WME Security Briefing 11 April 2024

WME Cybersecurity Briefings No. 004

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data

Overview

The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on users in Mexico through phishing emails. Its aim has been to steal banking details and personal information.

Impact

Mispadu has improved its ability to evade detection and successfully harvest sensitive data. This presents huge risks to both individuals and fintech organizations.

Recommendation

Both Individuals and organizations should keep their software up to date. Employ comprehensive anti-malware solutions and educate yourself on identifying phishing attempts. Also, Fintech organizations should bolster their fraud detection mechanisms to mitigate unauthorized transactions promptly.


Chinese Hackers Deploy Stealthy Malware, UNAPIMON

Overview

UNAPIMON is a cunning malware that operates under the radar. It leverages a simple C++ codebase and employs techniques specially designed to evade detection. It utilizes DLL hijacking, tricking legitimate applications into loading the malware’s code instead of their intended libraries. This allows the malware to operate within a trusted process, making it less conspicuous to security measures. The malware is linked to a threat actor group, Earth Freybug.

Impact & Concerns

Their financially motivated attacks target various sectors and countries. A technique they use, API unhooking, has enabled them to disable specific API functions that monitor system activity, allowing them to bypass detection.

The specific functionalities of UNAPIMON are still under investigation. However, its association with Earth Freybug raises concerns. Given Earth Freybug’s history, UNAPIMON could be used to gather sensitive data from targeted organizations.

Recommendations

  • Ensure your OS and Apps are patched.
  • Utilize a robust security solution to prevent various threats.
  • Be wary of phishing attempts. Remain cautious of unsolicited emails, especially those with attachments.

Google Set to Erase Billions of Browsing Records in Privacy Lawsuit Settlement

Overview

Google agrees to delete billions of browsing data records collected from users in “incognito” browsing mode. This settlement comes after a class-action lawsuit filed in 2020. The allegation says Google misled users by continuing to track their browsing activity even when they opted to keep it private.

Privacy Concerns Fueled the Lawsuit:

The lawsuit centered around the idea that users who activate “incognito mode” expect a certain level of privacy. They believe their browsing history wouldn’t be collected by Google. However, the lawsuit claimed Google continued to gather data.

Impact

This settlement has significant implications for user privacy online. It sets a precedent for holding tech giants accountable for their data collection practices. Billions of event-level data records will be purged, which is good news for users’ private browsing activities. The exact details of what data will be deleted are still being finalized and await court approval.

Looking Ahead

It’s important to note that incognito mode isn’t a foolproof shield for online anonymity. It primarily prevents your browsing history from being saved locally on your device. This settlement, however, sheds light on the ongoing conversation about the importance of clear communication.


Phishing Frenzy: Malicious Campaign Targets Latin America

Overview

A large-scale phishing campaign emerges, targeting various sectors across Latin America to deploy a nasty piece of malware, Venom RAT (Remote Access Trojan). The malicious operation is being attributed to the cyber threat actor TA558.

Widespread Targeting

The attackers aren’t picky. Their sights are set on various industries in the Latin region, including:

  • Hospitality
  • Fintech Services
  • Manufacturing & Industries
  • Agencies

Impact of the Targeting

The ultimate goal of this phishing campaign is to deliver Venom RAT. Once installed on a victim’s machine, attackers can access systems remotely. Ultimately, they can steal sensitive info, spy on users, and potentially disrupt critical systems.

TA558: A History of Malicious Activity

TA558 isn’t a newcomer to the cybercrime scene. They’ve been active since at least 2018, with a history of targeting Latin American entities. They’ve been known to deploy various malware strains i.e. Loda RAT, Vjw0rm, Revenge RAT, etc.

How to Stay Safe from Phishing Attacks?

  • Be Wary of Unsolicited Emails
  • Verify Sender Info
  • Don’t Rush, Double-Check
  • Maintain Security Software
  • Stay Informed

US Charges and Sanctions Chinese Hacking Group APT31

The US Department of Justice (DOJ) unsealed an indictment against seven individuals believed to be affiliated with the Chinese state-sponsored hacking group APT31 (AKA Zirconium). The individuals were charged with computer intrusions and wire fraud related to a cyberespionage campaign targeting US entities and perceived critics of China.

Accusations of Widespread Espionage

The indictment accuses APT31 of conducting a long-term cyberespionage campaign spanning over a decade. It alleges the group engaged in the following activities:

  • Hacking emails belonging to US businesses and individuals critical of China.
  • Exploiting software vulnerabilities and trade espionage.

Impact: Sanctions Imposed

The Treasury Department imposed sanctions against the individuals and the alleged front company. The sanctions aim to restrict the financial resources available to the group and disrupt their operations.

China’s Response

They have consistently denied allegations of state-sponsored cyberattacks. In response to the US actions against APT31, China has accused the US of spreading misinformation.

Impact

The US sanctions against APT31 highlight the growing tensions over cyberespionage between the US and China. They also highlight the importance of cybersecurity measures for private businesses and individuals.


Ransomware Attack Triggers State of Emergency in Missouri County

Target: Jackson County, Missouri

Overview

The county experienced a ransomware attack on the day of a special election, disrupting multiple county IT systems.

Impact:

  • Unexplained IT outages initially alerted officials to a potential issue.
  • The specific functionalities that ransomware affected have not been explicitly disclosed.
  • However, the disruption likely impacted various county services that rely on IT systems.

Response

  • Jackson County Executive Frank White Jr. declared a state of emergency “as a proactive measure” to facilitate a faster response and resource allocation.
  • County officials brought in third-party cybersecurity experts and law enforcement to investigate the incident.

Recovery

Officials expressed confidence in a swift recovery due to “investments made in our cybersecurity infrastructure.”

Impact

Investigators haven’t found any evidence of stolen data so far. This is likely because the county reportedly keeps its financial data on a separate system managed by a third party.
However, the incident highlights the importance of cybersecurity preparedness for local governments.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=