Light Dark
July 15, 2019 By David Bisson 3 min read

The world learned of two software vulnerabilities last week. The first zero-day vulnerability was instrumental in a targeted attack against companies in Eastern Europe, while the other affected the Mac client of the Zoom videoconferencing service. Concurrently, remote access Trojans (RATs), backdoors and mobile threats made the week a busy one in terms of malware attacks.

Top Story of the Week: The Buhtrap Backdoor

In June 2019, researchers at ESET detected a highly targeted attack in Eastern Europe. The operation exploited a local privilege escalation zero-day vulnerability on Windows machines. In this particular attack, the exploit used popup object menus to infect entities in Eastern Europe and Central Asia with the Buhtrap backdoor.

After seeing it in action, ESET reported this vulnerability (CVE-2019-1132) to the Microsoft Security Response Center. The tech giant responded by issuing a patch for the bug on July 7.

Source: iStock

Also in the News

  • Phishing Campaign Delivers Dridex Via RMS RAT: Cofense spotted a phishing campaign masquerading as correspondence from eFax in an attempt to trick users into opening what appeared to be a Microsoft Word attachment. Once clicked, the attachment — in actuality, a ZIP archive — revealed a Microsoft Excel spreadsheet that downloaded Dridex and the Remote Manipulator System Remote Access Tool (RMS RAT).
  • Investigation Reveals Vulnerabilities on Commercial Ships: On July 8, the U.S. Coast Guard revealed a February 2019 incident in which a deep draft vessel reported a digital security incident affecting its shipboard network. A subsequent investigation concluded that the incident undermined the onboard computer’s system functionality but did not affect any essential vessel control systems.
  • Zoom Vulnerability Puts Webcams at Risk: Independent security researcher Jonathan Leitschuh disclosed a vulnerability in the Mac client for the remote videoconferencing service Zoom. Threat actors could abuse this weakness on a compromised website to force Mac users to join a Zoom call without their permission.
  • New Details Emerge on DNS Hijacking Campaign: Cisco Talos linked the Sea Turtle threat group to a network compromise involving the Institute of Computer Science of the Foundation for Research and Technology – Hellas (ICS-Forth), the country code top-level domain (ccTLD) for Greece. Additional analysis revealed that the threat actors retained access to ICS-Forth through at least April 24.
  • Magecart Exploits Misconfigured Amazon S3 Buckets: Also on April 24, RiskIQ began tracking an attack campaign in which Magecart actors automatically scanned for misconfigured Amazon Simple Storage Service (S3) buckets. The purpose of this “spray and pray” technique was to append their skimming code at the bottom of exposed JavaScript files and obtain unsuspecting users’ payment card information.
  • Astaroth Attack Uses LotL Techniques to Infect Windows Machines: After noticing an anomaly from an algorithm used for catching fileless campaigns, the Microsoft Defender ATP Research Team came upon an infection chain that relied strictly on living-off-the-land (LotL) techniques to distribute Astaroth. Once activated, the backdoor could have helped threat actors steal sensitive information and move laterally across the network.
  • Agent Smith Masquerades as Legitimate App, Infects 25 Million Android Devices: Check Point came across a new malware family known as Agent Smith that masqueraded as a Google-related app. With this disguise, the threat succeeded in infecting 25 million Android devices for the purpose of replacing installed apps with malicious versions.

Security Tip of the Week: How to Defend Against Fileless Threats

The Microsoft Defender ATP Research Team clarified that fileless malware like Astaroth doesn’t make threat actors invincible:

“Abusing fileless techniques does not put malware beyond the reach or visibility of security software. On the contrary, some of the fileless techniques may be so unusual and anomalous that they draw immediate attention to the malware, in the same way that a bag of money moving by itself would.”

Security professionals can therefore help defend their organizations against fileless malware by enabling application whitelisting and disabling macros. Companies should also consider investing in a robust vulnerability management program that prioritizes security bugs as a means of managing risk.

 |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature