Weekly Cyber Risk Roundup: FBI Advises Home Router Resets

What’s Everyone Talking About? Trending Cybercrime Events

The big news for this week was the CISCO warning of 500,000 routers being hacked by Russian criminal hackers in a bid to attack Ukraine. According to CNBC, “Cisco’s Talos cyber intelligence unit said it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow.”

In subsequent reporting, the FBI has issued a statement and recommendation that all users with home or small-business router turn off the device and turn it back on. The reboot is meant to counter the Fancy Bear linked malware mentioned above.

Further details are being released as they are available. The details of the warnings were: “at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices.”

You can read more here in the FBI warning.

Screen Shot 2018-05-29 at 5.00.06 AM

Other trending cybercrime events from the week include:

  • State data breach notifications: In October 2017, criminal hackers obtained the credentials for two employee accounts for Worldwide Insurance Services. A phishing campaign was used to steal credentials and may have resulted in private insurance details of their customers being viewed by unauthorized parties. In December 2017, a former employee of Muir Medical Group took personal details of clients with them before their employment ended. This could have resulted in the leak of personal identifiable information of clients. In March 2018, a contractor for the California Department of Public Health experienced a robbery where documents and a laptop were stolen.
  • Altcoin Experienced Second Hack: The alternative cryptocurrency Verge, experienced its second hack in recent months. $1.4 Million (USD) was stolen in this recent attack which started as a distributed denial-of-service (DDoS) attack. In the last event, the cryptocurrency suffered a 25% loss. 
  • Bitcoin Gold Suffers Attack: In a similar attack to the previous report with Verge, Bitcoin Gold suffered a 51% attack resulting in the loss of $18 million in Bitcoin Gold. Also known as double spending this type of attack works very similar to DDoS attacks in which they tie up the network resources of the targets. 
  • Fourteen Vulnerabilities Found in BMWs: In a recent security test, researchers found fourteen vulnerabilities as they hacked BMW cars. The reported vulnerabilities were, “the flaws could be exploited to gain local and remote access to infotainment (a.k.a head unit), the Telematics Control Unit (TCU or TCB) and UDS communication, as well as to gain control of the vehicles’ CAN bus.” 
  • App Leaks Passwords in Plaintext: Researchers discovered two servers owned by the app TeenSafe, which is an app parents and guardians can use to monitor phone activity of a child, were hosted without passwords to access data being stored. Over 10,000 accounts were exposed on the AWS hosted servers.

Cyber Risk Trends From the Past Week

Screen Shot 2018-05-29 at 5.02.34 AMA new report from security researchers this week is touting a new kind of banking malware. Researchers are calling the malware Backswap and discovered it attacking Polish banks. According to the report, “We have discovered a new banking malware family that uses an innovative technique to manipulate the browser: instead of using complex process injection methods to monitor browsing activity, the malware hooks key window message loop events in order to inspect values of the window objects for banking activity.”

The malware was first noticed in January 2018, and the first samples were analyzed in March 2018. According to the report, “the banker is distributed through malicious email spam campaigns that carry an attachment of a heavily obfuscated JavaScript downloader from a family commonly known as Nemucod. The spam campaigns are targeting Polish users.” As users see everyday, just because a malware strain is targeting a specific bank or country doesn’t mean it hasn’t started to spread or won’t be turned to other targets later.

You can read more here, as well as grab IOC’s related to Backswap Malware.

 

*** This is a Security Bloggers Network syndicated blog from SurfWatch Labs, Inc. authored by janegray14. Read the original post at: https://blog.surfwatchlabs.com/2018/05/29/weekly-cyber-risk-roundup-fbi-advises-home-router-resets/