Cyware Daily Threat Intelligence, February 10, 2020

Share Blog post

Distributed Denial of Service (DDoS) attacks can be used as a potential cyber weapon by nation-states to bring a country to its knee. Over the weekend, the Iran government faced a similar situation after the country’s internet services were disrupted for an hour due to a massive DDoS attack. As a result of the attack, Iran had lost 25% of its internet access. It took 7 hours for the internet connection to return to normal conditions.

In a different incident, the operators of Emotet have enhanced the capabilities of the trojan by including a Wi-Fi worm module to its arsenal. The new variant makes use of wlanAPI.dll calls to scan nearby wireless networks. Once found, the trojan attempts to brute-force its way into the target network to compromise devices.

Talking about scams, scammers are making use of a free utility called ‘Lock My PC’ to lock users out of their PCs unless they pay the requested ‘support’ fees. For this, the scammers pretend to be from Microsoft or Google and convince target users to let them access their systems to fix a ‘detected’ issue.

Top Breaches Reported in the Last 24 Hours

Leaky Likud party’s app
A misconfiguration in an election day app developed by Likud party may have potentially exposed the personal details of almost 6.5 million Israeli citizens. Researchers claim the app’s website developers left the API endpoint exposed online without a password, allowing third-parties to obtain passwords for admin accounts. The app was made available for download on the elector.co.il website.

Stolen data up for sale
Data of more than half a million clients of Russian microfinance organizations have been put up for sale on a dark web market. The affected clients belong to companies like Bistrodengi, Zaymer, and Ekapusta. The compromised data includes full names, phone numbers, email addresses, birth dates and passport of Russians.

13.4 million accounts compromised
The Saudi-based OurMine hacking group had managed to compromised nearly 13.4 million Twitter accounts to highlight the security flaws in the social networking platform. The temporary account takeover lasted for less than 30 minutes. Upon being informed of the issue, Twitter locked the compromised accounts and is working closely with Facebook to restore them.

DDoS attack
A massive DDoS attack had brought down a large portion of the Iranian access to the Internet. As a result of the attack, Iran had lost 25% of its internet access. It took 7 hours for the internet connection to return to normal.

Top Malware Reported in the Last 24 Hours

MyCERT issues an alert
Malaysia’s Computer Emergency Response Team (MyCERT) has issued a security alert to warn about a hacking campaign targeting government officials. Carried out by the APT 40 threat actor group, the attack campaign aims to steal confidential documents from government systems. The campaign involves the use of spear-phishing messages sent to government officials. These messages appeared to be from a journalist, an individual from a trade publication, or individuals from a relevant military organization or non-government organization.

Adposhel adware
Researchers have detected a new adware family called Adposhel that takes control of push notifications in Chrome at the administrator level. The adware uses Chrome policies to ensure that notification prompts will be shown to users and adds some of its own domains to the list of sites that are allowed to push browser notifications.

New Emotet variant
A new variant of Emotet trojan has been found to include a Wi-Fi worm module that allows the malware to spread to new victims connected to nearby insecure wireless networks. This new strain of Emotet starts the spreading process by using wlanAPI.dll calls to discover wireless networks.

Top Vulnerabilities Reported in the Last 24 Hours

Windows 7 bug
A weird bug has been hitting Windows 7 users after the January 14 end-of-life (EOL) deadline. The affected users are taking to different online forums to report that they are receiving a popup message that reads "You don't have permission to shut down this computer" every time they attempt to shut down or reboot their systems. The cause of the bug remains unknown. However, a temporary workaround - that doesn't require any scripting or OS system hacks, and could be executed by any Windows 7 user - has been devised.

Top Scams Reported in the Last 24 Hours

Tech support scam
Scammers are using a free utility called ‘Lock My PC’ to lock users out of their PCs unless they pay the requested ‘support’ fees. The scammers pretend to be from Microsoft, Google, and other known companies and convince the victims to let them access their computers to fix a ‘detected’ issue. Once the scammers gain access to the computer, they would use the Windows Syskey program to lock the user out of their Windows.

Impersonation scam
Scammers are impersonating CoinDesk reporters and editors with an intention to steal money from users. The scam, which is primarily disseminated through Telegram messages, promises victims about full coverage of their crypto projects in exchange for a fee that can go up to $500.

 Tags

mycert
account takeover
adposhel adware
impersonation scam
ddos attack

Posted on: February 10, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!