Every month our Cyber Defense Center keeps you informed about the most recent dangers, hacks, leaks and attacks. Make sure to stay up-to-date and bring a visit to our security blog regularly. If you have any questions, please don’t hesitate to contact us!
Top 5 dangers
Locky ransomware returns with “Lukitus” variant • Source
A new variant of the Locky ransomware has been seen in the wild since the 9th of August. The new variant is used in various e-mail spam campaigns that use different droppers in the attachment. These droppers have different attached filetypes (.zip, .vbs, .DOCM and .JS). The dropper will download a payload that encrypts files on the infected system using a “.lukitus” extension.
711 million email addresses used in “largest spambot to date” • Source
A huge spambot is currently active using up to 711 million compromised email addresses. These email-addresses are being used to send and receive different time of email spam campaigns
Spam filters are getting smarter every day. But this spambot is using clever ways to bypass current filters by authenticating the compromised emails with the corresponding SMTP server so it looks like legitimate traffic. Security researcher Troy Hunt keeps a database on https://haveibeenpwned.com/ where you can verify if your email-address is compromised.
Unpatchable flaw in modern cars allows hackers to disable safety features • Source
Many of today’s automobile companies deliver vehicles that run on “drive-by-wire” systems, which means majority of the car’s functions like active safety systems, parking sensors and airbags are electronically controlled and accessible over wireless interfaces.
Researchers at Trend Micro have found vulnerabilities in the CAN (controller area network) protocol that is used. This protocol is used by all automobile companies and has a fundamental flaw which can be abused and is not patchable as the vulnerability lies in the design.
Company bosses ‘lack cyber-attack training’ • Source
With security technology end-users are usually the weakest link. A breach is just one (wrong) click away. What to do when a security incident has occurred is as important. The “Cyber governance Health Check Report 2017” states that 68% of company boards in the UK have not received specific training to deal with a hacking incident. Digital Minister Matthew Hancock urges companies to take advice and training to better deal with breaches.
PowerPoint file with Office-exploit evades UAC • Source
A recently patched vulnerability (CVE-2017-0199) is being abused by criminals in the wild. It triggers remote code execution in Microsoft Office or WordPad when parsing specially crafted files. It leverages on a clever technique that abuses Event Viewer. Even though the vulnerability has been patched this April, many companies are generally still reacting too late when patching. This example enforces the need of proper patch management within companies.
Top 5 recent hacks, leaks and attacks
Popular server management software by “NetSarang” hit by “ShadowPath” in supply chain attack • Source
Multiple products from NetSarang, which supports secure connectivity solutions and specializes in the development of server management tools for large corporate networks, were compromised and had a backdoored version of their software on their official website. The backdoored version allowed malicious actors to upload files, create processes, and store information in a VFS contained within the victim’s registry.
How hackers are targeting the shipping industry • Source
Hackers are finding ways to steal money from the shipping industry. By planting a small virus on the internal network, they monitor email traffic to and from people in the finance department. Whenever one of the firm’s fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number, resulting in the theft of millions of dollars.
Instagram hacker puts 6 million celebrity’s personal data up for sale on DoxaGram • Source
Instagram has suffered a massive data breach. Reportedly an unknown hacker has stolen personal details of more than 6 million Instagram accounts. Recently a flaw had been found in the application programming interface (API) which the service uses to communicate with other apps. This flaw has been abused and has left millions of high profile accounts for sale.
Hacker steals $8.4 Million in Ethereum • Source
An unknown hacker has stolen nearly $8.4 Million worth of Ethereum, one of the most popular and increasingly valuable cryptocurrencies, in an Ethereum hack that hit Veritaseum’s Initial Coin Offering (ICO). Veritaseum’s founder Reggie Middleton says that the hack may be caused by an unnamed third-party service. Middleton has not disclosed the attack vector that was exploited to sweep out the $8.4 Million in ETH, though he assured that his team has taken the necessary measures to prevent the attack to happen in the future. This is the fourth hack against the cryptocurrency Ether in short succession.
Game of Thrones (Season 7) episode 5 script Leaked. Hacker demands millions in ransom • Source
The hacking group that recently hacked HBO has dropped another trove of documents, including a month emails of one of the company’s executives, and a detailed script of the fifth episode of Game of Thrones. With the release of another half-gigabyte sample of its stolen HBO data, the hacking group has finally demanded a ransom worth approximately $6 million from the entertainment giant in order to prevent further leaks.
Other cybercriminals are also using Game of Thrones as a method to get unsuspected users to click on their malicious attachments • Source