Security this week, June 29, 2020

In the previous weeks, we have seen remote working becoming the new normal for all major office spaces during the Covid-19 pandemic amid security concerns. A host of nations’ economies have dwindled, and many have lost their jobs.   

With these changes, many hacking groups have become more active than ever trying to take advantage of the situation. Multiple hackers are doing phishing attacks to take advantage of the people’s sentiments through health or job-related emails. Even the states whose economies are improving in the midst of a recovery from the pandemic are accused of trying to hack into the security systems of other states who still face Covid-19. Due to remote working, many companies now have some vulnerabilities in their systems that are being attacked by hackers and at the same time being patched by the researchers. Companies have started investing in their security systems as well in the form of recruitment of security professionals as well as the acquisition of related firms.  

Have a look at all the major happenings in security of the past week: 

Australia’s government and institutions targeted by state-based cyber hacks 

Australian Prime Minister uncovered the cyber attacks

Australian Prime Minister Scott Morrison revealed state-based hacks that were targeting the Australian government and institutions. He further stated that the attacks were widespread covering multiple hierarchies in the government. The attacks have gone on for many months although no major personal data breaches have occurred. The education, health, essential service providers, government, and political organizations were targeted. With the scale and the nature of the hacks, researchers believe this to be state-based. China among a few others such as Russia, Iran and North Korea have the capacity for such attacks and is not allies with Australia. Cyber defense agencies looked after multiple attempts to hack the systems.

This shows that even the governments are vulnerable to cyberattacks and even some states might be funding such attacks to get sensitive information.

Hackers posing as HRs offering jobs target military and aerospace 

Lazarus group suspected to be involved in security attacks on Military and Areospace organizations

A campaign labeled “Operation In(ter)ception” took place in December 2019 according to a report shared by security firm ESET. It affected military and aerospace organizations in the Middle East and Europe. The final goal was to spy on key employees of the target firms and in addition, to siphon money. Not only the financial motivations of the attacks but also correspondence in targeting and development environment have led suspicion straight towards Lazarus Group. It has been actively working on the behalf of North Korean government to fund the nation’s illegal missile programs.

Social engineering through LinkedIn targeted the employees working for selected firms with fake job offers using the messaging feature posing as HR managers of well-known aerospace and defense companies. Furthermore, the hackers attempted to exploit the compromised account to extract money from other companies. The monetization attempts were unsuccessful as targeted customers of the companies reached out to the correct mail ids. 

The key takeaway from this is that people should trust dependable accounts only for any kind of recruitment processes instead of applying at whatever portal which they may see for employment.

More than a 100 chrome extensions caught spying on users 

106 chrome extensions found to be illegally collecting sesitive data

Recently 106 chrome extensions were illegally collecting sensitive user data as a part of a “massive global surveillance campaign”. The campaign’s targets were oil and gas, healthcare, and finance sectors. The malicious add-ons were traced back to an internet domain registrar, GalComm. The extensions took screenshots of the victim device, read the clipboard, loaded malware, and actively harvested tokens and user input. It is still not clear who is immediately behind the spyware effort. They posed as utility offering capabilities and relied on multiple fake reviews to trick the victims. As a result of the findings, Google immediately removed the extensions from Chrome Web Store. Furthermore, Google advised users to review the extension permissions and uninstall the rarely used extensions. 

This clearly underlines the constantly changing security issues for softwares and the need to keep updating the systems to prevent any attacks.

Attackers steal credit cards by bypassing web security through Google Analytics 

hackers using Google Analytics to bypass security

Several reports from security researchers such as PerimeterX, Kaspersky, and Sansec reported hackers exploiting Google Analytics services to stealthily pilfer credit card information from infected e-commerce websites. Attackers injected tracking and data-stealing code generated by Google Analytics for their own account. This lets them exfiltrate sensitive financial information entered by users even under security policies that were enforced by the websites. As a result, stolen data could be accessed by the Google Analytics account of the hackers. Across Europe and America, 24 websites were found to be infected which sold cosmetics, digital equipment, food products, and spare parts. Researchers are still trying to track down the attackers. As a customer, there is not much which one can do to safeguard yourself from such attacks. 

Internet users should use internet for particular work only as general usage can land them on a vulnerable page which can expose their data to hackers.

