As many people across the world are working from home these days to keep their office operations going, hackers are seeing these devices as vulnerable points to infiltrate corporate networks. So, here are some strategies that can make your work from home experience spectacularly cyber secure.
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices.
According to research published by Trend Micro and Kaspersky, the “Operation Poisoned News” attack leverages a remote iOS exploit chain to deploy a feature-rich implant called ‘LightSpy’ through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.
Watering-hole attacks typically let a bad actor compromise a specific group of end-users by infecting websites that they are known to visit, with an intention to gain access to the victim’s device and load it with malware.
Most North Koreans don’t spend much of their lives in front of a computer. But some of the lucky few who do, it seems, have been hit with a remarkable arsenal of hacking techniques over the last year—a sophisticated spying spree that some researchers suspect South Korea may have pulled off.
Cybersecurity researchers at Google’s Threat Analysis Group today revealed that an unnamed group of hackers used no fewer than five zero-day vulnerabilities, secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019. The hacking operations exploited flaws in Internet Explorer, Chrome, and Windows with phishing emails that carried malicious attachments or links to malicious sites, as well as so-called watering hole attacks that planted malware on victims’ machines when they visited certain websites that had been hacked to infect visitors via their browsers.
Google declined to comment on who might be responsible for the attacks, but Russian security firm Kaspersky tells WIRED it has linked Google’s findings with DarkHotel, a group that has targeted North Koreans in the past and is suspected of working on behalf of the South Korean government.
It’s really impressive. It shows a level of operational polish.
Dave Aitel, Infiltrate
South Koreans spying on a northern adversary that frequently threatens to launch missiles across the border is not unexpected. But the country’s ability to use five zero days in a single spy campaign within a year represents a surprising level of sophistication and resources. “Finding this many zero-day exploits from the same actor in a relatively short time frame is rare,” writes Google TAG researcher Toni Gidwani in the company’s blog post. “The majority of targets we observed were from North Korea or individuals who worked on North Korea-related issues,” In a followup email, Google clarified that a subset of the victims were not merely from North Korea, but in the country, suggesting that these targets weren’t North Korean defectors, whom the North Korean regime frequently targets.
Within hours of Google linking the zero-day vulnerabilities to attacks targeting North Koreans, Kaspersky was able to match two of the vulnerabilities—one in Windows, one in Internet Explorer—with those it has specifically tied to DarkHotel. The security firm had previously seen those bugs exploited to plant known DarkHotel malware on their customers’ computers. (Those DarkHotel-linked attacks occurred before Microsoft patched its flaws, Raiu says, suggesting that DarkHotel wasn’t merely reusing another group’s vulnerabilities.) Since Google attributed all five zero-days to a single hacker group, “it’s quite likely that all of them are related to DarkHotel,” Raiu says.
Raiu points out that DarkHotel has a long history of hacking North Korean and Chinese victims, with a focus on espionage. “They’re interested in getting information such as documents, emails, pretty much any bit of data they can from these targets,” he says. Raiu declined to speculate on what country’s government might be behind the group. But DarkHotel is widely suspected of working on behalf of the South Korean government, and the Council on Foreign Relations names DarkHotel’s suspected state sponsor as the Republic of Korea.
France based Essilor Group which is into the manufacturing of optical solutions and eye gear has made it official that it became a victim of a cyber attack on March 21st,2020. And highly placed sources say that the attack could be a ransomware variant as it has locked down several servers from access.
However, no official from Essilor has confirmed the news that it was a file-encrypting malware attack. But a source based on the condition of anonymity confirmed that it was a malware attack that was identified in time and contained.
The French Ophthalmic company said that it has immediately replaced new software and hardware firewalls in its server environment to prevent such incidents shortly.
Proving that no good crisis ever goes to waste, Chinese government hacking crew APT41 launched a campaign that abuses vulns in Citrix Netscaler and Zoho ManageEngine, according to threat intel outfit FireEye.
As well as targeting load balancers and network management suites, the Chinese interference operatives spent three months, at the height of Wuhan’s COVID-19 coronavirus outbreak, exploiting weaknesses in Cisco routers.
“This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” intoned FireEye in a statement.
Their targets were indiscriminate, ranging from governments, banking and finance, oil and gas, pharmaceutical, tech, defence and more.
Finally, some evidence is out that the hacking group behind the WHO Cyber Attack could be ‘Elite Hackers’ aka Dark Hotel. According to an article published in Reuters, the said group was behind the domain name registration of a fake site that impersonated the internal email system used by WHO and tried to lure the WHO employees in submitting their online credentials on March 13th this year.
Taking a tip-off from a Blackstone Law Group Cybersecurity expert named Alexander Urbelis, a reporter from Reuter is said to have published the article after verifying some facts thoroughly.
A team of security experts from Kaspersky have confirmed the news and said that the effort was to block the digital access of ‘WHO’ in the wake of Covid 19 pandemic- only to deepen the crisis response by blocking help.
Microsoft has issued an official warning that the recently discovered font vulnerability has no fix as of now and users need to wait till April 14th, 2020 i.e. the next patch Tuesday.
Going by the details, a group of security researchers has found that hackers are exploiting a vulnerability in Windows handling and rendering fonts. They confirm that the flaw might help them deliver malicious documents- spreading malware such as ransomware.
Currently, it’s still unclear how many systems are impacted by this flaw. But the OS offering giant has clarified that the susceptibility will hit Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2019, Win Server 2016 and 2012 R2 and 2008 along with Windows 7.
A security advisory posted on the website of the technology giant says that the vulnerability is similar to that of an unpatched version of Adobe Type Manager Library which is used to handle a specially crafted multi-master font.
Microsoft says that hackers can target a PC by asking the user to open a specially crafted document or view it in a Windows preview pane.
For those using the Win 7 operating system, the flaw is reported to be extremely ‘critical’ as the support for the operating system has been withdrawn from Jan 2020.
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic.
Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index.
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.
Dubbed “Tekya,” the malware in the apps imitated users’ actions to click ads from advertising networks such as Google’s AdMob, AppLovin’, Facebook, and Unity, cybersecurity firm Check Point Research noted in a report shared with The Hacker News.
“Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on),” the researchers said.