August 12, 2019 By David Bisson 3 min read

Last week in security news, the world learned of new WhatsApp vulnerabilities that allowed a threat actor to intercept and manipulate messages exchanged in private chats and group conversations. Researchers also spotted a new version of a fast-growing ransomware family along with a wiper sample that masqueraded as crypto-ransomware. Lastly, plenty of new malware campaigns and techniques emerged throughout the week.

Top Story of the Week: WhatsApp Vulnerabilities

Check Point Research revealed that it had notified WhatsApp of three vulnerabilities near the end of 2018. The team found that digital attackers could abuse the flaws to intercept and manipulate users’ messages in 1 of 3 ways:

  1. Use the “quote” feature to change the identity of a sender
  2. Alter the text of someone’s response
  3. Send a public message disguised as a private conversation so the recipient’s response would be visible to other users.

WhatsApp fixed the third issue after Check Point Research informed the encrypted messaging service of its findings. However, the team found that the first and second exploitation channels were still available as of early August 2019.

Source: iStock

Also in Security News

  • Industrial Control Systems Under Attack From HEXANE: Dragos observed a new threat group called HEXANE targeting oil and gas companies located in the Middle East using general IT themes and novel detection evasion schemes. The firm also observed the group targeting telecommunications providers in the Middle East, Central Asia and Africa, presumably in an attempt to lay the groundwork for future network-based attacks.
  • New Version of MegaCortex Ransomware Released: In early August, Accenture spotted a new version of MegaCortex ransomware that uses anti-analysis features to evade detection. The threat also came with a hardcoded password, a technique that enables its handlers to target a larger number of users.
  • Trickbot Delivered via Obfuscated JS File: Researchers at Trend Micro detected a Trickbot campaign that used spam emails to deliver a malicious Microsoft Word document. This file, in turn, used a heavily obfuscated JS file to download a Trickbot payload.
  • New GermanWiper Malware Masquerades as Ransomware: On July 30, Bleeping Computer learned of a new malware family called GermanWiper after users began posting about it on its forums. The malware demanded a ransom from its victims, but they couldn’t recover their information even if they paid, since the threat overwrote their files’ data with ones and zeros.
  • Attackers Using SystemBC to Mask C&C Traffic: In the beginning of June, Proofpoint observed both the Fallout and RIG exploit kits delivering a new proxy malware family called SystemBC. This malware used a SOCKS5 proxy to mask traffic pertaining to command-and-control (C&C) infrastructure that used HTTP connections for banking Trojans like Danabot.
  • Lokibot Variant Comes With New Tricks: In summer 2019, Trend Micro found a new Lokibot variant when it notified a Southeast Asian company of a potential threat. This version used an autostart registry that pointed to a VBS file as a persistence mechanism, and also came with the ability to use steganography so that it could reference information during its unpacking routine.
  • Phishers Targeting U.S. Utility Organizations: At the end of July, Proofpoint detected a phishing campaign in which digital attackers masqueraded as the National Council of Examiners for Engineering and Surveying (NCEES). They used this disguise to download LookBack malware on victims’ devices.

Security Tip of the Week: Take Data Protection to the Next Level

The rise of destructive malware such as GermanWiper and MegaCortex v2 highlights the need for organizations to protect their data against digital threats. Security professionals can help their employers do this by creating an accurate inventory of data sources and monitoring those assets that contain personal information for suspicious activity. Security teams should couple these processes with an ongoing security awareness training program that educates employees of phishing attacks and other social engineering threats.

More from

What is the Open-Source Software Security Initiative (OS3I)?

3 min read - The Open-Source Software Security Initiative (OS3I) recently released Securing the Open-Source Software Ecosystem report, which details the members’ current priorities and recommended cybersecurity solutions. The accompanying fact sheet also provides the highlights of the report. The OS3I includes both federal departments and agencies working together to deliver policy solutions to secure and defend the ecosystem. The new initiative is part of the overall National Cybersecurity Strategy.After the Log4Shell vulnerability in 2021, the Biden-Harris administration committed to improving the security of…

Widespread exploitation of recently disclosed Ivanti vulnerabilities

6 min read - IBM X-Force has assisted several organizations in responding to successful compromises involving the Ivanti appliance vulnerabilities disclosed in January 2024. Analysis of these incidents has identified several Ivanti file modifications that align with current public reporting. Additionally, IBM researchers have observed specific attack techniques involving the theft of authentication token data not readily noted in current public sources. The blog details the results of this research to assist organizations in protecting against these threats. Key Findings: IBM research teams have…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today