Cyber Security Bulletin: Two Malware vulnerabilities & a Ransomware attack
The malware target all Android devices & the macOS, while hackers targeted one of the biggest data centers in the U.S
Hacker attacks and Malware intrusions are becoming commonplace with every passing day. Nothing seems to be secure anymore, be it mobile devices, desktop computers, data centers. This past week saw three such vulnerabilities coming to light. The first two were malware — one related to all the Android devices, while the second affected macOS. And the third incident was a targeted ransomware attack on a major data center in the U.S.
The name comes from the Swedish roots of the malware. Although the vulnerability is not a new one, security firm Promon has outlined the dangers of this malware as a more dangerous version of the malware has started to propagate across the internet in recent months. The vulnerability affects all Android phones across the board.
StrandHogg disguises itself as a legitimate app. It launches itself by interrupting the flow when you are actually opening a legitimate app. A pop up appears asking you to give a series of permissions thorugh popups — ones which you usually see when opening certain apps on your smartphone.
“We appreciate the researchers’ work, and have suspended the potentially harmful apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.” ~ Google
Once the attacker gets permission, they can access anything & everything on your phone including your contacts, location, and stored data. The security experts at the Promon found the existence of 36 malicious apps that exploit the flaw. The malware was discovered by Promon when banks in the Czech Republic reported users’ accounts being emptied.
All 500 most popular apps tested by Promon tested positive for the vulnerability. While Google confirmed removing all 36 malicious apps, the researchers at Promon still believe that the vulnerability has not been fixed for any Android version. I don’t know how much comfort can you take from Google’s statement above.
Another malware discovered by security researcher Dinesh Devadoss appears to have originated in North Korea by the hacking group Lazarus, as reported by Bleeping Computer. The malware was found on a notorious website “unioncrypto.vip” claiming to be a crypto trading platform but devoid of any live links.
The malware’s ability to transfer data from a remote location to run it locally was of particular concern to researchers. At the time of the report publishing, the vulnerability could not only de detected by five anti-virus programs. However, one weakness of the malicious program is that it has no certificate thus raising an alert from macOS (picture below). According to the researchers, the malware seems to be aimed at crypto holders.
REvil (Sodinokibi) ransomware
Hackers had a field day as one of the biggest data center providers in the US came under a ransomware attack. The hackers targeted CyrusOne’s network with the purpose of extorting money as reported by ZDNet. The ransomware variant has apparently hit several other institutions over the summer — a few managed service providers in June & 20 local Texas governments and 400+ dental offices across the country in August.
According to the company, they are working with law enforcement agencies & security experts to investigate and restore the affected systems. Six managed service customers from their New York data center are unable to use the services due to encryption by the ransomware. The threatening ransom note suggests it was a targeted attack against the company’s network.
CyrusOne has a clientele of over 1,000 customers and owns 45 data centers across Europe, Asia & the Americas. The publicly-traded company on the NASDAQ (CONE), had ironically listed ransomware as a risk factor in its SEC filing last year.
It makes you wonder though if they did anything to address that as well?