Last week in security news, the world learned of new WhatsApp vulnerabilities that allowed a threat actor to intercept and manipulate messages exchanged in private chats and group conversations. Researchers also spotted a new version of a fast-growing ransomware family along with a wiper sample that masqueraded as crypto-ransomware. Lastly, plenty of new malware campaigns and techniques emerged throughout the week.

Top Story of the Week: WhatsApp Vulnerabilities

Check Point Research revealed that it had notified WhatsApp of three vulnerabilities near the end of 2018. The team found that digital attackers could abuse the flaws to intercept and manipulate users’ messages in 1 of 3 ways:

  1. Use the “quote” feature to change the identity of a sender
  2. Alter the text of someone’s response
  3. Send a public message disguised as a private conversation so the recipient’s response would be visible to other users.

WhatsApp fixed the third issue after Check Point Research informed the encrypted messaging service of its findings. However, the team found that the first and second exploitation channels were still available as of early August 2019.

Source: iStock

Also in Security News

  • Industrial Control Systems Under Attack From HEXANE: Dragos observed a new threat group called HEXANE targeting oil and gas companies located in the Middle East using general IT themes and novel detection evasion schemes. The firm also observed the group targeting telecommunications providers in the Middle East, Central Asia and Africa, presumably in an attempt to lay the groundwork for future network-based attacks.
  • New Version of MegaCortex Ransomware Released: In early August, Accenture spotted a new version of MegaCortex ransomware that uses anti-analysis features to evade detection. The threat also came with a hardcoded password, a technique that enables its handlers to target a larger number of users.
  • Trickbot Delivered via Obfuscated JS File: Researchers at Trend Micro detected a Trickbot campaign that used spam emails to deliver a malicious Microsoft Word document. This file, in turn, used a heavily obfuscated JS file to download a Trickbot payload.
  • New GermanWiper Malware Masquerades as Ransomware: On July 30, Bleeping Computer learned of a new malware family called GermanWiper after users began posting about it on its forums. The malware demanded a ransom from its victims, but they couldn’t recover their information even if they paid, since the threat overwrote their files’ data with ones and zeros.
  • Attackers Using SystemBC to Mask C&C Traffic: In the beginning of June, Proofpoint observed both the Fallout and RIG exploit kits delivering a new proxy malware family called SystemBC. This malware used a SOCKS5 proxy to mask traffic pertaining to command-and-control (C&C) infrastructure that used HTTP connections for banking Trojans like Danabot.
  • Lokibot Variant Comes With New Tricks: In summer 2019, Trend Micro found a new Lokibot variant when it notified a Southeast Asian company of a potential threat. This version used an autostart registry that pointed to a VBS file as a persistence mechanism, and also came with the ability to use steganography so that it could reference information during its unpacking routine.
  • Phishers Targeting U.S. Utility Organizations: At the end of July, Proofpoint detected a phishing campaign in which digital attackers masqueraded as the National Council of Examiners for Engineering and Surveying (NCEES). They used this disguise to download LookBack malware on victims’ devices.

Security Tip of the Week: Take Data Protection to the Next Level

The rise of destructive malware such as GermanWiper and MegaCortex v2 highlights the need for organizations to protect their data against digital threats. Security professionals can help their employers do this by creating an accurate inventory of data sources and monitoring those assets that contain personal information for suspicious activity. Security teams should couple these processes with an ongoing security awareness training program that educates employees of phishing attacks and other social engineering threats.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…