Wednesday, December 18, 2024

BSI of Germany Disrupts BADBOX Malware

BSI of Germany did a really good job.

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.


Whether you shop online or in-store, choose your retailer wisely when buying smart TVs, mobile phones, or tablets


https://bit.ly/4gCMBIS


"...Impacted devices include digital picture frames, media players, and streamers, and likely phones and tablets."

'What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware,' the BSI said in a press release."


"Once connected to the internet, the malware embedded into the devices can collect a wide range of data such as authentication codes, and install additional malware."


"...'Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware.'


The BSI said that devices compromised by BADBOX are also capable of acting as a residential proxy service, allowing other threat actors to route their internet traffic through them while simultaneously evading detection. They could also be used to create online accounts on Gmail and WhatsApp."


"These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn't Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety..."


"Cybersecurity Bitsight, in an analysis published December 17, 2024, said it identified 192,000 BADBOX infected devices, citing telemetry data, with most of them traced back to Yandex 4K QLED TV and T963 Hisense smartphone. The top affected countries are Russia, China, India, Belarus, Brazil, and Ukraine."



Tuesday, December 10, 2024

A Decade-Old Cisco ASA WebVPN Vulnerability

If your systems are still susceptible to a decade-old vulnerability, it's clear that your vulnerability or patch management systems are not functioning effectively, or perhaps both.

This is not a hypothetical situation, but a real-world occurrence. Actually it's no surprise, as many organizations still lack a proper vulnerability management system. The worst part is, some of them are unaware of the risks involved with not having a vulnerability management system.


https://bit.ly/3Vxf5vr


"Cisco on Monday (2 Dec 2024) updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).


The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance."


"The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware."

Sunday, December 1, 2024

Cyber Attacks on UK Drinking Water Supplies

Cybersecurity is paramount for all sectors, especially those critical to our infrastructure. The consequences can be catastrophic if critical infrastructures are compromised by cyberattacks. Imagine the chaos that would ensue if you were without water for even three days.


A record number of cyber incidents impacted Britain’s critical drinking water supplies in 2024 without being publicly disclosed.


https://bit.ly/4fRV0s2


"Across all regulated critical national infrastructure sectors, more NIS incidents have been reported this year than ever before, with the transport and drinking water sectors the most impacted. In 2024, there were at least six incidents affecting drinking water infrastructure, according to data collected by Recorded Future News using the Freedom of Information (FOI) Act. In previous years there were no more than two."

Monday, November 18, 2024

Malware Via Snail Mail

Receiving malware through physical mail, delivered to your postbox on a piece of paper, might seem unusual. However, it has happened in Switzerland, and there's no reason to think it couldn't happen in your country as well.

Cybercriminals have sent physical letters containing QR codes that link to malicious software. These letters falsely claim to offer a new weather app from MeteoSwiss (the official meteorological service of Switzerland) but actually contain a QR code leading to a malicious app created by cybercriminals. Such attacks using QR codes are known as 'QR-phishing' or 'quishing'."


https://bit.ly/4fzRQJs


"...These letters are fake and have been sent by fraudsters who are trying to load malware onto mobile phones.


The letter asks the recipients to install a new severe weather app. However, there is no such federal app with the name mentioned. Rather, the QR code shown in the letter leads to the download of malware called ‘Coper’ (also known as ‘Octo2’). When the supposed ‘Severe Weather Warning App’ is installed, the malware attempts to steal sensitive data such as access data from over 383 smartphone apps, including e-banking apps.


The malware only affects smartphones that run on the Android operating system..." 

Wednesday, November 6, 2024

San Joaquin County Superior Court Cyber Attack

 

Another cyber incident about JoIP (Justice over IP).

But first recall this:

https://bit.ly/40FHQK5


Cybercriminals can target any system connected to the internet, regardless of its importance or sensitivity. From personal devices to critical infrastructure, no system is immune, including justice systems which rely on an IT infrastructure.


Last week, a cyberattack disrupted operations at a California (USA) court, causing technological outages


A pressing concern can arise among the public at this point: If cybercriminals can breach court systems, could they also manipulate critical legal documents?


Well... The answer is not easy to tell. While the exact extent of potential damage is difficult to assess, it is clear that such attacks pose a serious threat to the integrity of the justice system.


https://bit.ly/3CavMGg


"The attack knocked out all of the court’s phone and fax services, websites containing juror reporting instructions, the e-filing platform, credit card payment processing and more. Some jurors scheduled for this week were excused."


"The attack comes just months after the Los Angeles County Superior Court system was hit with a ransomware attack that caused identical issues for weeks..."


"Government bodies across California continue to face an unprecedented wave of cyberattacks affecting city, county and state-level services. On Thursday (31.10.2024), the Housing Authority of the City of Los Angeles confirmed it is facing its second major cyberattack in the last two years."