At a glance.
- Astaroth information stealer grows more evasive.
- Texas courts hit with ransomware.
- COVID-19 contact tracing privacy concerns persist through UK trials.
- Chatbooks confirms Shiny Hunters' hack.
- Celebrity law firm lays an egg.
Astaroth information stealer grows more evasive.
Cisco Talos says that the Astaroth malware (which ZDNet notes has also been tracked by IBM, Cybereason, and Microsoft) has improved its obfuscation and evasion capabilities, particularly with respect to its use of YouTube channel descriptions to carry encoded and encrypted command and control communications. Astaroth is an information stealer, and it's designed to escape detection by automated tools and in sandboxes. It begins with a malicious link in a baited email. Clicking downloads the initial payload in the form of a ZIP file from Google infrastructure. At this point "multiple tiers of obfuscation" are put in place, then anti-analysis checks are performed before the Astaroth payload is delivered. It's sophisticated malware, the work of capable developers, and a far cry from the commodity tools so often seen in criminal markets.
So far Astaroth, spread principally through phishing campaigns, has been largely confined to Brazil. That could change quickly, however, and to spread into other markets would mostly require the criminals to acquire linguistic skills beyond Brazilian Portuguese, and enough cultural savvy to adapt their phishbait to different audiences. As Cisco Talos puts it, "the likelihood of this spreading beyond just Brazil is high."
Texas courts hit with ransomware.
The Office of Court Administration, which provides IT services for Texas courts, has been hit by ransomware, according to the Hill. Their websites were taken offline after the attack, but the courts are continuing their business by other means. They’re distributing documents by dropbox, for example, and working through the infestation. Which strain of ransomware is involved hasn’t been disclosed, yet, but the courts say they’re not paying the gangs no matter what. As usual, any ransomware attack should be considered a data breach until proven otherwise.
COVID-19 contact tracing privacy concerns persist through UK trials.
NHSX's approach to contact tracing has attracted criticism of both its potential as a centralized service for abuse of private data it collects, and its ability as an opt-in service to attract enough users to become effective. Some of the criticism appears a natural outcome of any hastily assembled emergency program. The Telegraph reports, for example, that the ethics board appointed to keep an eye on the app's development has been frustrated by spotty communications from NHSX. ComputerWeekly says, however, that the app retains the support of many experts in the UK, who see it as a rational approach to risk assessment and management.
Chatbooks confirms that it was a victim of the Shiny Hunters.
CyberScoop reports that Chatbooks, a Utah-based start-up that sells albums of digital photos, confirmed that it was, as the Shiny Hunters had claimed, a victim of the gang's information theft. Chatbooks has now joined Tokopedia in acknowledging the attack. Other victims the Shiny Hunters claimed have yet to come forward to either confirm or deny that they were affected.
James McQuiggan, Security Awareness Advocate at KnowBe4, commented in an email:
"Criminal hacking groups are all about getting the most money for the records they steal or collect from various data breaches to organizations. Whether they get a thousand records or a million records, they have some potential value on the dark web. By collecting all of these records, the criminal groups can reverse engineer the passwords to build up a database for credential stuffing, an attack where users' passwords are tried against other websites or online services to gain access. These breaches are avoidable, as organizations can establish a robust security culture to get cybersecurity in the early stages of development, implementation, and monitoring consistently. End users will want to continue vigilance when it comes to spear phishing or targeted emails about their accounts. By sharing their password or some other sensitive information from the breach, a criminal's email will entice them to open attachments or click on links related to these attacks and thus compromise their systems further."
Celebrity law firm lays an egg.
“We can confirm that we’ve been victimized by a cyberattack,” attorneys-to-the-stars Grubman Shire Meiselas & Sacks told Variety. “We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.” The hackers claimed an A-list of victims, including Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC. The firm says the stars have been notified of all 756 gigabytes of privacy pain.