Cybersecurity Alerts: Weekly Update for December 11th
Get an update on this week’s cybersecurity threats.
Spy Banker, a type of malware infection that steals online banking credentials, spreads primarily through social media networks such as Facebook. Security researchers have noticed that a new version of the malware, which was first discovered in 2009, has been victimizing Portuguese speaking individuals in Brazil. The attack works by convincing victims to click shortened links that hold the promise of coupons, vouchers, or premium software downloads. Once the victim clicks on the link, the malware is installed on their computer and steals banking information. Because the malware exploits victims’ trust in social networking platforms, it has been particularly effective at stealing information.
This week, Cisco notified customers that many of its products, including routers, data center platforms, and wireless gateways, suffer from vulnerabilities. The most critical vulnerability impacts its Prime Collaboration Assurance software. The vulnerability is caused by an undocumented account in the software that has a default, static password that cannot be changed or deleted. This defect could enable hackers to access the system and view password and system logs, edit data, or run executables. In addition to this issue, two of Cisco’s wireless gateways and one of its routers are susceptible to bugs that attackers could leverage to carry out malicious attacks. Currently, there are no updates that fix the vulnerabilities, but Cisco is tracking the issue to ensure that the vulnerabilities are not exploited for malicious purposes.
On November 30th and December 1st, DDoS amplification attacks were carried out against several of the Internet’s 13 root name severs, which are used to resolve IP addresses. During the attacks, large volumes of traffic of up to five million queries per second were directed at the servers. While these attacks had minimal impact on the Internet as a whole, they are notable due to the fact that they differ from typical DNS amplification attacks. Instead of using DNS name servers as reflection points to overwhelm third parties, amplified queries were sent to the DNS root name server letters and the source addresses were randomized and distributed.
Security researchers have noticed an increase in Bitcoin extortionist groups. Bitcoin extortionists threaten victims with DDoS attacks unless they pay a ransom fee in Bitcoin currency. In order to force victims to pay, the attackers flood the victim’s website with malicious traffic. One of the more notable extortionist groups goes by the name, “The Armada Collective”, and is suspected of carrying out multiple damaging DDoS campaigns, including a recent attack against encrypted email service ProtonMail.