Welcome back, folks. It’s been a while, no?
Following an extended absence of your humble Threat Thursday writer (and by expansion, your weekly Threat Thursday fix), our cyber security bulletin returns!
It’s a glass half-full kind of week this week, with Android users staring down a nasty new ransomware craze and hackers brazenly selling access to our personal networks. Yet there’s also been a wealth of security updates for some of our most popular software, not to mention a takedown of one of the internet’s nastiest botnets.
For Android Users, Home is Where the Harm is
Android users are under threat from a new strain of the long-running MalLocker.B ransomware.
Discovered by Microsoft using their Defender for Endpoint software, this offshoot can avoid known security solutions and deliver Ransomware to compromised devices. It then delivers the ransom note to users upon receiving a call notification, or simply upon pressing the ‘Home’ button on their device. Those buttonless iPhone users must be feeling pretty smug right now.
In a particularly nasty twist, the ransomware doesn’t only restrict access to files, but instead locks the device entirely, with only a screen of presumably threatening language written in Russian. If you love reading about the latest malware with a side-order of technical jiggery-pokery, Microsoft’s full ransomware report is available here.
As is common for Android malware, MalLocker.B is mostly delivered via cracked applications from dodgy sites, often masquerading as more reputable software. As always, only rely on trusted avenues and trusted developers – as even the Google Play store isn’t averse to some wrong ‘uns now and then.
Hackers Put an Entrance Fee on our Sensitive Network Access
It’s not just passwords, logins and card details that are available on the Darknet. Business-minded hackers are now performing the tricky step of compromising network entry points – one of the earliest steps in a successful hack – and then selling that access to interested parties online. According to research by Accenture's Cyber Threat Intelligence (CTI) team, gatekeepers can sell the details of these compromised networks to any interested parties, with prices ranging from $300 to $10,000.
Ransomware-as-a-service continues to be a hot seller on underground forums and the Dark Web, but it’s far from the only illicit service available there. Hand-in-hand with compromised network sales, it’s one heck of a destructive force. The concern now, according to CTI, is that by moving in the same circles as Sodinokibi, Lockbit, Maze and other big-name nasties, the cybercrime landscape will continue to thrive.
Naturally, if you’re concerned about your company’s network security, now might be the perfect time for an assessment of your defences.
Trickbot Botnet Crippled by… a Copyright Claim
In more cheerful news, a collaboration of major IT and cyber security experts has disrupted the efforts of recurring Threat Thursday villain, Trickbot.
Targeting the malware’s colossal botnet operation and effectively halting the spread of its malicious payload, the joint venture saw such industry luminaries as Microsoft, ESET, Black Lotus Labs, NTT, Symantec, and the catchily titled Financial Services Information Sharing and Analysis Centre team up and take the botnet down.
Authorising the whole operation was US District Court for the Eastern District of Virginia, who granted a court order to Microsoft. The tech giant adopted a cunning application of copyright law to convince the Court into granting this application, even as the US government wound up its own attempts on the botnet earlier this month. The company argued that, because Trickbot was utilising Microsoft code, they reserved the right to seize the illicit assets. Shrewd move, guys.
The court order was obtained on Monday this week, and as early as Tuesday, Microsoft had reported that they had “…now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems”. You can read their full statement here.
As a cigar-chomping, silver-haired hero from the 80’s once said: I love it when a plan comes together.
And Finally, Your Software Updates for the Week Include…
…High-severity vulnerability patches for Cisco’s Identity Services Engine, Video Surveillance 8000 series and Webex Conferencing System. Each of these products suffered their own unique high-severity vulnerability, while multiple medium-level vulnerabilities were also patched across the software range.
High and Critical Severity fixes were fixed in Android’s latest OS update, which resolved Remote Code Execution vulnerabilities in Android versions 8.0, 8.1, 9, 10 and 11, among other medium-severity flaws.
Microsoft’s monthly patch Tuesday covered 87 vulnerabilities, 11 of them critical, and covered a range of software including the Windows operating system, Microsoft Office, Azure Functions and Microsoft Dynamics. The full patch notes are available here.
Chrome version 86 was launched earlier this week and should now be available across all major mobile and desktop operating platforms. Featuring 35 fixes, 7 of which resolve critical-severity vulnerabilities, this new version of the Chrome browser now has several password protection features for the iOS and Android variants.
Finally, Apple concluded a rigorous bug-hunting exercise with the help of ethical hacking experts. 54 vulnerabilities, 11 of them critical, were fixed following the hard work of the hacking team. The flaws were present across numerous iOS functions and applications, with the update available across devices now.
You know the drill – keep your systems protected and apply those updates as soon as possible.
Ah, it’s good to be back. We’ll return the same time next week with more of the latest cyber security news.
Want the latest Threat Thursday updates as and when they arrive?
Sign up to our newsletter and have all the latest cyber security news sent straight to your inbox. Simply drop your email in the field on the right➡️ of this page. We’ll add you straight to our mailing list.