US Treasury secretary says extortion software poses a threat to the economy, Google warns 2billion chrome users ｜ global network security hotspot

Safety information report

Finance minister Yellen said extortion software posed a threat to the economy “ Direct threat ”

US Treasury Secretary Janet ·L· Yellen （JanetL. Yellen） Express , The amount paid for suspected ransomware may double this year , Pose a threat to the U.S. economy “ Direct threat ”.

Yellen's comments appeared in a recent Treasury report , The report is close to 6 Billion dollars of trading and financial services companies in 2021 Submitted to the US government six months ago “ Suspicious activity report ” Ransomware payment in . According to the report ：“ Extortion software and cyber attacks are harming businesses large and small in the United States , And pose a direct threat to our economy .”

However , Before the federal leadership and the company make a broader coordinated response and a greater sense of urgency to the continuing threat of ransomware attacks , Paying a ransom may be the only reasonable option . In blackmail software attacks , Victims often don't get help from the government , Because the government lacks the manpower and resources to deal with more and more attacks .

2021 year 5 month , Hackers used blackmail software to attack and extort millions of dollars in ransom , Destroyed colonial pipelines and led to a shortage of gasoline in the United States .

It is believed that , The cyber criminals who initiated extortion software mainly came from Russia and the former Soviet Union , There are also activities in North Korea and Iran . The name of the hacker organization is very sinister ：DarkSide、REvil、BlackMatter and EvilCorp.

9 month 1 Japan , The FBI issued a warning saying , Ransomware attacks are targeting the U. S. Food and Agriculture Department , Cause financial damage and affect the U.S. food supply chain .9 late , Iowa corn and soybean farmers owned agricultural cooperatives New CooperativeInc. It's been attacked BlackMatter Blackmail software organization attacks . The attacker asked the cooperative to pay for the decryption key 590 Thousands of dollars , And do not publish stolen data .

President Joe Biden announced last week that cyber security is a global crisis , And 30 Allies and friendly countries held blackmail Software Summit .

Network security company Recorded FutureInc. Senior threat Analyst Allan Liska Tell Bloomberg ：“Sinclair Seems to have been affected Macaw Blackmail attacks , This is a 10 A relatively new virus was first reported at the beginning of this month .”

Network security company Recorded Future Blackmail Software Analyst Allan Liska tell NBC, So far this year only , About 850 Health care networks and hospitals are affected by ransomware . According to Philips and CyberMDX A new study of , As ransomware attacks continue to escalate , Nearly half of American hospitals have disconnected from the Internet in the past six months .

News source ： 

https://thecrimereport.org/2021/10/21/u-s-treasury-tags-ransomware-as-growing-threat-to-economy/

Technology giant Acer confirmed , Hackers have hacked into some of their systems in Taiwan, China

Acer initially confirmed , In a program called Desorden The group claims to have stolen more than... From Acer India 60GB After the data of , Some of its servers in India have been hacked .

Hackers claim to have obtained information from millions of customers 、 Login credentials used by thousands of retailers and distributors, as well as various corporate and financial documents . Acer immediately confirmed that its Indian servers were damaged , But describe it as an isolated attack on its after-sales service system in India .

According to the DataBreaches.net call , Hackers said , They also broke some Acer systems in Taiwan, China , And claimed that the servers in Malaysia and Indonesia are also vulnerable to attacks . allegedly , The attacker stole employee information from servers in Taiwan, China .

In the second statement issued by the company , Acer confirmed that the attack was detected in Taiwan, China , But emphasize that customer data has not been damaged . Acer said ：“ The incident has been reported to the local law enforcement department and relevant departments , No disruption to our business continuity , There is no significant impact on our finances and operations .”

Desorden It is common to steal files from major organizations , Then threatened that if the victim didn't pay the ransom , Sell it on the black market . From Acer's statement , The company will not pay any ransom .

News source ： 

https://www.securityweek.com/acer-confirms-breach-servers-taiwan

Two eastern Europeans have been sentenced for providing bomb proof hosting services to cyber criminals

Two eastern European nationals were charged with providing “ Bulletproof trusteeship （bulletproofhosting）” Serving in the United States , They are 2009 - 2015 During the year, the technology infrastructure was used to distribute malware and attack financial institutions nationwide .

Estonia 30 Year old Pavel Stassi And Lithuania 33 Year old Aleksandr Shorodumov They were respectively sentenced to 24 Monthly sum 48 Months in prison .

The development is in Stassi and Shorodumov And Russian Aleksandr Grichishkin and Andrei Skvortsov This year, 5 Earlier this month on Racketeer Influenced Corrupt Organization(RICO) A few months after the charge and the confession . The U.S. Department of justice （DoJ） Express , Two other co defendants, grishkin and skvorzov, are awaiting sentencing , Face the highest 20 Year imprisonment .

Court documents show , Both work as administrators at an unnamed bulletproof hosting service provider , The provider will IP Address 、 Servers and domains are leased to cybercrime clients , To spread malware , for example Zeus、SpyEye、Citadel and Blackhole Exploit kit. Access the victim's machine , Add them to the botnet , And steal bank vouchers .

Besides , The defendant also monitored the website used to block the technology infrastructure , Help their clients anonymize their criminal activities from law enforcement , Then move the tagged content to a new infrastructure registered as a fake or stolen identity , To deliberately increase the difficulty of tracking .

