Detail of a calendar page with dates

A week in security (August 28 – September 3)

Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant (as of this writing) has anti-sandboxing capabilities. This means that once Locky has determined that it’s residing in a virtual machine, it will not perform to its full functionality.

Our researchers also talked about a new 419 spam, malware vaccination tricks, malvertising, and insider threats.

Lastly, Senior Security Researcher Jérôme Segura uncovered a new RIG exploit kit campaign that drops the PrincessLocker ransomware via drive-by download.


Below are notable news stories and security-related happenings from last week:

Latest updates for Consumers

  • Scammers Already Taking Advantage Of Hurricane Harvey, Registering Domains. “The Better Business Bureau said it has already seen sketchy crowdfunding efforts and expects the coming months to see the usual flood of ‘storm chasers’ — ranging from legitimate contractors looking for business to scammers attempting to take advantage of those who’ve already been victimized by the storm. In addition, US-CERT is warning users “to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey.” (Source: Cyber in Sight)
  • IRS Warns of Emails Spreading Ransomware. “The Internal Revenue Service (IRS) is warning US citizens of a new phishing scheme that poses as official IRS communications in the hopes that victims access a link, download a file, and hopefully get infected with ransomware.” (Source: Bleeping Computer)
  • USB Malware Implicated in Fileless Attacks. “In early August we discussed a case where a backdoor was being installed filelessly onto a target system using a script that abused various legitimate functions. At the time, we did not know how the threat arrived onto the target machine. We speculated that it was either downloaded by users or dropped by other malware. We recently learned the exact arrival method of this backdoor. As it turned out, we were wrong: it was neither dropped nor downloaded. Instead, it arrived via USB flash disks.” (Source: Trend Micro’s TrendLabs Security Intelligence Blog)
  • FDA Approves Firmware Fix for St Jude Pacemakers. “Abbott-owned St Jude Medical was at the center of a legal storm last year after suing security firm MedSec and short seller Muddy Waters for publishing what it claimed to be false info about bugs in its equipment. It argued this strategy helped them make money off the stock market when shares in St Jude inevitably fell on the news. However, since then the firm has been forced to address some of the issues highlighted by MedSec by releasing security fixes for some products, as it did in January.” (Source: InfoSecurity Magazine)
  • Attackers Exploited Instagram API Bug To Access Users’ Contact Info. “Instagram has confirmed that ‘one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information — specifically email address and phone number — by exploiting a bug in an Instagram API.’ Apparently, no account passwords were exposed.” (Source: Help Net Security)
  • Phishing Emails Undetected by 97 Percent of People. “Today, phishing emails are behind 97 percent of cyber attacks, yet recent research reveals 97 percent of people cannot identify those phishing scams, putting the companies they work for at risk. In fact, out of 5,000 emails, one of them is likely to be a phishing email that causes damage. Victims may not know they’ve become one for up to a year.” (Source: Inside Counsel)
  • New Authentication Methods Help Companies To Ditch Passwords. “Most people now recognize that passwords alone are flawed as a means of securing systems. The problem is that there are lots of options when it comes to finding a better way of doing things. Access control specialist SecureAuth is helping the move towards a passwordless world with the introduction of additional multi-factor authentication (MFA) methods, including Link-to-Accept via SMS or email, and YubiKey, the FIDO Universal Second-Factor (U2F) security key by Yubico.” (Source: Beta News)

Latest updates for Businesses

  • Strains Of Mutant Malware Increasingly Evading Anti-Virus To Rob Bank Accounts, Says Akouto. “An analysis of recent attacks finds a sharp increase in the use of new strains of malware capable of bypassing traditional anti-virus according to cybersecurity experts from Akouto. The majority of the analyzed attacks aimed to harvest confidential information and steal money through online banking fraud.” (Source: Payment Week)
  • Ransomware is Going More Corporate, Less Consumer. “Ransomware deployed as worms tends to hit companies far harder than consumers, given that malicious malware can shoot through corporate networks with great speed. Consumers, on the other hand, are usually not connected to a network. As a result, WannaCry and Petya helped push corporations to account for 42% of all ransomware incidents in the first half of the year, compared to 30% of ransomware incidents for all of last year and 29% in 2015, according to the report.” (Source: Dark Reading)
  • SMBs Beware! This Is How Automated Software Updates Spread Malware. “You’re surfing the web, and suddenly a pop-up appears asking you to update a piece of software on your computer. Today, we should all be canny enough to hesitate before clicking ‘install’. We know that there is a good chance that this is malware and that what we will be downloading could put the future of our business at risk. However, what happens when we’re not given a choice? Can we always trust the seemingly routine automatic updates our computers receive, even when their certificate seems to be OK? The answer is no.” (Source: Computing.Co.UK)
  • Hacking Retail Gift Cards Remains Scarily Easy. “After years of examining the retail gift card industry following that initial discovery, Caput plans to present his findings at the Toorcon hacker conference this weekend. They include all-too-simple tricks that hackers can use to determine gift card numbers and drain money from them, even before the legitimate holder of the card ever has a chance to use them. While some of those methods have been semi-public for years, and some retailers have fixed their security flaws, a disturbing fraction of targets remain wide open to gift card hacking schemes, Caput says. And as analysis of the recently defunct dark web marketplace AlphaBay shows, actual criminals have made prolific use of those schemes too.” (Source: Wired)
  • Payment security: What are the biggest challenges? “With cybercrime on the increase, payment card security is increasingly a focus for companies and consumers alike. The Payment Card Industry Data Security Standard (PCI DSS) is there to help businesses that take card payments protect their payment systems from breaches and theft of cardholder data. The findings from the Verizon 2017 Payment Security Report (2017 PSR) demonstrate a link between organizations being compliant with the standard, and their ability to defend themselves against cyberattacks.” (Source: Help Net Security)

Safe surfing, everyone!


The Malwarebytes Labs Team