Flaws in Oracle E-Business suite let hackers hijack business operations 

A series of attacks on Kubeflow identified

Onapsis, a cybersecurity firm disclosed technical details for vulnerabilities it discovered in Oracle’s E-Business Suite (EBS). EBS is an integrated application with a purpose to automate ERP, CRM, and SCM operations for organizations. The vulnerabilities were given a rated a CVSS score of 9.9. A critical patch update (CPU) was released by Oracle in January 2020 but around half of the customers have not deployed the patches to date. The vulnerability can be exploited to target accounting tools to steal sensitive information and for financial fraud. An unauthenticated hacker could perform an automated exploit to extract company assets. Given this risk, it is recommended that firms who are using Oracle EBS ensure that they aren’t exposed to any such vulnerabilities by scanning and patch the required as soon as possible. 

The firms do their part by providing the patches but one needs to keep checking for them and update as well for better protection.

Indian railways alerted by Intel agencies regarding a malware attack in their system  

Indian Railways network attacked by malware

A malware has hit the Indian Railways network and managed to scoop its data for train movement and foreign countries. According to the researchers, the Railway’s system has been affected by the APT 36 Malware campaign. The Railway Board has been alerted which immediately disconnected the system and changed the passwords. Sources said that the APT 36 malware is are rather associated. The intel agency asked the concerned departments to change the password. Also, China is believed to be closely working with Pakistan who is close to China. 

This highlighted the fact that users should always keep updating their account’s passwords otherwise they would become vulnerable.

New security features added to Cisco Webex 

Cisco Webex patched multiple vulnerabilities

Cisco has patched several highly vulnerable bugs along with adding new security features to Webex. It gives its customers an extended data loss prevention (DLP) retention, eDiscovery features, and legal hold to Webex meetings. This is set to upgrade security and protection for all meeting content. Several security advisories were also published including those on 3 severe vulnerabilities. These vulnerabilities could allow an unauthenticated attacker to gain unauthorized access to the Webex meetings and execute programs already present on the targeted system. This is done by convincing the victim to click on the malicious URL. Cisco has found no evidence to suggest the exploitation of any of the related vulnerabilities yet. 

This shows the need of constantly revamping the existinng softwares to keep up with the latest security guidelines.

USD 2 Mn scammed from users by using Elon Musk Bitcoin vanity address 

Approximately USD 2 Mn scammed using Elon Musk’s name

Scammers have made more than USD 2 million in the last two months from Elon Musk’s name. This involved the use of Bitcoin vanity addresses to give more credibility to the scam for any suspicious user. Security firm Adaptiv tracked the use of Bitcoin vanity addresses in the name of Elon Musk in giveaway scams. Addresses using the website BitcoinAbuse were collected for reports of Bitcoin addresses being used in ransomware, extortions, scams, and cybercrime. Hackers hijacked high follower-count YouTube channels, changed the account name, and renamed the channels to Elon Musk’s name, the SpaceX brand, etc. Users were advised to be wary as these scams can be present on major social media platforms as well. 

Hence, while making any kind of payment, one should ensure that it is to a trusted source rather than a scam which would steal thier money.

Hackers target diplomatic and high-profile military entities in East Europe 

InvisiMole, a threat group hacked into military entites in East Europe

The operations of a threat group named InvisiMole was uncovered by security researchers. The group hacked into diplomatic and high-profile military entities across Eastern Europe for espionage. The impacted firms alongside security firm ESET collaboratively found this. This resulted in a further extensive look into InvisiMole’s operations and its tactics, procedures, and tools. InvisiMole has been active since 2013 and has been involved in espionage operations in Ukraine and Russia. The related spyware could change the systems, scan wireless networks while tracking the geolocations of victims, collect user information, and upload sensitive files in the compromised machine. Tries to a second threat actor called Gamaredon group were also discovered and further investigations in the case are still going on. 

Top officials of any organization are the ones targeted the most by hackers and they are the ones who need more focus on their security protocols.

Atos set to acquire Paladion 

Atos has announnced the acquisition of Paladion

Paladion is soon to be acquired by Atos. With this, Atos wants to bring in managed detection and response capabilities to its portfolio. They also want to create the next generation of Atos’ prescriptive security operations center (SOC) offering. Atos believes that Paladion’s cloud-native technology will help in expansion strategies in cybersecurity and cloud solutions. Furthermore, this would provide its customers with accelerated business transformation. 

Companies are starting to realize the importance of enterprise security and have started investing on it thereby resulting in mergers and acquisitions.

Your browser doesn’t support HTML5 audio


Digital Transformation

Demystifying DX - Stories, lessons, and applications.