Government agencies are experiencing Kovan 19 related attacks phishing and Malware scams ramped up as coronavirus becomes a pandemic and microsoft fixes an SMB flaw all that coming up now on threat wire. Greetings I am Shannon Morse and this is threat wire for March 17th 2020 this is your summary of the threats to our security privacy and Internet freedom this is the. First episode from my new home in Colorado so it may go through some growing pains as I fix audio and lighting along the way please bear with me.
In this process it’s been a really crazy month seriously but I’m trying my best to stay on schedule for y’all. So with that said onto the news the first one is all about the HHS. More on that in a bit now with any widespread issue also comes the threat.
Of cyber attacks and coronavirus is no different the US Health and Human Services Department reported on Monday via Bloomberg that. An attack on their systems was active over the weekend but it did not do any damage or steal any data reporters suggest that this attack was fully intended to just. Slow the agency systems by attacking them with a distributed denial-of-service attack the u.s. HHS. Did state that they saw a surge in activity but they are fully.
Operational and that their own preparations for their staff working remotely will defend against malicious activity a foreign state sponsored actor is suspected to be the attacker in this case but. No confirmation was given publicly regarding this possibility now this is not the only government related cyber security issue related to the outbreak either the National Security Council sent out. A warning on Sunday regarding a tweet stating that any messages talking about a nationwide quarantine are fake and there are no government.
Lockdowns reported related to a text message that was spreading like wildfire this incident was related to the HHS attack but no other information is currently available regarding. The two attacks and how they are actually related an investigation into these tax is currently underway there are a lot of scams and phishing.
Campaigns happening right now related to Cove in nineteen so it is important to be mindful of any potential. For an attack here are just a few of the ways that attackers and criminals are using the current panic to take advantage of unsuspecting individuals a coronavirus map was acting as.
A Trojan horse to install malware on end-user machines which could steal passwords usernames and. A lot more reason lab security researcher Shai al Fauci analyzed malware that malware hunter team found hidden inside a corona virus map downloadable application that could steal. Credentials stored on a user’s browser on their client machine this map shows the current.
Infections on a worldview so obviously everybody is interested once the map application is downloaded the malware which is called azo rolt is used as this information stealer to siphon. Off browsing history cookies IDs and passwords cryptocurrency and pretty much whatever else it can get its hands on this.
Malware is not new it was first discovered in 2016 and it is commonly found on Russian underground forums a co Rolt comes in a few different variants one of which can create an administrative. Account on the infected machine which can allow the attacker to connect via RDP the malware is embedded in the corona virus map comm Exe downloaded as a win32 executable file with a small payload. Of less than 4 Meg’s if you want to stay aware of current totals don’t download anything just simply pay a visit to johns hopkins university online to.
See a map that is actively being updated and that link is down below don’t worry this one is safe this. And other downloadables may be sent in chainmail inspired emails that incite an emotional response and that’s what you should.
Look out for in one example in advanced persistent threat group is using. Kovin 19 to spread Mauer in a campaign dubbed vicious panda researchers with checkpoint research state that this attack uses two. Rich text format or RTF files to target Mongolian public sector workers it is sent via email. And once opened it can screenshot the device and send the attacker lists of the files directories and a lot more. About those affected machines the email urges Mongolian workers to inform victims about infections of the pandemic and it appears to be derived from a Chinese hacking group another attack. On the other hand deriving from the Russian hacking group called Hades was carried out in February using a backdoor Trojan to spread disinformation and lastly an.
App called Kovan 19 tracker is actually being used as ransomware not as an outbreak map tracker like it appears. To be this ransomware is used to request $100 in Bitcoin within 48.
Hours or everything on your phone will be erased and social media accounts will be leaked publicly whatever that means this one is hosted on a website not via the Google Play Store but. Android users could download it from the website if they were directed there it requests access to the lockscreen and accessibility settings Kovan lock will lock the screen with a ransom.
Note and users since Android 7 can unlock with a password which appears to bypass the ransomware and keep you safe this one is avoidable by strictly downloading apps from the Google Play. Store and keeping your OS updated these kinds of attacks will likely ramp up in frequencies as more users work from home in cyber criminals start targeting folks who would usually be. On a secure internal company network keep an eye out for suspicious emails or attachments and don’t download them double-check that any charity is a legitimate one before donating money and lastly if you. Do see random Facebook groups or data shared on Twitter make sure that it is. Legitimate and not a misinformation campaign it’s important to take strides to.
Protect yourself not only physically out in the world as we also do but in this connected world as well before we hit story number 3 I. Wanted to say thank you so much to my supporters over at patreon.com slash threat wire I feel like we could all use some hush puppy. Love right now so my hush puppy perk level patrons are awesome I love them so much for sending in their fur baby. Photos I love them keep them coming they adorable seriously.
I’m stuck in my house so please send me all. The fur baby photos and if you want to support threat wire. But you don’t want to be a patreon supporter check out snubz e-comm slash shop to get t-shirts stickers and even my own digital. Photography all of which supports these shows and now with everything happening this has been a really really stressful.
Month but not just because of the virus but also because I moved to a brand new state I won’t get into any of the craziness here because threat wire is not. The place for that but I do want to say thank you to everyone who has continually supported my shows please stay safe don’t panic.
Bye seriously it’s like really hard to stock my pantry with anything because we didn’t move with lots. Of food and everybody is taking all the food so please. Save some for the people that really need food in their house and take care of the folks in your life that need it most we can.
Get through this together we need to be a community and we. Can be a community without like being socially physically interactive and. I will continue to bring you security content every single week that I absolutely can. So thank you to everyone for supporting the show and lastly for today some security news not related to.
The virus Microsoft issued an advisory on March 10th regarding a vulnerability in SMB version 3 stating that a client and server remote code execution vulnerability with CVE 20 2007 96. Was affecting the server message block 3.1 point 1 this can allow an attacker to send code and execute. Code on a server or client with SMB it is only present in the 32. And 64-bit versions of the Windows 10 copies of the clients and servers so those are versions 1903 and.
1909 it’s also difficult to exploit but this was still deemed critical because of its ability to worm meaning an attack using this vulnerability could spread from machine to machine without user interaction. Now Microsoft does not believe this flaw is being exploited currently but it could be in the future when it. Went public due to an accidental leak by a cyber security company Microsoft ended up hatching the issue two days later before I leave I want. To say q2e euler adam kristen and jermiah who joined the patreon team this week thank you so much to. Each and every one of you you are awesome and I hope you love the patreon community as just as much. As I do and with that do not forget to Like and subscribe I’m Shannon Morse and I will see you on the Internet which for once seems.
Completely socially acceptable I will see you next week bye.