Cyware Daily Threat Intelligence December 17, 2018

Attackers are found manipulating printers to boost the subscriber counts of PewDiePie’s YouTube account. The attack has reportedly affected 1,00,000 printers across offices, businesses, and homes. These devices are being remotely hacked and forced to print a message that instructs the users to subscribe to PewDiePie on YouTube.

Recently, around 185,000 Irish office workers were found to have fallen victims to a phishing scam. The scammers associated with this campaign are found to be working on behalf of the Iranian government who managed to target the US government officials, activists, and journalists. The threat actors are believed to have accessed their Gmail and Yahoo Mail by bypassing its 2FA system.

Security researchers at Armor Threat Intelligence group found Magecart-style attack tool being openly offered for sale on the Dark Web forums. Just like the previous British Airways or Newegg breach incidents, here also, attackers used their own proprietary payment card sniffing tool. This Magecart-style attack tool is being sold for $1300. The tool is advertised to have 2 components – a standard universal payment card sniffer and a control panel. The attack is said to work on any e-commerce site that employs Magento, OpenCart, or OsCommerce payment forms.

Cybercriminals are found using steganography to embed malicious payloads within memes to spread malware. The malware authors posted 2 tweets featuring malicious memes, which contained an embedded command that is parsed by the malware after it’s downloaded from the Twitter account. This acts as the C&C service for the already-placed malware. It can’t be taken down unless the malicious Twitter account is disabled.

Previously-unknown flaws in the high-performance computer chips are spotted which could lead to failures in modern electronics. The on-chip communication systems could be damaged and the lifetime of the whole computer chip could be shortened by deliberately adding malicious workload. This would include sending software updates which will slow down earlier models.

Recently, the US Ballistic Missile Defence Systems (BMDS) failed to clear the DoD IG audit. This is because the systems are controlled by computers and software which are plagued by security loopholes. They are at the risk of being targeted by state-sponsored attacks. Many users didn’t enable the 2FA and were found still using the same username and password to access BMDS network.

Thousands of Jenkins servers are found to give admin rights to the attackers, as they are exploited and completely controlled for cryptocurrency mining attacks. Two flaws are exploited to gain admin rights and log in using invalid credentials on these servers.