Weekly Threat News: 24 October, 2019

  • 24 October 2019
  • 0 replies

Userlevel 7
Badge +48

Our favorite Sr. Threat Researcher, @FredFunk, is back with another round of Weekly Threat News. 



Google Will Now Let You Know If Your Password Has Been Hacked


Google Chrome has a very popular password manager built into it. One recent feature addition lets you know if your password has been leaked. It does this by checking from lists of known password breaches maintained by Google and haveIBeenPwned. Users of Chrome can check here to get a password audit.


Bitcoin Crime

Fake Tor Browser Steals Bitcoin from Dark Web Users

The Tor browser is what most people use to access the Darkweb. A fake update to the browser has been floating around online recently that maliciously alters the browser to steal cryptocurrency.

Cryptocurrency Executives Charged with Running $11 Million Ponzi Scheme


“Executives of a US company are being accused of raising at least $11 million through a cryptocurrency-based Ponzi scheme.

These funds were taken from investors on the promise that their 'investment' would be traded and exchanged for binary options on foreign currencies as well as various cryptocurrencies. Participants were reportedly promised a guaranteed return of 300 percent.

As is usually the case with a lure of huge returns for no effort, and guaranteed to boot, the promise was empty.”

More: ZD Net


Avast Hacked

  • Avast Hacked Again as Spies Steal Its Passwords
  • Avast Says Hackers Breached Internal Network Through Compromised VPN Profile



The developers of malware usually aren’t the people targeting victims. The operation, network configuration, sales, distribution, infecting, money-laundering and anything else involved with a modern malware campaign is all left to separate parties.

GandCrab was ransomware that operated in this way. It’s so called “Ransomware-As-A-Service”(RAAS) model made its developers and operators a lot of money. It constantly hit the headlines and was listed in Webroot’s Nastiest Malware of 2018. It’s operators supplied the malware to anyone who wanted it via an easy-to-use website and then took a cut of any ransoms paid.

The criminals using Gandcrab tended to hack their targets via RDP breach before deploying the malware to encrypt key data and systems. Last September Gandcrab started to disappear and, in its place, a new similar RAAS malware called REvil took over the market.

Recently REvil has been found to have been using similar codesimilar affiliates and similar tactics as Gandcrab. The new operation has also shown innovation however in it’s partnering with corporate intrusion specialists in a worrying alliance.


US Government Under Siege

State & City governance across the US has been under siege from ransomware gangs over the last couple of years. Every week there are new attack headlines.

  • September 27th: US Senate Passes Bill in Response to Rampant Ransomware, CyberAttacks
  • October 7th: North Carolina State Bar Fights Off Spread of Ransomware Attack
  • October 10th: City Of Carrollton Becomes Victim Of Cyber Attack
  • October 11th: Mississippi Shows Flagrant Disregard for Cybersecurity


The NotPetya attacks cost a lot of companies a lot of money. Years later after the dust has settled, FedEx shareholders are accusing top brass at the company of profiting from the attack. They accuse the company executives of “failing to disclose the full extent of the NotPetya ransomware attack while also selling tens of millions of dollars worth of their own stock in the company”.

More: Cyberscoop


FT Code

FT Code, the new ransomware campaign hitting Italy, has now been seen using a VBS dropper.

More: Twitter


“Moody’s issued a “credit negative” event note on the Monday ransomware attack against Pitney Bowes, one of the world’s largest providers of equipment for e-commerce and logistics, which serves 90% of businesses in the Fortune 500.

Prior to 2019, ratings agencies rarely took a stance on how particular cybersecurity incidents could impact a company’s credit or outlook. That is changing, and Moody’s rapid response to an incident that is only three days old shows how closely the ratings firms are monitoring companies for how they immediately respond to a breach. If Moody’s proceeds with a negative outlook or downgrade, Pitney Bowes could find it harder to raise money and the stock price is likely to be affected.”

More: CNBC

0 replies

Be the first to reply!