Light Dark
August 26, 2019 By David Bisson 3 min read

Last week in security news, researchers spotted a phishing campaign that used evasion tactics to target utility organizations with Adwind. Analysts also observed evasive adware that hid itself within dozens of apps available for download on the Google Play store and a botnet variant that likely evaded detection for two years. Finally, security professionals uncovered vulnerabilities affecting a smart camera, along with a ransomware strain targeting Fortnite users.

Top Story of the Week: A New Adwind Campaign

In the summer of 2019, Cofense detected an attack email that originated from a hijacked account at Friary Shoes. The attack also abused the domain of Fletcher Specs to host the campaign’s payload.

With these elements in place, the attack email asked recipients from organizations who serve the national grid utilities infrastructure to open an attachment containing remittance advice. The attachment appeared to be a PDF document, but it was actually a JPEG file that redirected victims to the domain hosting Adwind. Once it was installed, the malware granted its handlers the ability to take screenshots, harvest browser credentials and record audio from the microphone.

Source: iStock

Also in Security News

  • Adware Uses Dozens of Apps to Infiltrate Play Store: Trend Micro discovered that a piece of adware called AndroidOS_Hidenad.HRXH had found its way onto the Google Play Store by concealing itself within 85 photography and gaming apps. The adware used various techniques to help avoid time-based detection systems.
  • Multiple Vulnerabilities Found in Smart Camera: Over the summer of 2019, Cisco Talos uncovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. These weaknesses enabled attackers to create a denial-of-service condition and, in certain situations, gain control of an infected device to create more malicious outcomes.
  • Botnet Variant Evaded Detection for Up to Two Years: Trend Micro also came across a variant of the MyKings botnet during an investigation of changes made to the machine registry of a server owned by an electronics company in the Asia-Pacific region. The researchers discovered that the threat had been using the task scheduler, registry, Windows Management Instrumentation and bootkit of each machine it infected, which helped the botnet remain hidden for the previous two years.
  • Asruex Uses Old Bugs to Infect Word Docs and PDF Files: Trend Micro detected a variant of the Asruex botnet masquerading as a PDF file. This version arrived with the ability to abuse two older vulnerabilities, CVE-2012-0158 and CVE-2010-2883, and inject code into Word documents and PDF files.
  • Funds Stolen by APT Increased Fivefold: Group-IB observed that Silence, a Russian-speaking advanced persistent threat (APT), has increased the geography and frequency of its attacks. This helped Silence steal a total of $4.2 million, a fivefold increase since the firm issued its original report in September 2018.
  • Ransomware Family Targets Fortnite Players: Researchers at Cyren discovered that cyberattackers have been targeting Fortnite players with a fake game hack tool. The utility actually turned out to be a Syrk, a variant of the open-source Hidden-Cry ransomware.
  • Visa Adds Threat Detection and Disruption Capabilities: Visa announced a series of capabilities designed to help financial institutions and merchants protect against fraud and other cyberthreats. The multinational financial services corporation noted that it will scan the front ends of e-commerce websites for signs of payment card skimmers and use deep learning to monitor for automated attacks.

Security Tip of the Week: Protect Against Evasive Attacks and Known Vulnerabilities

The security news stories covered above highlight just how important it is for security professionals to help their organizations defend against malware. To do so, professionals should make the case for investing in artificial intelligence (AI) capabilities to defend against evasive attacks and monitor apps for anomalous behavior. A comprehensive vulnerability management program is also critical, as it can help keep critical enterprise assets up to date with known patches.

 |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature