Detail of a calendar page with dates

A week in security (September 25 – October 01)

Recently, we talked about the hacking incident at Deloitte, one of the ‘big four’ global accounting firms. It was reported that client email addresses, usernames, and passwords were exposed. This also brought to light weaknesses in their policies and lack of threat intelligence to recover leaked data. We advised Deloitte clients the following: do an inventory of email addresses used to correspond with the company, review network outbound traffic, determine what possible information might have leaked from the hack, and (more importantly) maintain security best practices to avoid repeating hacks like this from happening.

Patrick Wardle, an acclaimed security researcher, found a keychain vulnerability flaw in High Sierra, Apple’s new macOS operating system. This revelation, unfortunately, spurned a lot of articles that one may deem bordering FUD (fear, uncertainty, doubt). So our resident Mac expert, Thomas Reed, set some records straight.

Senior Malware Analyst Nathan Collier likened BlueBorne, the new attack vector using Bluetooth technology, to influenza. First discovered by Armis Labs, BlueBorne can potentially affect billions of devices across multiple platforms. In the piece, Collier stressed the importance of Bluetooth security and agreed with Armis’s prediction that Bluetooth vulnerabilities would continue to be seen in the future.

Lastly, Lead Malware Intelligence Analyst Jérôme Segura discussed some discoveries last week about cryptocoin mining, malvertising, tech support scam, and targeted attacks.

Segura revealed a questionable trend on the rise where website publishers would mine for cryptocurrencies from user machines while on their sites. He also pictured a scenario where mining is also tied with malvertising.

Scammers abused Taboola, a global discovery platform, to redirect users from a promoted story to a tech support scam page.

Segura, together with David Sánchez, wrote about an espionage attack against the Saudi Arabia government in an effort let readers understand how the malware entered their target systems and kept in touch with its C&C.

Below are notable news stories and security-related happenings from last week:

Latest updates for Consumers

  • Responsible Vulnerability Disclosure Is Becoming An International Norm. “More and more countries are joining the United States in adopting a policy of weighing the pros and cons of responsible vulnerability disclosure, as the public calls for more clarity regarding intelligence agencies and their supposed hoarding of previously undiscovered software flaws” (Source: Cyberscoop)
  • Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities. “Researchers from IOActive today published a report describing the scope of the security issues. More concerning, however, is the lack of response from the respective financial firms. Of the 21 apps in question, researcher Alejandro Hernandez said he sent detailed private disclosures to 13 brokerage firms and only two had acknowledged the reports as of Monday.” (Source: Threatpost)
  • XPCTRA Malware Steals Banking And Digital Wallet User’s Credentials. “The malspams used in the campaign try to induce the victim to open a supposed bank bill link. It actually leads to the download of the XPCTRA dropper, that is, the part of the malware responsible for environment recognition and downloading new components. Once executed, it initiates a connection with an Internet address to download other malware parts responsible for later malicious actions.” (Source: SANS Internet Storm Center)
  • Android Unlock Patterns Are A Boon For Shoulder Surfing Attackers. “The ‘swiping’ unlock patterns typical for Android devices are considerably easier for attackers to discern than PIN combinations. In fact, after only one observation of a user entering the pattern, 64% of shoulder surfing attackers will be able to reproduce it, a group of researchers from the US Naval Academy and the University of Maryland Baltimore County has found.” (Source: Help Net Security)
  • Police: Buying Fake Goods Online Can Lead to ID Theft. “The City of London Police has shut down 28,000 websites selling counterfeit goods over the past three years, many of which were registered with stolen identities, it has revealed. Over 4000 sites were created using the identities of unsuspecting members of the public, according to the force, which released the figures as part of a new awareness campaign.” (Source: Infosecurity Magazine)
  • No, Facebook Spies Aren’t Secretly ‘Following Me’, It’s A Hoax. “According to the nonsense debunkers over at Snopes, the hoax debuted in January 2017.” (Source: Sophos’s Naked Security Blog)
  • Sudden Rise Detected in Faceliker Malware That Manipulates Facebook ‘Likes’. “The Faceliker malware is not new, being spotted years back, and is a generic detection that describes malware that takes over users’ browsers and uses JavaScript code to perform click-jacking, giving Facebook “likes” to content received from a central command and control server.” (Source: Bleeping Computer)
  • Duo Security Discovers Apple Mac Computers Unprotected from Malicious Firmware Vulnerabilities. “The report shows Mac users who have updated to the latest operating system (OS) or downloaded the most recent security update may not be as secure as they originally thought. A Duo Labs analysis of over 73,000 real-world Mac systems gathered from users across industries found the Extensible Firmware Interface (EFI) in many popular Mac models was not actually receiving the security updates users thought. This left users susceptible to previously disclosed vulnerabilities such as Thunderstrike 2 and the recent WikiLeaks Vault 7 data dumps that detail attacks against firmware.” (Source: Duo Security)
  • Uber London Ban Sees Rise In Malicious Taxi Apps. “Security researchers have warned of a rise in malicious apps masquerading as legitimate taxi-hailing services, as cyber-criminals look to capitalize on Transport for London (TfL)’s recent decision to ban Uber.” (Source: Infosecurity Magazine)

Latest updates for Businesses

  • Criminal Hacking: Top Technology Risk To Health, Safety And Prosperity. “Americans believe criminal hacking into computer systems is now a top risk to their health, safety and prosperity. Criminal hacking, a new ESET survey finds, outranks other significant hazards, including climate change, nuclear power, hazardous waste, and government surveillance.” (Source: Help Net Security)
  • Three Out Of Four DDoS Attacks Target Multiple Vectors. “Three out of every four DDoS attacks employed blended, multi-vector approaches in the second quarter of 2017, according to Nexusguard. The quarterly report, which measured more than 8,300 attacks, demonstrated that hackers continued to rely on volumetric attacks to overwhelm system resources.” (Source: Help Net Security)
  • Why Your Business Must Care About Privacy. “The current conversation often pits privacy against security, both in consumer and enterprise settings. This is especially true in the debate over whether mobile encryption is essential for the average user. However, not wanting to have personal information shared, acted on, or used by anyone without permission should be seen as a universal right.” (Source: Dark Reading)
  • Shocker? Companies Still Unprepared To Deal With Ransomware. “Companies and government agencies are overwhelmed by frequent, severe ransomware attacks, which have now become the #1 cyber threat to organizations, according to Crowd Research Partners.” (Source: Help Net Security)
  • Healthcare Sector Reports Greatest Number Of Security Incidents. “McAfee Labs saw healthcare surpass public sector to report the greatest number of security incidents in Q2, while the Faceliker Trojan helped drive quarter’s 67% increase in new malware samples from the social media landscape.” (Source: Help Net Security)

Safe surfing, everyone!


The Malwarebytes Labs Team