Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about 8,000 Redis instances running unsecured in different parts of the world, even deployed in public clouds. Also, read about a new Windows malware, called “Coronavirus,” that makes disks unusable by overwriting the master boot record (MBR).
In light of the current COVID-19 crisis, shelter-in-place orders have forced many companies to support remote work. However, hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. In this blog, learn about some of the major threats to home workers and their organizations, and what can be done to keep hackers at bay.
Researchers have turned up security and privacy flaws in Zoom, which has had success during the pandemic. In late March, one red-team member found that Zoom would display universal naming convention (UNC) paths as links, which, if clicked, would send a username and password hash to an attacker-controlled system. In this article, Brian Gorenc of Trend Micro’s ZDI program shares insight into Zoom vulnerabilities.
Trend Micro discovered 8,000 Redis instances running unsecured across the globe, even deployed in public clouds. The instances have been found without Transport Layer Security (TLS) encryption and are not password protected. When left unsecured and allowed to be internet-facing or integrated into IoT devices, cybercriminals can find and abuse Redis servers to launch attacks such as SQL injections, cross-site scripting, malicious file uploads, and even remote code execution, among others.
The increased enterprise VPN use due to the COVID-19 pandemic and the work-from-home shift has not gone unnoticed by ransomware gangs, Microsoft warns. Microsoft has pinpointed several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure and decided to notify them directly about it and offer advice on how to keep safe.
The global public cloud services market is on track to grow 17% this year, topping $266 billion. However, while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” Hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters. While driving agility, differentiation and growth, this new reality also creates cyber risk.
Cybersecurity researchers have uncovered an ongoing new Magecart skimmer campaign that has successfully compromised at least 19 different e-commerce websites to steal payment card details. According to a recent report, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into webpages to phish payment data.
Trend Micro recently analyzed the most affected AWS Services, finding that EC2-related issues topped the list with 32% of all issues and S3 contributed to 12% of all issues. While cloud providers offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. In this blog, learn how to secure data and configure environments with AWS best practices.
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record (MBR). It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that caused widespread, global financial damage.
Raccoon Malware as a Service (MaaS) can steal login credentials, credit card information, cryptocurrency wallets and browser information. It can arrive on a system through delivery techniques such as exploit kits, phishing and bundled with other malware. In this blog, Trend Micro investigates campaigns that used exploit kits Fallout and Rig, and observes its use of Google Drive as part of its evasion tactics.
The COVID-19 pandemic is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware and malicious domains. As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure also increase. Trend Micro researchers are periodically sourcing for samples on COVID-19-related malicious campaigns.
Trend Micro researchers found campaigns that abuse the note-taking platform Evernote to host credential-phishing pages. The campaigns also exploit other shared platforms for editing images, making infographics and charts, and creating brand templates. Evernote’s notebook sharing functionality that uses public links is what threat actors exploited to spread malicious PDF files via phishing emails.
As the use of video conferencing platforms has increased with many people working from home due to the COVID-19 outbreak, cases of “Zoom Bombing” and malicious domains and files related to Zoom have also been on the rise. Registrations of domains that reference the name of Zoom has significantly increased, and other communication apps such as Google Classroom have been targeted as well.
Russian federal investigators have arrested at least 25 people accused of operating a credit card fraud ring, according to a statement released by the Russian Federal Security Service (FSB). Those charged allegedly included a card fraud kingpin and two dozen associates linked to more than 90 websites that sold stolen credit card data and operated internationally.
A recent Microsoft blog reported the tech giant had seen a “775 percent increase of our cloud services in regions that have enforced social distancing or shelter in place orders.” That line was wrong: the almost 8x increase only pertained to monthly users of the Microsoft’s Teams collaboration platform, and only in a one-month period in Italy, a region of the world particularly impacted by the virus.
The COVID-19 crisis has sparked a new wave of phishing, BEC, extortion, ransomware and data breach attempts, and although it’s not the only platform being targeted, Zoom has been the subject of some of the highest-profile incidents so far. Fortunately, there are things organizations can do to protect their business and their employees. In this blog, learn about best practices you can use to help secure your Zoom conferences.
Have you or your organization been a victim of “Zoom Bombing”? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.