Cyware Daily Threat Intelligence October 11, 2017

Kangaroo ransomware
A new ransomware has been discovered, dubbed Kangaroo, it doesn’t make any attempt to obfuscate code but locks the user data and locks out the users from the system. An attacker can get access to a user’s system via Remote Desktop Protocol (RDP), drop and execute the malware, and copy the encryption key and unique ID from the victim's system. Users are advised not to open unverified and unknown links.

Botnets use Fast Flux technique
In a recent discovery, it has been found that botnets are using Fast Flux technique to conceal malicious activities including, phishing, web proxying, malware delivery, and malware communication. This technique allows a botnet to hide behind a network of compromised hosts, thereby making detection difficult.

New Locky variant
A new variant of the Locky ransomware has been detected which appends the extension “.asasin” to every file it infects using its encryption mechanism. The current distribution for this variant is broken due to malformed spam campaign. Users should use a reputable antimalware to remove the infection. Microsoft Outlook flaw
Security researchers have discovered a new vulnerability in the Universal Outlook component of Microsoft Windows could allow an unauthenticated, remote attacker to access sensitive information on a targeted system as the affected software fails to establish secure connections. A successful exploit could allow an attacker to access username and password of the targeted system.

Unnamed bug
An unnamed bug allows a cybercriminal to access public Wi-Fi network and insert malicious code on a target’s machine, escalate privileges and take full control by leveraging a critical vulnerability in the Windows DNS client. The only requirement to execute this hack is that attacker has to be on the same network. Patches have been released by Microsoft this month.

Microsoft patches
About 62 vulnerabilities have been fixed by Microsoft with a slew of patch releases. Some of the flaws were actively exploited by hackers. While 30 flaws affected Windows systems, about 33 can result in a remote code execution attack. By default, Windows 10 receives these updates automatically, and it’s recommended that other customers—running previous versions— turn on automatic updates. Massive data breach
In a sensational cybersecurity incident, sensitive medical records of about 47.5 GB has been breached due to an unsecured Amazon server. The records belonged to an estimated 150,000 Americans. The exposed documents were associated with healthcare firm Patient Home Monitoring (PHM), which provides in-home monitoring and disease management services for patients in the US.

Australian defense computers hacked
A team of attackers hacked into the computer system of an Australian national security contractor in 2016. The cybercriminals had access to the IT network for some time and burgled a large amount of the defense supplier’s data including information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, and the C-130 transport aircraft.

North Korean hackers target US power cos
Hackers from North Korea targeted American power companies in the guise of inviting victims for a fake fundraising event. Hackers linked to Kim Jong Un’s regime targeted victims with spear-phishing emails that trick recipients into downloading malware. Phony data breach popup
In a clever attempt to net victims, cybercriminals are using phony data breach popup notifications. These popular browser scams spontaneously appear as an unexpected popup or unsolicited webpage that allege that a virus has been discovered or some such unsafe condition. These scams can appear on any web browser running on any Mac, PC, or iOS device.

iPhone sign-in scam
Apple customers are now facing a new scam where hackers are using an existing app on the handset of the unsuspecting victims to popup a window that looks just like the familiar trusted Apple store sign-in prompt. Victims will unknowingly put in their Apple credentials and immediately lose their ID.

Broad-day heist
A smart criminal has caused a Malaysian bank to lose $142,000 using social engineering techniques. The robber broke into the bank by disguising himself as a fire extinguisher maintenance man. He was able to convince the bank staff and accessed the safe room from where he stole a small bounty which went unnoticed from the bank staff.