During this period, COVID-19 financial scams continue at scale, with the continued build-out of attack infrastructure. Also, ransomware dominates cyber incidents, including double extortion Maze ransomware attacks. And key vulnerabilities have been disclosed in bootloaders and routers.
A wide range of COVID-19 related financial scams are in progress.
— A stream of fake PayPal emails claiming users can incur charges if they miss out on a valuable service and that their account activity has been limited, are purporting users to click on fake login links that steal credentials, Malwarebytes reports.
— The cryptocurrency trading platform 2gether has revealed a cyberattack in which roughly €1.2 million in cryptocurrency has been stolen from accounts, with user passwords also being compromised, ZDNet reports.
— The Hacker News reports, Docker servers hosted on cloud platforms such as AWS, Azure and more with exposed APIs, have been targeted by attackers to run undetectable malicious crypto-mining containers.
— A group of scammers responsible for collecting millions in fraudulent small business loans from COVID-19 relief efforts gathered personal data on people they were impersonating by leveraging several compromised accounts at a U.S. consumer data broker, Krebs on Security reports.
Organised crime groups have been building out attack infrastructure to affect corporate infrastructure.
— According to the UN, there’s been a 350% increase in phishing websites in the first quarter of the year due to the coronavirus pandemic, Associated Press reports. Many of these attackers have targeted healthcare services and hindering their operations.
— RiskIQ reports, observing 118,240 new domain names containing COVID-19 keywords in them on August 06, 2020.
While attacks still involve phishing linked to malware delivery, a range of other exploitation techniques are targeting the use of conferencing platforms.
— Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location, bypassing a patch released earlier this year, Dark Reading reports.
Phishing & Malware
Extensive COVID-19 themed phishing campaigns are underway with cyber criminals exploiting health organizations, academic institutions, enterprises and their IT infrastructure:
— cPanel, an administrative software commonly installed in shared web hosting services, has been hit with a phishing scam, Bleeping Computer reports. The scam involves attackers spreading a fake security advisory alerting users of a critical vulnerability in their web hosting management panel and redirecting to a credential phishing page.
— Canon has suffered a ransomware attack that impacted numerous services including its email, U.S. website and other internal applications, Bleeping Computer reports.
— SC Magazine reports, a phishing attack, targeting workers in the aerospace and defense industries, impersonating an inquiry by a recruiter for new job opportunities, with a malicious template inserted in an attached Word document, intended to gather intelligence on victims.
— The DoppelPaymer ransomware gang has targeted Boyce Technologies, a coronavirus ventilator manufacturer, and is threatening to leak data and hamper production of 300 ventilators per day, Coin Telegraph reports.
Mobile devices are not immune from COVID-19 themed attacks.
— Over 400 vulnerabilities have been identified on Qualcomm’s Snapdragon chip affecting 40% of all Android phones, with Qualcomm fixing six vulnerabilities that could allow attackers to turn a phone into a spying tool and render information unavailable, Checkpoint reports.
Broader Threat Landscape
— In research conducted by Forrester of 416 security executives and 425 business executives, 41% of respondents reported a cyber attack statistic related to COVID-19, Tenable reports.
— A seller of data breaches has begun leaking databases on a hacker forum for free, with 386 million user records from 18 companies already leaked, Bleeping Computer reports.
— Classified documents from U.S. chipmaker Intel have been uploaded to a public file sharing platform, resulting from a breach of 20GB worth of data which includes source codes for various platforms and development and debugging tools, Bleeping Computer reports.
— Maze ransomware operators have published tens of GB of internal data from LG and Xerox networks, following two failed attempts at extortion, ZDNet reports. The published data includes source codes for the firmware of various LG products and customer support operations from Xerox.
— A newly discovered vulnerability (CVE-2020-10713) dubbed ‘BootHole’ in the GRUB2 bootloader threatens billions of Linux and Windows devices allowing attackers to interfere with the boot process preceding the OS startup and to potentially get full control of systems, ZDNet reports.
— Cisco has highlighted 15 new vulnerabilities in Cisco Small Business Switches, its DNA Center software and its AnyConnect Secure Mobility VPN client for Windows, which contained a flaw that let an authenticated local attacker perform a DLL hijacking attack.
— Google Chrome browser vulnerability (CVE-2020-6519) allows attackers to bypass the Content Security Policy on websites to steal data and execute rogue code, exposing billions to data theft, Threat Post reports.
— A high severity bug found in Facebook’s official chat plugin for WordPress websites allowing attackers to intercept messages sent by visitors to the vulnerable sites’ owner, Bleeping Computer reports.
— Researchers have found a way to bypass a patch Microsoft released to address a bug (CVE-2020-1048) in the Windows printing services, giving attackers a path to execute malicious code with escalated privilege, Bleeping Computer reports.
— Vulnerabilities in the popular online-meeting service Meetup could have allowed attackers to gain access to profiles of millions of members by combining cross-site scripting and cross-site request forgery to gain admin privileges, ZDNet reports. Meetup has fixed the bug.
Law and Order
— Three suspects involved in this month’s Twitter hack were charged onJuly 31 by the Department of Justice, Bleeping Computer reports.
— Recorded Future reports, China linked hackers infiltrated the Vatican computer networks and also targeted the Catholic diocese of Hong Kong in a cyber espionage campaign ahead of the talks between the Vatican and the Chinese government.
— The U.S. CISA, the FBI, and the DHS have issued a joint advisory on a new strain of a 12-year-old ‘Taidoor’ virus by Chinese state actors that uses malware variants with proxy servers to maintain a presence on networks and exploit them further.
— The U.K’s NCSC has issued an advisory on detecting and mitigating custom malware by hacking group ‘APT29’ targeting organizations involved in COVID-19 research.
— The Australian Cyber Security Centre (ACSC) has issued an advisory on copy-paste compromises detailing the tactics, techniques and procedures (TTPs) encountered during a cyber campaign against Australian networks.