Emotet Trojan

 

 

The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim’s actual emails going back six months.

Previously, Emotet was only stealing email addresses from the victim, but this new version becomes a game changer by making it easy to perform data theft and corporate espionage. To make matters worse, this new capability can be deployed on any system that is already infected by the malware.

Security researchers at Kryptos Logic observed Emotet’s email harvesting module and noticed that it had become more advanced, with functions to also exfiltrate email subjects and bodies.

Attackers use malicious spam campaigns to distribute Emotet, but the new email-stealing plugin is not included in the initial payload. The main malware component on the compromised computer downloads the email module from Emotet’s C2 server and activates it locally.

Emails are then scanned and their content is saved to a temporary file. The operation is given 300 seconds to complete, then it is terminated and the module reads the entire temporary file, making sure it is at least 116 bytes before sending it to the C2 server.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Emotet trojan and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-4367

 

 

Apple tackled a bevy of vulnerabilities across all its platforms Tuesday, including one that allowed a remote attacker to initiate a FaceTime call by exploiting a bug in some model iPhones, iPads, and iPad Air devices. Most notable of the vulnerabilities fixed by Apple was the FaceTime vulnerability, CVE-2018-4367, found by Google Project Zero researcher Natalie Silvanovich. According to Apple, a memory corruption bug in affected devices allows a “remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.”

Source: ThreatPost

How do you protect yourself?

Security vulnerabilities are fixed in iOS 12.1.

 

SamSam Ransomware

 

 

SamSam ransomware is still plaguing organisations across the US, with fresh attacks against 67 new targets — including at least one involved with administering the upcoming midterm elections.

The malware is designed in such a way that it in addition to encrypting files and data across target networks, it also goes after backups as a means of ensuring that victims are truly left with no option than to give in and pay the ransom.

These tactics are working, as the group behind SamSam are thought to have made over $6m from ransom payments, often demanding over $50,000 in bitcoin for restoring systems.

Unlike other ransomware attacks which are often just spammed out to potential victims via phishing emails, SamSam attacks begin with remote desktop protocol (RDP) compromise via either brute force attacks on networks or by using stolen credentials purchased on underground forums.

The criminal operators meticulously prepare the attack so that it does maximum damage to the target organisation, only pulling the trigger on the infection once they’ve exploited vulnerabilities and stolen credentials to make their way across as much of the network as possible.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against SamSam Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware. Avoid clicking unknown links and downloading suspicious attachments.