Threats of the Week – November 18, 2019

Threats of the Week – November 18, 2019

Glimpse Malware

Security researchers have detailed how the Glimpse malware uses a text mode as an alternative DNS resource record type.

According to a blog post by security researchers, the malware is written in PowerShell and associated with APT34. It is executed by Visual Basic script, yet how the script is initiated remains unclear, researchers said.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against Glimpse Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-8248

Adobe has released updates for Adobe Illustrator CC for windows and macOS. This update resolves critical and important vulnerabilities which could lead to Remote Code execution in the context of current user.

Source: Adobe

How do you protect yourself?

Update Android to the latest version.

PureLocker Ransomware

A newly discovered piece of ransomware written in PureBasic has been linked to a Malware-as-a-Service (MaaS) provider that has been used by Cobalt Gang, FIN6, and other threat groups.

Dubbed PureLocker, the malware comes with evasion methods and features that have allowed it to remain undetected for months. The use of PureBasic, a rather uncommon programming language, also makes porting between Windows, Linux, and macOS easy.

Source: SecurityWeek

How do you protect yourself?

Proper security measures must be in place to defend against PureLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – November 18, 2019

Threats of the Week – November 11, 2019

Emotet Trojan

Emotet, a Banking Trojan turned devastating modular threat, has returned with upgraded functions in a new wave of attacks.

Emotet has now begun sharing a number of obfuscation techniques already utilized by Trickbot. A new export function has also been found in executable binary functions — used by both malware variants — and this feature resolves API names through an export list of loaded DLLs. The API call resolution is present in both Emotet and Trickbot packers.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Emotet Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-2204

Android has released its monthly security patches for several core Android components.

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Update Android to the latest version.

MegaCortex Ransomware

A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user’s password and threatens to publish the victim’s files if they do not pay the ransom.

For those not familiar with MegaCortex, it is a targeted ransomware installed through network access provided by trojans such as Emotet. Once the MegaCortex actors gain access, they then push the ransomware out to machines on the network via an active directory controller or post-exploitation kits.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against MegaCortex Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – November 18, 2019

Threats of the Week – November 4, 2019

xHelper Malware

Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove.

But the thing that’s most “interesting” is that xHelper doesn’t work like most other Android malware. Once the trojan gains access to an Android device via an initial app, xHelper installs itself as a separate self-standing service.

Uninstalling the original app won’t remove xHelper, and the trojan will continue to live on users’ devices, continuing to show popups and notification spam.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against xHelper Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-13720

Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers.

The bug (CVE-2019-13720) is a use-after-free flaw, which is a memory corruption flaw where an attempt is made to access memory after it has been freed. This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code – or even enable full remote code execution capabilities.

Source: ThreatPost

How do you protect yourself?

Update to the latest version of Chrome, 78.0.3904.87 (for Windows, Mac, and Linux) as it rolls out over the coming days.

Adwind Trojan

A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets.

Adwind (a.k.a. JRAT or SockRat) is a Java-based remote access trojan that sniffs out data – mainly login credentials – from victims’ machines. While Adwind has historically been platform-agnostic, researchers say they have discovered a new four-month-old version targeting specifically Windows applications – like Explorer and Outlook – as well as Chromium-based browsers (Chromium is a free and open-source web browser developed by Google), including newer browsers like Brave.

The new variant is a JAR file (Java ARchive; a package file format typically used to aggregate many Java class files) that researchers say is typically delivered from a link in a phishing email or downloaded from a legitimate site serving up insecure third-party content.

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Adwind trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Risk Factors That Impact Security

3 Risk Factors That Impact Security

As IT and security continue to align closer with business goals, organizations can no longer ignore the impact the risks on their infrastructure affect their business. According to Deloitte’s Global Risk Management Survey, 67 per cent of organizations named cybersecurity as a risk that would increase the most in importance for their business over the next two years. Due to the everchanging threat landscape, combatting security risks is an ongoing process and organizations need to address and understand their security risks. There are several factors that can impact security risk management. Here are three risks factors you might not think about.

Source: Deloitte

1. Employee data

Data is one of the most valuable resources for an organization so protecting it is key. While many organizations focus on protecting customer data (and rightly so), securing employee data is just as important. Corporate credentials can easily be found on the dark web and purchased by threat actors. 

Threat actors that purchase these stolen credentials can use them to navigate the corporate network undetected. Once a threat actor is in your network, they potentially have access to all your data. This includes customer information, corporate projects, the organization’s chain of command, etc. With this information they can engage in several malicious activities such as installing malware, sending phishing emails, using social engineering tactics to target business partners or vendors, etc.