News source ： 

https://thehackernews.com/2021/10/two-eastern-europeans-sentenced-for.html

Google has disrupted large-scale phishing and malware activities

According to Google's threat analysis team (TAG) That's what I'm saying , since 2019 Since the end of , It has been sabotaging phishing activities run by networks of Russian hackers' subcontractors , These subcontractors have been “ Highly customized ” Phishing emails and stealing cookie Target malware , Aimed at YouTube user .

The main objective of the organization is to hijack YouTube Account for live broadcast fraud , These scams offer free cryptocurrencies in exchange for initial contributions . Another major source of income for the organization is the sale of hijacked YouTube channel , The price from 3 Dollar to 4,000 Dollar inequality , It depends on the number of subscribers to the channel .

Google said , By the end of this year 5 month , It has intercepted 160 Million messages sent to the target , Shows 62,000 A safe browsing phishing alert , And recovered about 4,000 Hijacked accounts .

Phishing email offers are designed to steal sessions from browsers cookie Of malware . although “ Pass on cookie” Attacks are not new , But it's clever ： It does not bypass multi factor authentication (MFA), But even if the user enables MFA Can also work , Because conversation cookie Theft has been authenticated by two factors after the user uses it , Such as passwords and smartphones . Once the malware executes ,cookie It will be uploaded to the attacker's server for account hijacking .

TAG analysts Ashley Shen explains ：“ It has become the biggest security risk again possibly due to multi factor authentication (MFA) The widespread adoption of makes abuse difficult , And shift the attacker's focus to social engineering strategies .”

Google attributed the event to a group of “ Recruit in Russian forums ” Of “ hackers ”. then , The contractor deceives the target with false business opportunities , For example, through anti-virus software 、VPN、 Music player 、 Photo editing software or online game demo opportunities to make money . But then the attacker hijacked YouTube Channel and sell or use it to broadcast cryptocurrency scams .

News source ： 

https://www.zdnet.com/article/google-disrupts-massive-phishing-and-malware-campaign/

Security vulnerabilities threaten

APT Attackers exploit older Microsoft Vulnerability use business RAT Trojans invade

APT Disguised as a family IT company , Take advantage of an existence 20 Years old and powerful Microsoft Office Loophole , Attacking targets in Afghanistan and India .

The researchers found that , One is described as “ Lone Wolf ” Of APT Taking advantage of a that has been around for decades Microsoft Office defects , Provide large quantities of goods to organizations in India and Afghanistan RAT.

Attackers use political and government themed malicious domains as bait for activities , The goal is to use out of the box RAT Mobile devices , For example, it applies to Windows and AndroidRAT Of dcRAT and QuasarRAT. according to CiscoTalos A report released on Tuesday , They make use of CVE-2017-11882 Provide... In malicious documents RAT.

CVE-2017-11882 yes Microsoft Office One of them exists 20 Years of memory corruption vulnerability , The vulnerability occurred in the company on 2017 Years before the repair 17 year . However , Just two years ago , The attacker is found to exploit this vulnerability , Allow them to automatically run malicious code without user interaction .

The researchers say , The high-level continuing threat behind this campaign (APT) In the reconnaissance phase of the two-step attack, the user-defined file enumerator and infector are also used , A second phase was subsequently added to subsequent versions of the campaign , To deploy the final RAT Payload ,RAT Trojans have multiple functions to achieve full control over victim endpoints .

The researchers say , To host malware payloads , Threat actors have registered multiple domains with political and governmental themes , Used to deceive the victim , In particular, areas related to Afghanistan's diplomatic and humanitarian efforts , To entities in that country . This activity reflects cyber criminals and APT Use goods for a variety of reasons RAT Instead of customizing malware to deal with victims, the trend has increased .

The researchers point out that , Using goods RAT Provides attackers with a range of out of the box capabilities , Including preliminary reconnaissance capability 、 Arbitrary command execution and data disclosure . Using commodity malware can also save attackers time and resource investment in developing custom malware .

News source ： 

https://threatpost.com/apt-commodity-rats-microsoft-bug/175601/

Google to 20 Billion Chrome The user sends a warning

After identifying four serious vulnerabilities less than two weeks ago , Google has released a new blog post , Revealed in Chrome Five others were found in the “ high ” Level 1 vulnerabilities and others 11 A loophole .

According to standard practice , Google is currently restricting information about new hackers , In order to Chrome Users buy time to upgrade . therefore , That's all the company is sharing about the high rating threat ：

• high -CVE-2021-37981：Skia Heap Buffer Overflow in .
• high -CVE-2021-37982： Free use in stealth mode .
• high -CVE-2021-37983： Free use in development tools .
• high -CVE-2021-37984：PDFium Heap Buffer Overflow in .
• high -CVE-2021-37985： stay V8 Free use in .

Although lack of details , But the new threat continues the pattern of recent months .“Use-After-Free”（UAF） Vulnerability last month to Chrome More attacks than 10 times , This month has exposed a zero day UAF Loophole , Three other high-level attacks （ Six in all ） Constitutes the latest loophole .

To counter these threats , Google has released an important Chrome An updated version 95.0.4638.54. The upgrade method is to navigate to Settings>Help>About Google Chrome, testing Chrome Version number of , Update to the latest version , Restart browser .

News source ： 

https://www.forbes.com/sites/gordonkelly/2021/10/20/google-chrome-hack-new-attack-exploit-upgrade-chrome-now/