Weekly Axis Of Easy #230
Last Week’s Quote was “Never do anything against conscience even if the state demands it.” by Albert Einstein. There were two correct guesses but Mike got it first!
This Week’s Quote: “Get your facts first, then you can distort them as you please.”…by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
Attention! We are now hiring in two roles, one in Dev and the other in support.
Check out the job descriptions here:
https://easydns.com/blog/2022/01/10/were-hiring-a-ux-dev/
https://easydns.com/blog/2022/01/17/were-hiring-a-support-representative/
In this issue:
- False QR codes can steal your money and passwords
- FIN8 Group targets U.S Bank with New White Rabbit Ransomware
- Israel authorities deny illicit police use of NSO Spyware on protesters
- Hackers impersonate the US Department of Labor in recent phishing attacks
- Cyberattacks targeting Ukrainian infrastructure are part of a broader plot
Elsewhere online:
- Facebook loses its bid to dismiss antitrust claims
- Walmart files a trademark to provide cryptocurrency
- Apple warns that antitrust bills would increase risk
- Microsoft launches a new ‘inclusiveness’ checker
- Russia’s hackers use malicious traffic directions
False QR codes can steal your money and passwords
According to a recent FBI alert, hackers are now taking advantage of the QR code’s high familiarity and tampering with the pixelated barcodes to redirect victims to sites that steal login credentials and financial information.
The announcement doesn’t cite recent QR scams but tells users how malicious QR codes are helpful to scammers as the barcode images bypass email filters that use URL scanners to block malicious links.
The FBI alerted that “cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.“
Although QR codes are not malicious, the FBI warns that it is crucial to practice caution when providing financial information or submitting a payment through a site accessed via a QR code. In their announcement, the FBI also stated that law enforcement couldn’t guarantee the return of funds after transfers had been made.
Read: https://www.zdnet.com/article/fbi-warning-crooks-are-using-fake-qr-codes-to-steal-your-passwords-and-money/
FIN8 Group targets U.S Bank with New White Rabbit Ransomware
A new ransomware family named ‘White Rabbit’ has been spotted by researchers, believed to be linked to the financially-motivated FIN8 group. The never-before-seen ransomware strain was recently deployed against a local bank in the U.S in December 2021.
As Trend Micro reports, this new ransomware is similar to the older Egregor ransomware family when hiding its tracks and remaining undetected. The researchers noted that one of the most notable aspects of White Rabbit’s attack is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine.
Experts stated that they could find evidence of a link between FIN8 and White Rabbit in samples dating back to August 2021, as the malware uses a previously unknown version of the Badhatch backdoor associated with FIN8.
Since FIN8 is known for its infiltration and surveillance tools, Trend Micro suggests the connection could indicate that the group is expanding its arsenal to include ransomware.
Read: https://thehackernews.com/2022/01/fin8-hackers-spotted-using-new-white.html
Israel authorities deny illicit police use of NSO Spyware on protesters
Several Israeli authorities have dismissed the claims that police illicitly used controversial spyware developed by NSO Group to monitor critics of Benjamin Netanyahu and other citizens.
On Tuesday, a business newspaper named Calcalist published allegations that police used NSO’s spyware Pegasus to hack into the phones of the leaders of the protests against then-Prime Minister Netanyahu. The newspaper also reported that authorities allegedly hacked the phones of other citizens while trying to shore up investigations into crimes.
On Wednesday, Omer Bar-Lev, the minister responsible for Israeli police security, said on Army Radio that there may have been instances in which people used the software without authorization, but no evidence has been found.
Tehilla Shwartz, a digital expert from the Israel Democracy Institute, Altshuler, suggests that the claims over the use of NSO technology have brought to light that governments —even democratic ones— have expanded the use of spyware beyond its declared purposes, stopping crime and terrorism.
Read: https://www.bloombergquint.com/onweb/israel-pushes-back-on-alleged-illicit-police-use-of-nso-spyware
Hackers impersonate the US Department of Labor in recent phishing attacks
In the latter half of 2021, email security provider Inky detected a malicious campaign that imitated the US Department of Labor as a way to steal the account credentials of unsuspecting victims.
On Wednesday, Inky’s blog reported that most of the emails seemed to come from no-reply@dol.gov, the actual domain for the Department of Labor. The malicious emails claimed a senior employee to trick users by inviting them to submit bids for alleged government projects. The victim would receive an attached PDF with a button that, when clicked, would take them to a form asking for their credentials to submit a bid using a Microsoft account or other business account.
Phishing attacks like these tend to be very effective as the emails in question seemed to be from reliable sources.
Read: https://www.techrepublic.com/article/phishing-attack-spoofs-us-department-of-labor-to-steal-account-credentials/#ftag=RSS56d97e7?&web_view=true
Cyberattacks targeting Ukrainian infrastructure are part of a broader plot
As part of a more significant wave of malicious activities aimed at sabotaging critical infrastructure, Ukraine has been targeted by coordinated cyberattacks and a data-wiping malware called WhisperGate.
On Monday, the Secret Service of Ukraine confirmed the two incidents were linked and that some of the compromised systems had been accessed by exploiting the recently disclosed vulnerabilities in Log4j.
For its part, the Ukrainian Cyber Police is investigating a combination of three potential areas of intrusion that may have been used in the attacks – a supply chain attack on an IT company that manages websites for the Ukrainian government, exploitation of the October CMS flaw, and Log4j vulnerabilities.
Although neither the Cyber Police nor the SSU attributed the disruptive activities to any threat group or financially motivated actor, the Ministry of Digital Transformation of Ukraine accused Russia of waging a “hybrid war” against its neighboring country.
Read: https://thehackernews.com/2022/01/ukraine-recent-cyber-attacks-part-of.html?&web_view=true
Elsewhere online:
Facebook loses its bid to dismiss antitrust claims
https://www.reuters.com/legal/litigation/facebook-loses-bid-dismiss-users-data-privacy-antitrust-claims-2022-01-18/
Walmart files a trademark to provide cryptocurrency to shoppers
https://www.cnbc.com/2022/01/16/walmart-is-quietly-preparing-to-enter-the-metaverse.html
Apple warns that antitrust bills would increase the risk of security breaches to iPhone users
https://www.cnbc.com/2022/01/18/apple-says-antitrust-bills-increase-risk-of-iphone-security-breaches.html
Microsoft launches a new ‘inclusiveness’ checker for Word
https://www.thesun.co.uk/tech/17306137/microsoft-inclusiveness-checker-office365-word/
Russia’s hackers broadly use malicious traffic directions to distribute malware
https://thehackernews.com/2022/01/russian-hackers-heavily-using-malicious.html?&web_view=true
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- January 17th, 2022: Hackers Impersonated Amazon To Deploy Ransomware
- January 10th, 2022: NY AG Notifies Threat Actors Stole 1.1 Million Customer Accounts From 17 Well-Known Firms
- January 3rd, 2022: LastPass VP Claims No Passwords Were Compromised In The Recent Breach Scare
- December 29th,2021:During Lockdowns, Canadian Officials Tracked 33 Million Mobile Phones
- December 20th, 2021: Threat Actors Exploit The Second Log4j Vulnerability As A Third Flaw Is Discovered
Mark Jeftovic
Robert McNamara?
Mark Twain/Samuel Langhorne Clemens