Posted March 7, 2018
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“According to a Quick Heal report released on Monday, in 2017 their Security Labs detected over 930 million Windows malware that targeted individuals and businesses. The year was dominated by several exploits leaked by the hacker Group “The Shadow Brokers” such as EternalBlue, EternalChampion, EternalRomance and EternalScholar which were responsible for advanced ransomware campaigns such as WannaCry and Notpetya, and a few cryptocurrency mining campaigns. Sanjay Katkar, Joint Managing Director and Chief Technology Officer of Quick Heal Technologies Limited said that the problem of ransomware is going to exacerbate because of growing availability of exploit kits and ransomware-as-a-service.”
Information Security Risk
“A newly uncovered form of Android malware secretly steals sensitive data from infected devices – including full audio recordings of phone calls – and stores it in cloud storage accounts. An invasive form of spyware, RedDrop harvests information from the device, including live recordings of its surroundings, user data including files, photos, contacts, notes, device data and information about saved Wi-Fi networks and nearby hotspots. The first time the malware was seen, it was being distributed via a Chinese language adult content app called CuteActress, but others target those speaking English and other languages. “This is very much a global operation,” a security research reported.”
“An endpoint security firm has spotted a massive campaign that exploits a recently patched Adobe Flash Player vulnerability to deliver malware. The flaw in question, CVE-2018-4878, is a use-after-free bug that Adobe patched on February 6, following reports that North Korean hackers had been exploiting the vulnerability in attacks aimed at South Korea. The threat group, tracked as APT37, Reaper, Group123 and ScarCruft, has been expanding the scope and sophistication of its campaigns. After Adobe patched the security hole, which allows remote code execution, other malicious actors started looking into ways to exploit CVE-2018-4878.”
“Intel has issued updated microcode to help safeguard its Broadwell and Haswell chips from the Spectre Variant 2 security exploits. According to Intel documents, an array of its older processors, including the Broadwell Xeon E3, Broadwell U/Y, Haswell H,S and Haswell Xeon E3 platforms, have now been fixed and are available to hardware partners. The company’s new microcode updates come a week after Intel also issued updates for its newer chip platforms like Kaby Lake, Coffee Lake and Skylake. The Spectre and Meltdown defects, which account for three variants of a side-channel analysis security issue in server and desktop processors, could potentially allow hackers to access users’ protected data. Meltdown breaks down the mechanism keeping applications from accessing arbitrary system memory, while Spectre tricks other applications into accessing arbitrary locations in their memory. According to Intel’s documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners.”