Cyware Daily Threat Intelligence October 27, 2017

DoubleLocker ransomware
This is one of the first known Android ransomware that encrypts the user files and also locks the device by changing its PIN. In addition, it is also known to be the first ransomware by abusing Android accessibility services. Users are advised not to click on pop-ups that ask them to install plugins or additional software.

BadRabbit ransomware
This ransomware was discovered last week, however, recently it was found that the ransomware is using a modified version of an NSA exploit. It carries the EternalRomance exploit which uses an "empty" SMB transaction packet to attempt to push instructions into the memory of another Windows computer. Users are advised to keep their systems updated and patched.

Sage ransomware
Its intuitive user interface is quite different from the usual malware. The developers have put in a lot of effort in making the victims understand how to pay the ransom with really intuitive designs and tips. This makes the ransomware stand out from the rest of the crowd. Users should backup their data regularly along with keeping their software updated. Microsoft Office vulnerability
The zero-day vulnerability has been discovered in Microsoft’s Dynamic Data Exchange (DDE) protocol. This protocol can send messages and share data between applications. Attackers could exploit it to run malware without executing macros. The DDE exploitation in Outlook eliminates the need to send attachments to execute an attack.

Microsoft Office memory corruption flaw
A unique remote code execution vulnerability named CVE-2017-11826 has been found in the Microsoft Office software. The flaw pushes the software into failing to properly handle objects in memory. The exploit for this vulnerability is an RTF document containing a DOCX document in the Office Open XML parser.

AmosConnect 8 bug
The popular maritime platform used for accessing the internet is plagued with a software bug that can expose internet data. This flaw is critical in exposing international maritime infrastructure to threat actors. The worst part is that AmosConnect stores credentials in plaintext. Thus, the attacker doesn’t even need to decrypt the data. jQuery’s blog site hacked
The popular JavaScript library used by several millions of website has been hacked by hackers using the pseudonym 'str0ng' and 'n3tr1x'. The blog site runs on WordPress: although the page blog.jquery[.]com is compromised, code.jquery[.]com is still secure.

BitCoin Gold affected by cyberattacks
The digital currency has forked a new currency dubbed Bitcoin Gold. It is designed to make the online currency mining easier for average users. The latest rival to Bitcoin suffered a major cyber attack on its launch, crashing the new cryptocurrency's website and—in a few hours—its value, too.

DDoS attack on election websites
The Czech Statistical Office runs two websites, which were taken offline by a DDoS attack. This was an attempt to disrupt reporting of the country’s parliamentary elections. Unnamed hackers carried out DDoS attack in an effort to disrupt the reporting of the results.