2017-4-3 Global Cyber Attack ReportApril 3, 2017
TOP ATTACKS AND BREACHES
- America’s Job Link Alliance (AJLA), a job portal of the US Department of Labor, has been breached, exposing personal data of an unknown number of job seekers.
- Hacktivists plan to carry a large-scale operation of DDoS and defacement attacks against Israeli targets on April 7. The operation, named ‘OpIsrael’, has being carried at the same date for several years now. Among the tools distributed online for the usage of hacktivists during OpIsrael, were two alleged denialof-service tools that were found to actually be remote access Trojans (RAT).
- Turkish hacktivists have been participating in a threat campaign against Dutch targets since mid-March. In the campaign, named “Netherlands Operation”, hacktivists claim to have defaced 252 Dutch websites. The campaign follows the growing political tensions between Turkey and Netherlands.
- A new ransomware named Sanctions has recently been observed in the wild. The ransomware, which seems to be named after the western sanctions on Russia, demands 6 bitcoins (approximately 6,500$) for decryption. The malware is likely to be used in targeted attacks.
- A phishing campaign has targeted Github repositories owners, trying to infect them with Dimnie, a downloader with info-stealing capabilities. The phishing emails were pretending to be a job proposal, with an attached Word document incorporating a malicious macro downloading Dimnie. Check Point AV blade provides protection against this threat (Trojan.Win32.Dimnie)
- A new phishing campaign targets World of Warcraft players, promising them free in-game pets, while actually stealing their game credentials.
VULNERABILITIES AND PATCHES
- VMware has released a security update addressing 4 vulnerabilities, including 2 critical vulnerabilities
allowing running arbitrary code on a host.
- Google has released a security update for Chrome, addressing 5 vulnerabilities, one of which is rated
critical and the rest are of high severity.
- Researchers have disclosed 2 vulnerabilities in Gigabyte BRIX platform. If exploited, the vulnerabilities may allow elevating privileges, executing arbitrary code and installing a backdoor in the firmware level.
THREAT INTELLIGENCE REPORTS
- A new report describes Cerber’s sandboxing evasion technique, using self-extraction.
- WikiLeaks has leaked the source code for the CIA’s secret anti-forensic Marble Framework, under its “Vault7” leak project. According to the leak, Marble is a tool used by the CIA for code obfuscation. The Framework also includes a de-obfuscator.
- According to a new report, almost 1.4 billion records were breached worldwide in 2016, in 1,792 incidents. The number of breaches in 2016 was 86% higher than in 2015. 59% of the incidents were of identity theft. The two most targeted sectors for breaches were government and technology, with 28% of the incidents each. 80% of the incidents happened in North America (almost solely in the US).
- The author of TinyNuke banking Trojan has leaked his malware’s source code. According to researchers, the leak was made after the author suffered bad reputation in threat actors’ underground forums. A new report describes Sundown exploit kit’s activity and growing significance in the exploit kits