It’s important for organizations to recognize that compromised employee credentials can be a big security risk. Organizations need to treat their employees’ data with as much care as they do with their customers. Implementing employee cyber training and security solutions can help organizations protect employee data.

2. Technology adoption

There’s always a risk when it comes to early adoption of technology because you are not only the first to receive its benefits but its problems as well. Any improvements that are made, such as better integration, usability and/or security, come from the experiences of early adopters.

When it comes to using new technology, there’s always a chance that the product will not perform as promised or work within the existing environment. There is also the risk that organizations may sacrifice security in a haste to be the first to release or include the newest technologies. According to one survey, 34% of organizations admitted to bypassing security checks in order to bring products to the market faster.

On the other hand, refusing to adopt to new technologies can hinder an organization’s growth and affect security. As new technologies emerge, many companies start retiring older versions. Those who refuse to adopt end up using outdated technology that is not updated to defend against the latest threats or vulnerabilities.

When it comes to implementing technology, it’s important for businesses to partner with organizations they can trust. This includes ensuring partners/vendors/suppliers are compliant with the latest regulations and that they have clearly defined processes that indicate organizational maturity. Organizations should always do an assessment before they make a major change in their environment to ensure that the new technology will work for their business. For information on how Jolera can help your organization, contact us today.

3. Organizational culture

The behaviours, beliefs and values of an organization build the foundation that shapes an organization. However, the importance of culture is often overlooked despite it being important to the security and performance of an organization.  

For example, a culture that prefers to do things as it’s always been done will be more hesitant to upgrade their systems or add better security controls. This makes it harder for employees to speak up about implementing better security changes. As a result, nothing will change until something catastrophic happens.

Organizations need to ensure their culture reflects their values. If an organization is committed to building relationships with their customers but are not implementing the best controls to help protect their data, there is a misalignment between their procedures and policies. Organizations should assess their culture and create an action plan to ensure that there is visible change top down.

Threats of the Week – November 18, 2019

Threats of the Week – October 28, 2019

Remcos Trojan

A highly customisable form of trojan malware has returned and is being distributed via phishing emails claiming that a payment is being made to a bank account.

The Remcos remote access trojan first emerged on underground forums in 2016 and has received a number of updates over the course of the last few years.

Available to crooks for as little as $58, the malware is an information stealer and surveillance tool, using capabilities including keylogging, taking screenshots, and stealing clipboard contents to secretly take usernames and passwords from infected victims.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Remcos Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-11757

Mozilla has released security updates for Firefox browser. When storing a value in IndexedDB, the value’s prototype chain is followed and it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash.

Source: Mozilla

How do you protect yourself?

Update your Firefox to Firefox 70.

MedusaLocker Ransomware

A new ransomware called MedusaLocker is being actively distributed and victims have been seen from all over the world. It is not known at this time, how the attacker is distributing the ransomware.

This new ransomware was found by MalwareHunterTeam at the end of September 2019, and while it is not currently known how the ransomware is being distributed, there has been a steady amount of submissions to the ID Ransomware site since then.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against MedusaLocker ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – November 18, 2019

Threats of the Week – October 21, 2019

Tarmac Malware

Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns.

These malicious ads ran rogue code inside a Mac user’s browser to redirect the would-be victim to sites showing popups peddling software updates — usually for Adobe’s Flash Player.

Victims who fell for this trick and downloaded the Flash Player update would end up installing a malware duo on their systems — first the OSX/Shlayer malware, and then OSX/Tarmac, launched by the first.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Tarmac Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-8164

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Source: Adobe

How do you protect yourself?

Update your Adobe software to the latest version.

SDBot Trojan

SDBot uses application shimming for persistence, a technique that “can be used to Bypass User Account Control (UAC) (RedirectEXE), inject DLLs into processes (InjectDLL), disable Data Execution Prevention (DisableNX) and Structure Exception Handling (DisableSEH), and intercept memory addresses (GetProcAddress).”

This, in turn, makes it possible for attackers to elevate privileges for malicious processes, to install backdoors on infected systems, as well as to disable anti-malware solutions Windows Defender.

SDBot is a modular malware as it uses an installer, a loader, and a RAT component, with the installer being used to store the RAT component within a compromised device’s registry and for establishing persistence for the loader component which executes the RAT payload.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against SDBot trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.