Cybersecurity Alerts: Weekly Update for October 30th
Get an update on this week’s cybersecurity scams.
A new Apple scam attempting to trick users in divulging their personal financial details has been uncovered. The scam targets users with an email claiming that they have ordered an app costing $35.99. The email states that users will be refunded if they haven’t ordered the app, and are asked to provide credit card details to receive a refund. However, instead of receiving a refund, the user is subjected to numerous unauthorized transactions. The email is entitled “Co Pilot Premium HD” and appears to come from Apple- beware!
With this new threat, hackers infect MySQL servers with malware in preparation for DDoS scam. The program is called Chikdos and has variants for both Windows and Linux and exploits MySQL injection vulnerabilities. MySQL servers are utilized as opposed to PCs because their bandwidth is larger, making them a better suite for carrying out large scale DDoS attacks. This Trojan was first uncovered in 2013 when the malware was being installed on servers using attacks that guessed Secure Shell login credentials. However, in this variation of the attack, the attackers are exploiting SQL injection vulnerabilities to inject malicious user defined function code into databases. The malicious code downloads and installs the Chikdos Trojan, which allows the attackers to take advantage of the server’s bandwidth for DDoS attacks.
The Dridex/Bugat is still a threat, and has been a successful tool for attackers to steal credentials for banking, CRM, supply chain and intellectual property. While this threat temporarily disappeared for about a month, it has recently reappeared due to its success at stealing valuable information. The botnet is transmitted via spam emails and infected attachments