard, a startup that protects users from cyberharassment, hate speech, and toxic content online, has started a major expansion into the USA, moving forward on its goal of creating a safer web around the world
  • DCMS launches UK cybersecurity council that will oversee training and certification
  • Microsoft fixes Windows zero-day in a new patch
  • Apple, Adobe, Mozilla, and Google release security updates

From the bad news:

New activity by Iranian Infy and Domestic Kitten

Check Point Research reported about renewed activity and a toolset of Infy, an Iranian APT group active since 2007. In their attacks on mostly Sweden, the Netherlands, and Turkey, the group used Trojan.Win32.Tonnerre and Trojan.Win32.Foudre. While the Domestic Kittens’ newest attacks feature an app mimicking the portal of Teheran restaurant “Mohsen” and uses malware FurBall. 

Barcode Scanner app on Google Play infects 10 million users

An app that has been on Google Play for years turned malicious overnight with one software update, Malwarebytes researchers reported. Mobile users were seeing ads that opened the default browser without their interaction. The investigation traced the ads back to Barcode Scanner app. Google has pulled the app from the store, however, the app could have infected some 10 million devices. Since the code used extended obfuscation to avoid detection Malwarebytes assigned the app straight to the category of Trojan, under the type Android/Trojan.HiddenAds.AdQR, rather than the adware category.

Matryosh botnet abuses Android vulnerability on port 5555

Netlab researchers discovered a new botnet that re-uses the Mirai framework (an infamous botnet known for its massive DDoS attack against Dyn in 2016) to launch DDoS attacks on vulnerable Android devices. The botnet is dubbed Matryosh because its functions are “nested” in layers like a Russian nesting doll Matryoshka. The botnet facilitates DDoS attacks using tcpraw, icmpecho, and udpplain attacks. Researchers advise that enterprises scan their internal and external networks for any devices that are listening on port 5555, and analyze them.

Microsoft warns enterprises of new ‘dependency confusion’ attack technique

Microsoft has published a white paper describing a new “dependency confusion” technique, also known as a “substitution attack.” Researchers determined if an attacker learns the names of private libraries used by a company in their app-building processes, the attackers could upload libraries that contain malicious code. Researchers managed to inject non-malicious code inside apps of major companies like Apple, Microsoft, PayPal, Shopify, Netflix, Yelp, Uber, and others.

Nespresso Pro smart cards to dispense free unlimited coffee

In a disclosure published this week, Polle Vanhoof, a security researcher described a vulnerability affecting Nespresso Pro machines equipped with a smart card reader. Some machines in Europe that rely on outdated Mifare Classic smart cards can be manipulated to add unlimited funds to purchase unlimited coffee.

Florida water utility hack with intent to poison drinking water

The United States FBI, the Secret Service, and the Pinellas County Sheriff’s Office are investigating an attempt to poison city drinking waters that occurred Friday last week. Reportedly, the attacker had gained access via TeamViewer, a remote desktop application used by the plant’s operators in their work. “The hacker changed the sodium hydroxide to dangerous levels. A plant operator was quick to reduce it back to normal levels. At least 15,000 people could have been endangered. 

A Facebook phishing campaign that tricked nearly 500,000 users

A phishing scam under the title “Is that you” is circulating on Facebook. At the time of writing, the number of potential victims is nearing 500,000 with 77% of the victims based in Germany. The scam begins with a message sent by one of your friends claiming to have found a video or image with you. The message contains a video that opens a chain of websites infected with malicious scripts harvesting credentials entered by the victims and collecting their location data. Researchers from Cybernews determined the attack originated from a Spanish-speaking country, most likely the Dominican Republic. 

Millions of IoT devices vulnerable warns Forescout

Cybersecurity researchers at Forescout Research Labs warn about nine new vulnerabilities dubbed Number:Jack in certain TCP/IP stacks. Flaws in the communications protocols used by millions of IoT devices could allow cybercriminals to intercept user data. To help find vulnerabilities, the security firm has released an open-source script as part of Project Memoria.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.