Threats of the Week – March 9, 2020

Threats of the Week – March 9, 2020

LeifAccess Malware

A new malware family called LeifAccess or Shopper is taking advantage of the accessibility features in Android to create accounts, download apps, and post reviews.

LeifAccess, “is a broad campaign [and] is using alternate methods to achieve installation but thereafter trying to achieve legitimacy to the user with fake warnings,”

Source: TechRepublic

How do you protect yourself?

Proper security measures must be in place to defend against LeifAccess malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-0031

Android has released its monthly security bulletin addressing details of security vulnerabilities affecting Android devices. The vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

Source: Android

How do you protect yourself?

Update Android to the latest version.

PwndLocker Ransomware

Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.

This new ransomware began operating in late 2019 and has since encrypted a stream of victims ranging from local cities to organizations.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against PwndLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – March 9, 2020

Threats of the Week – March 2, 2020

Raccoon Malware

Raccoon is generally delivered through phishing campaigns and exploit kits. Fraudulent emails sent to would-be victims contain Microsoft Office document attachments with malicious macros, whereas the exploit kits are usually hosted on websites.

Victims are profiled for any potential browser-based vulnerabilities and based on this analysis, they are redirected to the appropriate exploit kit.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Raccoon malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-6418

Google has released today a Chrome update to address three security bugs, including a zero-day vulnerability that is being actively exploited in the wild.

Source: Chrome

How do you protect yourself?

Patches for this zero-day will be available in Google Chrome 80.0.3987.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.

DoppelPaymer Ransomware

The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.

DoppelPaymer is an enterprise-targeting ransomware that compromises a corporate network, eventually gains access to admin credentials, and then deploys the ransomware on the network to encrypt all devices. As these attacks encrypt hundreds, if not thousands, of devices, they tend to have a huge impact on operators and the attackers demand a very large ransom.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against DoppelPaymer Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – March 9, 2020

Threats of the Week – February 24, 2020

Parallax RAT

A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.

Being offered for as low as $65 a month, attackers have started to heavily use this malware to gain access to a victim’s computer to steal their saved login credentials and files or to execute commands on the computer.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Parallax RAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3764

Adobe has released an update for Adobe Media Encoder. This update resolves  a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.  

Source: Adobe

How do you protect yourself?

Updated Adobe Media Encoder to the latest version (14.0.2).

ObliqueRAT

Researchers have uncovered a new Remote Access Trojan (RAT) that appears to be the handiwork of a threat group specializing in attacks against government and diplomatic targets.

The latest campaign started in January 2020 and is ongoing. The cybercriminals behind the scheme use phishing emails as the primary attack vector, with malicious Microsoft Office documents attached to the fraudulent emails designed to deploy the RAT.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against ObliqueRAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – March 9, 2020

Threats of the Week – February 19, 2020

Emotet Trojan

A newly uncovered Emotet malware sample has the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device.

If the malware can spread to these nearby Wi-Fi networks, it then attempts to infect devices connected to them — a tactic that can rapidly escalate Emotet’s spread, said researchers

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Emotet trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3742

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Updated Adobe Acrobat and Reader to the latest version.

KBOT Virus

KBOT, a virus that spreads by injecting malicious code into Windows executable files, is the “first “living” virus in recent years that we have spotted in the wild.”

KBOT is able to spread through Internet-facing systems, local networks, and removable drives. Once a system is infected, the malware writes itself to Startup and the Task Scheduler, infecting all .exe files on logical drives and shared network folders in its path.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against KBOT virus and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – March 9, 2020

Threats of the Week – February 10, 2020

Metamorfo Trojan

A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details.

Like many other hacking campaigns, Metamorfo begins with phishing emails that in this case claim to contain information about an invoice and invite the user to download a .ZIP file. By downloading and running the file, the victim allows Metamorfo to execute and run on a Windows machine.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Metamorfo trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-0014

Android has released its monthly security bulletin that contains details of security vulnerabilities affecting Android devices.

The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Updated your Android to the latest version.

.SaveTheQueen Ransomware

Researchers have uncovered a new strand of ransomware that encrypts files and adds the extension ‘.SaveTheQueen’ to it.

The progress of the newly uncovered malware was found to be tracked using the system volume (SYSVOL) folder found on active directory (AD) domain controllers.

Source: InformationAge

How do you protect yourself?

Proper security measures must be in place to defend against .SaveTheQueen Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – March 9, 2020

Threats of the Week – February 3, 2020

CARROTBALL malware

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against CARROTBALL malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3715

Magento has released updates for Magento Commerce and Open Source editions. These updates resolve critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution.

Source: Adobe

How do you protect yourself?

Updated Magento Commerce and/or Open Source to the latest version.

Snake Ransomware

An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems.

The ransomware, like others of its kind, encrypts programs and documents on infected machines. But it also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Source: Bloomberg

How do you protect yourself?

Proper security measures must be in place to defend against Snake Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.