Cybersecurity news provided by NetworkTigers on Monday, 20 December 2021.
SAN MATEO, CA — Joker malware present in Google Play store, scammers take advantage of Spider-Man fans, cyberattack delays funerals, new ransomware threats gain popularity, state actors attempting to leverage Log4j, experts expect worm, Anubis trojan attacking Android financial apps, warnings issued over last minute surge in seasonal scams, Log4Shell mutations piling up, popular HR management platform Kronos hit with ransomware, Honolulu mass transit shut down due to cyberattack, India’s Prime Minister twitter account hacked, Quebec shuts down government websites to avoid Log4Shell.
Joker malware present in Google Play store
Joker, a type of malware referred to as “fleeceware” because of the manner in which it subscribes victims to unauthorized premium services without their knowledge, has been found in the Color Message app available on the Google Play store. The app has reportedly been downloaded more than 500,000 times before Joker was identified. Joker has been in circulation since at least 2017. Read more.
Scammers take advantage of Spider-Man fans
As Marvel’s latest entry into their cinematic universe unfolds in the form of the theatrical release of Spider-Man: Far From Home, scammers are taking the opportunity to trick fans into believing the movie can be watched online. Phishing emails that lead users to malicious websites have been making the rounds, and cybercrime authorities are urging people to be cautious with regard to emails and opportunities that seem too good to be true. Read more.
Cyberattack delays funerals
A cyberattack carried out on the Maryland Department of Health has resulted in citizens being unable to procure death certificates, causing delays in funerals and otherwise preventing the families of the deceased to move forward with the proceedings that follow a death. State security teams are working with the federal government to get Department of Health resources back online as quickly as possible. Read more.
New ransomware threats gain popularity
Under increased pressure from international authorities, powerful ransomware as a service providers like REvil and Clop have seen their popularity and influence shrink as new variants take their place. BlackMatter, LockBit 2.0, Hive and Conti are among the latest to rise in power. The virulent ransomware market’s top players are not at all the same as they were as recently as a few months ago. Aside from political pressure, some ransomware groups are weakened or driven apart by infighting among members. Read more.
State actors attempting to leverage Log4j, experts expect worm
As hackers and criminals from all ilks overwhelm IT administrators with attempts to utilize the Log4j vulnerability across sectors, nation-state sponsored actors have also been making the effort. Charming Kitten, an Iranian hacking group, is reportedly targeting a variety of Israeli organizations. Some security experts are also anticipating that a self-propagating Log4j worm may appear within the next few days, while others feel that threat actors are too busy laying groundwork to allocate the time and resources needed to develop a worm. Read more.
Anubis trojan attacking Android financial apps
A new version of the Anubis Android trojan banking malware has been detected, targeting the customers of around 400 financial institutions by disguising itself as an account management application created by Orange S.A., which is France’s largest telecom company. The trojan allows unauthorized access to Android devices when installed. Read more.
Warnings issued over last minute surge in seasonal scams
As the holidays near and the Omicron variant of the coronavirus continues to spread, experts and governments alike are issuing warnings about further surges in phishing scams. Online sales and pandemic fears will continue to provide fodder for scammers looking to capitalize on both with fraudulent emails and data stealing operations. People are being urged to remain vigilant and not allow last minute holiday stress to make them more vulnerable to cybercrime. Read more.
Log4Shell mutations piling up
As the cybersecurity community attempts to mitigate some of the damage taking place due to the Log4Shell vulnerability, researchers are already finding new, more heavily weaponized versions of the exploit that are specifically designed to steal passwords and move undetected through targeted networks. According to a report from researchers at Check Point, Log4Shell has spawned over 60 more threatening mutations in less than 24 hours as hackers from all over the world look to use the flaw to their advantage. Read more.
Popular HR management platform Kronos hit with ransomware
Kronos, a leading HR management service provider, has been hit with a cyberattack that the company is reporting will cause “several weeks” of disrupted service. The attack will result in many of the company’s users being unable to pay employees during the holiday season, with some lodging complaints about Kronos’ lack of a contingency plan in the face of a cyberattack. Kronos has reported that data from many of its high profile customers has likely already been accessed, and has urged its customers to implement their own alternative means by which to continue their business processes in what some feel is Kronos passing the buck to those that have entrusted the company with their information and payroll. Read more.
Honolulu mass transit shut down due to cyberattack
A cyberattack carried out against Honolulu, Hawaii’s mass transit system is believed to be a ransomware attack. Administrative services across the board were disabled. Authorities and the Honolulu Department of Transit Services are investigating the incident. At this time, no demands for payment have been reported and no rider data has been compromised in the attack. Read more.
India’s Prime Minister twitter account hacked
Narendra Modi, India’s Prime Minister, had his Twitter account hacked briefly. During the period of unauthorized use, a tweet was posted on his account authored by the attackers that stated that India would be adopting Bitcoin as a legal currency and distributing the cryptocurrency among Indian citizens. At this time, no further disruptions have been reported and the account has been secured. Read more.
Quebec shuts down government websites to avoid Log4Shell
Quebec’s government has shut down its websites temporarily as a preventative means to avoid any breaches that may result from Log4Shell vulnerabilities. Government IT administrators are reportedly combing through each site to locate the exploit before patching it and returning the website to operational status. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com