Cybersecurity week Round-Up (2018, Week 5)

Pierluigi Paganini February 05, 2018

Cybersecurity week Round-Up (2018, Week 5) -Let’s try to summarize the most important event occurred last week in 3 minutes.

The week began with massive cyber attacks against three Dutch banks and the National Tax Agency. Experts speculate the involvement of Russia because the attacks started after the revelation of the hack of the APT 28 group operated by the Dutch intelligence.

The wave of attacks against the cryptocurrency sector continues.
Security experts spotted two huge botnets and a malware specifically designed to mine cryptocurrency abusing victims’ resources.

The first mining botnet dubbed Smominru was discovered by researchers from Proofpoint. The malware uses the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities.

The Smominru botnet has already infected more than half million systems.

It has been estimated that the botnet already mined 8,900 Monero ($2,346,271 at the current rate).

Researchers at Qihoo 360’s Netlab analyzed a new campaign powered by the DDG botnet, the second largest mining botnet of ever, that targets Redis and OrientDB servers. The miner has already infected nearly 4,400 servers and has mined over $925,000 worth of Monero since March 2017.

Researchers from security firm CrowdStrike spotted a new Monero crypto-mining worm dubbed WannaMine that spreads leveraging the NSA-linked EternalBlue exploit.

APT groups are even more dangerous. Iran-linked APT OilRig target IIS Web Servers with new RGDoor Backdoor. The backdoor was used in attacks against Middle Eastern government organizations and financial and educational institutions.

South Korea warns of Flash Zero-Day flaw exploited by North Korea in surgical attacks.

In the second part of the week, security experts from Bitdefender detailed the malware Operation PZChao that was attributed to the Chinese Iron Tiger APT.

One of the most clamorous cases of the weak is the data leak that involved military personnel data caused by the improper use of the Fitness Strava Application.
The data leak exposed information related to military bases worldwide, some of them were not publicly disclosed before.

The Meltdown and Spectre saga is going on.

Over the weekend Microsoft rolled out out-of-band updates to disable mitigations for Spectre v2 attacks to problems reported by its customers after the installation of the security patches.

While experts claim Intel reportedly alerted Chinese companies before US Government about Meltdown and Spectre flaws, malware researchers have spotted proof-of-concept malicious code that exploits Spectre and Meltdown flaws.

Researchers at security firm Radware have spotted a new IoT botnet, dubbed JenX, the leverages the Grand Theft Auto videogame community to infect devices.

Crooks target ATMs with Ploutus-D malware, these are the first confirmed cases of Jackpotting in US.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cybersecurity, cyberweek)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment