hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts
News for discussion
New ransomware attacker OldGremlin
A new cybercriminal group OldGremlin targets Russian businesses with malware and ransomware. Attackers use custom backdoors (TinyPosh and TinyNode) and ransomware (TinyCrypt, also known as decr1pt) along with third-party software. They also employ social engineering and impersonate famous people in phishing emails. Once they have established themselves in the victim’s network through a backdoor, they deploy ransomware. After the network is encrypted, the OldGremlin team typically asks for around $50,000 in ransom. OldGremlin attacks began in March 2020 and have affected medical laboratories, banks, manufacturers, software developers.
Cryptographers are still one of the most popular and lucrative ways for criminals to make money. It is worth noting that over time, attackers try to monetize not only the “decryption” service but also after compromising the network, the victims steal business data in order to later ask for a ransom. Unfortunately, there is still no silver bullet from this kind of attack, because the attackers use both social engineering / phishing and information security flaws within the victim's network. Only long and tedious information security processes will help. And they are also expensive. Well, what another way out? Maybe only pay the attackers, but this, as practice shows, is also not cheap.
Critical vulnerability in Instagram is fixed
Vulnerability CVE-2020-1895 has a CVSS rating of 7.8 and could allow remote code execution and capturing camera and microphone data. To exploit it, an attacker simply had to send the victim a specially created image via email, WhatsApp, SMS, or any other platform. To launch the malicious code, the victim had to save this image on the device and then open Instagram. The error occurs in the way Instagram works with third-party libraries used for image processing. The exploitation of the vulnerability gives access to the victim's device contacts, location / GPS data, camera, and locally stored files. Facebook has fixed the bug and claimed there were no signs of abuse.
New Alien malware targets banking applications
The new Alien malware is based on the source codes of a well-known banking trojan Cerberus and is offered on hacker forums as a MaaS (Malware-as-a-Service). Alien is technically more advanced than Cerberus and has powerful remote access functionality. After infecting the device, the malware aims to steal passwords from at least 226 mobile apps, including banking apps and various collaboration and social networking apps, such as Snapchat, Telegram, and Microsoft Outlook. It is not clear how Alien is originally distributed, but since it’s rented out, many different tactics could be used.
$150 million stolen in KuCoin hack
Hackers stole $150 million from KuCoin's hot wallets. Hot wallets are connected to the Internet, so they are more susceptible to cyber attacks. They are used as temporary storage for assets that are being traded on the exchange. The incident was discovered on September 26, and the exchange immediately launched an investigation.