Threat News

Weekly Threat News: 2nd Januaray

  • 2 January 2020
  • 0 replies
Weekly Threat News: 2nd Januaray
Userlevel 7
Badge +48

Our Senior Threat Research Analyst, @FredFunk, is back from holidays and has a fresh batch of 2020 threat news for you. 


General News


Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities

Mirai was one of the biggest botnets ever seen. It consisted of millions of compromised IoT and other connected devices including routers. This army of devices was put to criminal use launching huge DDoS and other attacks. The Mirai model was so successful it spawned many variants and one of these variants, ECHOBOT, was discovered in mid-2019. Whereas the original Mirai compromised devices using a small amount of likely passwords (such as typical hardcoded router credentials) and exploits ECHOBOT uses a staggering amount of different device vulnerabilities and affects a wide range of devices.

By targeting web and networking software as well as the classic Mirai targets of embedded IoT OS, ECHOBOT has greatly increased its ability to spread. There has been a lot of research that has gone in to crafting these attack modules and the improvements the malware authors have made over the last year have been very effective.

What Is the Purpose of ECHOBOT Targeting Legacy Systems or Brand-New Ones?

IoT has had big updating and patching problems since the beginning that have seriously affected security. A lot of IoT devices are either very awkward to patch, unpatchable or impossible to patch/update automatically. For this reason, there are a huge amount of legacy connected devices such as routers and IoT devices out there that are easy to find and compromise. Even knowing that a device is vulnerable is an issue. On a Windows machine for example a user might get a warning regarding out of date software or operating systems but for a lot of these devices targeted by ECHOBOT, users wouldn't know that updates are needed and even if they did they wouldn't know how, as updating a router for example isn't as simple as clicking a button.

Brand new exploits are less likely to have been patched by the administrators or users, so this makes sense to target.

More: Palo Alto Networks

Aon: Global Cyber Losses Expected to Hit $6 Trillion By 2021. “Cyber Resilience” Key

I haven’t ever read a cybercrime cost prediction that has been remotely positive and this recent report from Aon shouldn’t come as a surprise to anyone.

Annual global cyber losses are expected to hit US$6 trillion by 2021, with cybersecurity spending projected to exceed a total of US$1 trillion for the five years leading up to 2021, according to a new report from Aon quoting statistics from Cybersecurity Ventures.

While the immediate costs of a cyberattack can be significant, Aon’s report suggested that damage to a business’s reputation could cost just as much or even more in the long term.

The reputational crisis resulting from an attack can erode a company’s market value, destroy brand loyalty, limit companies’ digital transformation efforts and even lead to a credit-rating downgrade,”Aon said. An effective cyber resilience strategy can help mitigate both immediate and long-term financial losses.


More: Insurance Business Mag




CEO Who Held $150M in Crypto Died in a Region Known for Having a Fake Death Mafia

Two weeks ago, I shared the story of Gerald Cotton, the CEO who died suddenly in India last year and took with him the only passwords to the company’s $137 million in reserves. Ernst & Young auditors had found plenty of irregularities in the companies finances and investigators representing the thousands of people out-of-pocket since his death have concluded that he faked his own death, even going so far as to ask for his exhumation.

More interesting details of the case have emerged, and fake deaths are apparently all to common in the region of India where he disappeared. The issue of fake doctors certs is an issue in Indian towns like Mumbai and Jaipur (where Cotton’s death cert was issued) and various attempts by the central Indian government to stamp out fraud haven’t been effective sofar.

More: News BTC

Chrome Extension Caught Stealing Crypto-Wallet Private Keys

It probably goes without saying but entrusting your bitcoin wallets to a brand-new Chrome extension called “Shitcoin” was probably never a good idea. The Google Chrome extension was injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.

More: Security Affairs


0 replies

Be the first to reply!