Week 08: Malware

Barnes & Noble confirms cyberattack, ransomware group leaks allegedly stolen data

On October 20, 2020 Barnes and Noble confirmed that a cyber attack impacted Nook services and exposed customer data. Over the weekend customers reported multiple instances of outages. Customers were not able to access their nook library and their previous purchases were no longer recorded. The Outage also affected physical assets such as cash register. There is speculation that Barns and Noble could be infected with malware that affects point of sale systems (POS) . Customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories may have been exposed during the breach. The article mentioned that the bookseller’s VPN servers were previously vulnerable to CVE-2019-11510, an arbitrary read vulnerability.Security flaws like this can be used to compromise corporate networks and deploy payloads, including ransomware.

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and scareware. Malware spreads in computer when you download or install an infected software. They also enter your computer through an email or a link. Once malware enters the computer, it attaches itself to different files and overwrites the data. 

Effects of Malware: 

• Disrupts Operations 
• Steals sensitive information.
• Allows unauthorized access to system resources.
• Slows computer or web browser speeds.
• Creates problems connecting to networks.
• Results in frequent freezing or crashing.

There are new phishing email that are impersonates as an automated email from Microsoft Teams (Zurier, 2020).

The email is being sent to the user with the header “There’s new activity in Teams”. Which also includes the content that would be in the real Microsoft
Teams automated email. It includes the notification that someone within their team is trying to reach them and it urges the user to click on reply bottom to  reply to that user. By clicking the reply button, it takes the user to a phishing website that look similar to Microsoft Teams login page which includes the username and password fields. If the user logs in to the impersonated website their login credential as well as their information stored within their account will be compromised.

Accordingly to the Abnormal Security blog, cooperate users are more likely to fall victim for this phishing email since they would believe the email is originated from their organization and by view the content in the email that are same as Microsoft Teams automated email (Zurier, 2020).

References:

Zurier, S. 2020. Attackers prey on Microsoft Teams accounts to steal credentials. Retrieved from: https://www.scmagazine.com/home/security-news/vulnerabilities/attackers-prey-on-microsoft-teams-accounts-to-steal-credentials/

Intro-to-Ethical-Hacking-Week-8

Emotet botnet is one of the largest sources of malspam. Malspam is a term used to describe emails that deliver malware-laced file attachments. Emotet has recently developed a new campaign that show a message claiming to be from the Windows update service, telling users that the Office app needs to be updated. Like they’re other malspam, this is done by clicking the enable editing button. These malware documents are being sent from emails with spoofed identities that appear to come from acquaintances and business partners.

Emotet is know for using a technique called conversation hijacking, meaning it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and finally adding the malicious office documents as attachments. The technique is generally hard to notice which is why Emotet manages to infect corporate and government networks on a regular basis. Proper security awareness and training is generally the best way to safeguard against Emotet attacks. Any user that works with emails daily must be made aware of enabling macros inside documents as this feature is rarely used for legitimate purposes. The article goes on to show a list of the most popular Emotet document lures.

 

https://www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/#ftag=RSSbaffb68

The readings this week gave us a working definition of what malware is.  According to the Wikipedia article, malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.

Question for the class

What is some popular malware that you recall being in the news in recent years?