US warns of COVID-themed phishing, fraud schemes, Emotet campaign returns after 7-week hiatus, and more

Originally published at:

Round Up of Major Breaches and Scams

U.S. Government Warns of Phishing, Fraud Schemes Using COVID-19 Vaccine Lures

Several U.S. government organizations have issued warnings regarding various types of fraud and phishing schemes that use COVID-19 vaccine-related topics to lure potential victims. While these types of operations typically impact non-enterprise users, some people could open the malicious websites or emails associated with these schemes from work devices, which could pose a risk to enterprises as well.

Card-Not-Present: Security Considerations for Point of Sale Businesses

As the retail world’s center of gravity shifts to the cloud, payment card fraud has followed suit. According to Verizon’s retail vulnerabilities study, attacks against e-commerce applications are by far the leading cause of retail data breaches. This trend mirrors similar outcomes in other industries, like food service. A complimentary Verizon study finds remote attacks against food service operators on the rise, as well.

US agencies conclude Iran is likely behind website aimed at stoking violence against election officials

The FBI and the Department of Homeland Security have concluded that Iran is very likely behind a website apparently aimed at inciting violence against election officials as well as the FBI director, according to two people with direct knowledge of the matter. The website, titled Enemies of the People, posted photos and purported addresses of state election officials and employees of a voting equipment vendor, as well as information on FBI Director Christopher Wray and Chris Krebs, the former head of DHS’s Cybersecurity and Infrastructure Security Agency.

Biden blasts Trump administration over SolarWinds attack response

U.S. President-Elect Joe Biden has criticized the Trump administration over the lack of response regarding the SolarWinds response and for failing to officially attribute the attacks. The SolarWinds hack is “a massive cybersecurity breach against US companies, many of them, as well as federal agencies” according to Biden. “And there’s still so much we don’t know including the full scope of the breach or the extent of the damage it has caused. But we know this much: this attack constitutes a grave risk to our national security.”

UK cryptocurrency exchange EXMO suffers breach, funds stolen

EXMO says that it is the latest in a longer line of cryptocurrency exchanges to have suffered at the hands of hackers, having spotted suspicious activity in the early hours of yesterday morning, where client’s accounts were accessed and large amounts withdrawn. In an announcement posted on its website, the British cryptocurrency exchange did not say how much digital currency had been stolen, but said that hot wallets contain Bitcoin, Ripple, Zcash, Tether, Ethereum Class, and Ethereum had been impacted.

Round Up of Major Malware and Ransomware Incidents

Update: Ransomware downed UVM Medical Center systems, but no payment made

University of Vermont Medical Center’s IT chief revealed Tuesday that it was a ransomware attack that downed the hospital’s online systems in October. Jickling’s article provides a helpful update from what happened to how things are going with restoration. The hit was obviously a serious one, as information on 1,300 servers was encrypted, and the attack downed the phone system, cut off access to staff emails and medical records, and slowed the hospital’s ability to provide radiation treatment and run scans.

Emotet Campaign Restarts After Seven-Week Hiatus

Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan. In October, three surges of spam laden with the Emotet downloader worked to spread the malware to vulnerable users’ systems, starting a sequence that often results in a Ryuk ransomware infection or attempts to steal bank account credentials via the Trickbot banking Trojan.

New marketing campaign against UK subway by using TrickBot malware

Experts suggested the users to search current version of TrickBot in their systems by opening Task Manager process named ‘Windows Problem Reporting. Threat actor successfully accessed subway UK customers’ confidential information such as names and email addresses by hacking a subcard server. This campaign has come to light when BleepingComputer observed a massive phishing campaign targeting U.K. citizens, pretending to be order confirmation from subway UK.

Law Enforcement Disrupts VPN Services Enabling Cybercrime

The United States and international partners shut down three bulletproof hosting services used to facilitate criminal activity. Global law enforcement agencies have shut down three virtual private network (VPN) services built to help criminals launch ransomware campaigns, phishing attacks, and other illicit activity. “Operation Nova” was led by the German Reutlingen Police Headquarters, Europol, the FBI, and other agencies around the world. Together, they conducted a coordinated takedown of servers in at least five different countries in addition to seizing domains providing “bulletproof hosting.”

Round Up of Major Vulnerabilities and Patches

Researchers shared the lists of victims of SolarWinds hack

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that contains major companies, including Cisco, Deloitte, Intel, Mediatek, and Nvidia.

1 Like