The CyberWire Pro Research Briefing for 12.5.19

Summary

By the CyberWire staff

Older, poorly configured and indifferently maintained networked security cameras have long been known to represent a threat to privacy and network security. Genetec has found that as many as one in four security cameras are more part of the problem than they are part of the solution.

McAfee offers some updates on the Buran family of ransomware it first described in May. Buran (that is, “Blizzard”) is widely traded in Russophone criminal souks, where it’s flacked as a “stable offline cryptoclocker, [sic] with flexible functionality and support 24/7.” The Rig exploit kit is a common delivery mechanism.

Elsewhere in the criminal-to-criminal market, Proofpoint is following “Buer,” which it describes as a new loader. Buer has been distributed through malvertising that redirects to the Fallout exploit kit; it’s also being pushed by phishing, the payload carried in malicious Word document macros. The going price for Buer is $400.

Selected Reading

Russian Trolls Are Hammering Away at NATO’s Presence in Lithuania (Nextgov.com) A broad disinformation campaign of fake news and other tricks aims to turn the Baltic nation’s public against the alliance.

The Great Cannon DDoS Tool Used Against Hong Kong Protestors’ Forum (BleepingComputer) The Great Cannon Distributed Denial of Service (DDoS) tool was deployed again to launch attacks against the LIHKG social media platform used by Hong Kong protesters to coordinate during this year's anti-extradition protests.

Buer, a new loader emerges in the underground marketplace (Proofpoint) New actively marketed downloader avoids CIS countries, evades detection

Buran Ransomware; the Evolution of VegaLocker (McAfee Blogs) McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other

IBM sounds alarm about more data-wiping malware from Iran (CyberScoop) IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East.

Payment card-skimming malware targeting 4 sites found on Heroku cloud platform (Ars Technica) Why host skimmers yourself when you can abuse a service to do it for free?

Increase in attacks using Outlook flaw (SC Magazine) Organisations warned of full intrusion with just flaw and one phish - due to flaw they should have fixed and is actively used by multiple threat actors.

''Ransomware attacks to morph into 2-stage extortion campaigns'' (Outlook India) Ransomware attacks are set to morph into two-stage extortion campaigns and criminals will exploit their extortion victims even more in 2020, cyber security company McAfee said on Thursday.

New Genetec research shows almost 4 in 10 security cameras can be at risk of cyber-attack due to outdated firmware (West) Genetec primary data also shows that almost 1 in 4 organizations rely on default passwords for their security cameras

Quick Analysis of CVE-2011-0609 Adobe Flash Player (AlertLogic) The attack makes use of a SWF file embedded inside an Excel file, which is delivered as an email attachment. The vulnerability can allow an attacker to inject and execute malicious code on a target system.

Hackers Find Ways Around a Years-Old Microsoft Outlook Fix (Wired) Microsoft patched a vulnerability in Microsoft Outlook in 2017. It hasn't slowed hackers down.

Valimail research demonstrates that email remains a weak link in U.S. election infrastructure (Valimail) As we head into the 2020 election season in the United States, a key component of the U.S. election infrastructure remains vulnerable to attack.

Online Trust Audit for 2020 Presidential Campaigns Update (Internet Society) On 7 October 2019, the Internet Society’s Online Trust Alliance (OTA) released the Online Trust Audit for 2020 U.S. Presidential Campaigns. Overall, 30% of the campaigns made the Honor Roll, and 70% had a failure, mainly related to scores for their privacy statements. As part of this process, OTA reached out to the campaigns, offering …

Special Report: 2020 U.S. census plagued by hacking threats, cost overruns (Reuters) In 2016, the U.S. Census Bureau faced a pivotal choice in its plan to digitize t...