Last week in security news, a researcher found that malicious actors had abused the details of a test credit card just two hours after he posted the information online. The security community also learned of a survey in which three-quarters of respondents said that they had required a password reset after forgetting one of their personal passwords in the previous three months. Finally, researchers tracked several new malware samples along with a now-fixed WhatsApp vulnerability.
Top Story of the Week: The Spread of Exposed Credit Card Data
David Greenwood, a security researcher on the ThreatPipes team, wanted to find out how information posted online spreads throughout the internet and dark web. So he purchased an anonymous, prepaid Visa credit card and posted its full credentials on several paste sites. He then sat back and waited.
It took all of two hours until digital attackers sprang into action. They did so by using bots and scripts to make small purchases using the credit card information from a well-known retailer located in the U.K.
Also in Security News
- Poison Frog Backdoor Samples Discovered in Aftermath of OilRig Dump: After a group of actors dumped OilRig’s attack tools online, Kaspersky Labs decided to scan its archives for new and old malware samples. In the process, it discovered Poison Frog, a sloppily designed backdoor that masqueraded as the legitimate Cisco AnyConnect application at the time of discovery.
- Most Users Required a Personal Password Reset in the Last Three Months: In a recent study, HYPR found that 78 percent of full-time workers in the U.S. required a password reset sometime in the last three months after forgetting a personal password. The rate was slightly lower for work-related reset requests at just over half (57 percent) of respondents.
- Lazarus-Linked Dacls RAT Makes Waves by Targeting Linux Machines: Back in October, Netlab 360 came across a suspicious ELF file that shared certain characters employed by the Lazarus group. This discovery of the file, nicknamed Dacls, marked the first time that researchers have detected a Lazarus-created threat that’s capable of targeting Linux machines.
- U.S., EU Users Caught in the Crosshairs of Zeppelin Ransomware: Blackberry Cylance spotted threat actors using the newly discovered Zeppelin ransomware to selectively target technology and healthcare organizations in the U.S. and the European Union. Further analysis helped determine Zeppelin to be a member of the VegaLocker ransomware family.
- Dudell Malware Leveraged by Rancor Digital Espionage Group: Palo Alto Networks’ Unit 42 threat research team analyzed the recent attacks of Rancor, a digital espionage group that targeted at least one Cambodian government organization between December 2018 and January 2019. In the process, it discovered a new custom malware family it dubbed Dudell.
- Vulnerability Allowed Threat Actor to Crash WhatsApp on Phones in Shared Group: In August 2019, Check Point Software discovered a bug that enabled a malicious actor to implement a WhatsApp crash-loop on the devices of users in a shared group. The security firm subsequently disclosed this vulnerability to WhatsApp, whose developers issued a fix in update 2.19.246.
- Lateral Movement Used by BuleHero Botnet to Spread Malware Payloads: Researchers at Zscaler observed in their analysis of BuleHero that the botnet used port scanning, Mimikatz, PsExec and WMIC to spread laterally on an affected network. These techniques enabled the threat to distribute both the XMRig miner and Gh0st RAT to a larger number of machines.
- Various Attack Techniques Used by MyKings Botnet to Deliver Forshare: SophosLabs took a deep dive into the workings of the MyKings botnet and found that the threat used various attack techniques against vulnerable Windows servers to deliver Forshare malware. Those tactics included using steganography to conceal a malware payload within an image.
Security Tip of the Week: Focus on Data Protection
Security professionals can help organizations protect their valuable data by using artificial intelligence (AI)-driven tools and automated monitoring solutions to gain intelligent visibility into the network. They can then use that visibility to monitor for suspicious activity that could be indicative of a threat moving laterally across the network.
In support of this monitoring activity, security teams should also consider embracing a zero-trust model for the purpose of setting up micro-perimeters on the cloud and elsewhere.