Detail of a calendar page with dates

A week in security (Apr 03 – Apr 09)

Last week, we gave an overview of what might happen once the bill the US Congress passed in late March takes effect; familiarized readers with the “3-2-1 rule”, which is very helpful in protecting valuable data against ransomware, and pushed out a follow up post on Diamond Fox, a bot used by the Nebula exploit kit. In case you want a refresher of part 1, click here.

Lead analyst Jérôme Segura documented a malvertising campaign affecting users of iOS, a notable deviation of potential targets. Users were enticed to download a ‘free’ VPN app called My Mobile Secure via rogue ads on Torrent sites.

Finally, our experts dished out a list of the five dumbest cyber threats that (unfortunately) work.

Below are notable news stories and security-related happenings:

  • Facebook Turns To Image Recognition to Thwart Revenge Porn. “Revenge porn is the province of the jilted and the jealous, the malicious and the envious. Typically it happens when two people in a relationship share intimate or sexual pictures or videos via text or email; post-break-up, or in the hands of ‘frenemies,’ this content may be posted publicly as payback for heartbreak or other perceived transgressions. It can be enormously damaging for victims, especially younger teen girls.” (Source: InfoSecurity Magazine)
  • IoT Malware Starts Showing Destructive Behavior. “Hackers have started adding data-wiping routines to malware that’s designed to infect internet-of-things and other embedded devices. Two attacks observed recently displayed this behavior but likely for different purposes.” (Source: CSO)
  • New Malware Deliberately Destroys Unsecured IoT Devices. “Cybersecurity experts are warning of a new type of malware strain that uses known default user credentials to attack unsecured Internet of Things (IoT) devices and destroy them, reports Bleeping Computer. Discovered by cybersecurity firm Radware, BrickerBot has two versions – BrickerBot.1 and BrickerBot.2 – and was found to be active since March 20, targeting only Linux BusyBox-based devices with Telnet ports left open.” (Source: Dark Reading)
  • 20,000-bots-strong Sathurbot Botnet Grows By Compromising WordPress Sites. “A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.” (Source: Help Net Security)
  • “iCloud Mail” Phishing Emails Doing Rounds. “The latest email phishing campaign targeting Apple users is aimed at gathering as much information as possible from unfortunate victims. The email, made to look like it comes from Apple, bids targets welcome to iCloud Mail, but warns that the company has been unable to confirm their account information, and that their account has, therefore, been suspended.” (Source: Help Net Security)
  • Matrix Ransomware Spreads To Other PCs Using Malicious Shortcuts. “Brad Duncan, a Threat Intelligence Analyst for Palo Alto Networks Unit 42, has recently started seeing the EITest campaign use the RIG exploit kit to distribute the Matrix ransomware. While Matrix has been out for quite some time, it was never a major player in terms of wide spread distribution.” (Source: Bleeping Computer)
  • Hackers Empty ATMs By Drilling One Small Hole. “Hackers are using a combination of low and high-tech attacks to make ATMs spit out cash, according to Kaspersky researcher Igor Soumenkov, who presented this novel attack at this year’s Security Analyst Summit, taking place in St. Maarten this week.” (Source: Bleeping Computer)
  • Hackers Steal $30M from IRS Via Student Loan Tool. “Hackers managed to breach the IRS’s Data Retrieval Tool, which is used by parents to transfer financial information for their kids using the Free Application for Federal Student Aid. The system has been shut down until the IRS can figure out which of the requests were made by legitimate students, and which were made by criminals.” (Source: Softpedia)
  • Update Your iPhone To Avoid Being Hacked Over Wi-Fi. “It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched. As we mentioned last week, the recent iOS 10.3 and Mac OS 10.12.4 updates included numerous fixes dealing with ‘arbitrary code execution with kernel privileges’.” (Source: Sophos’ Naked Security Blog)
  • Wonga Data Breach Puts Up To 245,000 UK Current And Former Customers At Risk. “If you are one of those affected, my advice is to be very wary of unsolicited phone calls and emails that might be from scammers attempting to exploit the information. You would also be wise to keep a close eye on your finances for any unexpected transactions.” (Source: Graham Cluley’s Blog)

Safe surfing, everyone!

The Malwarebytes Labs Team