Detail of a calendar page with dates

A week in security (July 03 – July 09)

Last week, we released our second quarter Cybercrime Tactics & Techniques report, where we revealed that ransomware outbreaks were dominant during this quarter. You can read the full report on the post below:


Our researchers continue to share our findings on EternalPetya, the malware that made headlines across the globe due to its similarities with WanaCryp0r (a.k.a. WannaCry). In case you don’t want to read all our blog posts, we made a summary post of what we know so far about EternalBlue and the attack.

Meanwhile, Senior Security Researcher Jérôme Segura revealed that threat actors behind malvertising campaigns may be using such outbreaks as a diversion from their schemes. At least that was what the group called AdGholas was doing. Segura saw a new wave of drive-by download attacks pushing the Astrum exploit kit.

Below are notable news stories and security-related happenings from last week:

Latest updates for Consumers

  • Hackers Find ‘Ideal Testing Ground’ For Attacks: Developing Countries. “Security researchers are increasingly looking in countries outside the West to discover the newest, most creative and potentially most dangerous types of cyberattacks being deployed. As developing economies rush to go online, they provide a fertile testing ground for hackers trying their skills in an environment where they can evade detection before deploying them against a company or state that has more advanced defenses.” (Source: The New York Times)
  • Senators Introduce ‘Cyber Hygiene’ Bill. “The Promoting Good Cyber Hygiene Act, introduced by Hatch and Sen. Ed Markey (D-Mass.), would direct the National Institute of Standards and Technology to establish a set of baseline voluntary best practices for safeguarding against cyber intrusions that would be updated annually.” (Source: The Hill)
  • Windows 10 Will Use Protected Folders To Thwart Crypto Ransomware. “Windows 10 Fall Creators Update (the next major update of Microsoft’s popular OS) is scheduled to be released in September, and will come with major new end-to-end security features. As announced last week, the Enhanced Mitigation Experience Toolkit (EMET) is making a partial comeback, along with new vulnerability mitigations, in a new feature called Windows Defender Exploit Guard.” (Source: Help Net Security)
  • SLocker Mobile Ransomware Starts Mimicking WannaCry. “The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom. After laying low for a few years, it had a sudden resurgence last May.” (Source: Trend Micro’s TrendLabs Security Intelligence Blog)
  • Now Criminals Are Ringing Up British MPs To Ask Them Their Passwords. “Hot on the heels of reports that the passwords of British politicians and their staff are being sold on the web by criminals, and an attack on the Houses of Parliament’s email system, it has now been revealed that some MPs have been receiving some rather phishy phone calls.” (Source: Graham Cluley’s Blog)
  • ‘Smishing’ Scams Target Your Text Messages. Here’s How To Avoid Them. “While the name of this growing threat might sound funny, being a victim of it is no joke. Similar to a “phishing” scam — where computer users receive an authentic-looking email that appears to be from their bank, Internet Service Provider (ISP), favorite store, or other organization – ‘smishing’ messages are sent to you via SMS (text message) on your mobile phone.” (Source: USA Today)
  • 65% Of Major US Banks Have Failed Web Security Testing. “Websites run by some of the largest banks in the US have scored the poorest in a new security and privacy analysis audit. The non-profit Online Trust Alliance (OTA) Alliance anonymously audited more than 1,000 websites, ranking their security and privacy practices. None of the sites investigated knew about the test.” (Source: IBS Intelligence)
  • Horcrux Is a Password Manager Designed for Security and Paranoid Users. “Two researchers from the University of Virginia have developed a new password manager prototype that works quite differently from existing password manager clients. The research team describes their password manager — which they named Horcrux — as “a password manager for paranoids,” due to its security and privacy-focused features and a unique design used for handling user passwords, both while in transit and at rest.” (Source: Bleeping Computer)
  • Why Kodi Boxes Can Pose A Serious Malware Threat. “When new streaming devices, such as the Amazon Firestick and Apple TV, were first introduced, many were intrigued by the ease by which they could watch ‘over the top’ content from the Internet, such as Netflix or Hulu, on their living room televisions.” (Source: Help Net Security)
  • As World’s Largest Dark Web Market Vanishes, Dodgy Links Promise A Way Back In. “On Wednesday, AlphaBay, the largest market on the dark web disappeared. Since AlphaBay is wholly inaccessible, customers and vendors are locked out of their accounts, and, perhaps more importantly, cut off from any bitcoins they stored on the site. In order to purchase items on AlphaBay, users need to send bitcoins to the site’s own wallets.” (Source: Motherboard)


Latest updates for Businesses

  • U.S. Warns Businesses Of Hacking Campaign Against Nuclear, Energy Firms. “Since at least May, hackers used tainted ‘phishing’ emails to ‘harvest credentials’ so they could gain access to networks of their targets, according to a joint report from the U.S. Department of Homeland Security and Federal Bureau of Investigation.” (Source: Reuters)
  • Basic Cybersecurity Hygiene Tips Are Ransomware Vaccine. “Some companies that were hit told their employees to not use internal information technology systems and shut down email. Although that may be one way to halt the cyberattack’s spread, companies can take other steps to maintain business continuity and help lessen the impact of any future attack, the pros said.” (Source: Bloomberg BNA)
  • Six Things to Do to Secure Your Linux System. “I bring this up only to illustrate that the next malware round can strike at anytime and on any platform. In fact, on Tuesday, at the same time Petya was wrecking havoc on Windows, a patch was made available for a vulnerability in systemd, the default init system in most modern Linux distributions, that could be leveraged by remote attackers to run malicious code by using a specially crafted DNS response.” (Source: Windows IT Pro)
  • Small Businesses ‘Dying’ Because Of Cyber Threat. “The managing director of a major cyber security player has warned small businesses to take the cyber threat more seriously. Paul Harris, managing director of Manchester-based Secarma, says that half of all cyber-attacks are upon small firms which could be destroyed overnight.” (Source: Business Cloud)
  • IoT Fuels Growth Of Linux Malware. “Malware targeting Linux systems is growing, largely due to a proliferation of devices created to connect to the Internet of Things. That is one of the findings in a report WatchGuard Technologies, a maker of network security appliances, released last week.” (Source: Linux Insider)
  • At $30,000 For A Flaw, Bug Bounties Are Big And Getting Bigger. “Hackers are being paid as much as $30,000 for finding a single critical flaw in a company’s systems, and the amount companies are willing to pay is increasing. While the use of such bug hunting programmes is still limited, some large organisations are offering hackers rewards for spotting flaws in their systems.” (Source: ZDNet)
  • Don’t Fear GDPR – It’s The Key To Create A Culture Of Secure IT. “Many organisations are looking to bring their cyber procedures and capabilities up to scratch ahead of its becoming enforceable, May 2018. But, with an evolving IT threat landscape, new technologies introducing new risk, and a cyber-skills deficit, it’s important that CIOs and IT directors not only focus on this critical deadline but also look beyond it.” (Source: SC Magazine UK)


Safe surfing, everyone!

The Malwarebytes Labs Team