Attacks

BitKeep recommends that anyone who may have installed the trojanized app should first download the official app from a trusted source like the Google Play Store, create a new wallet, and transfer all funds to it before removing the malicious version of the app. Any wallets created via the malicious app should be treated as compromised. In general, Binary Defense recommends only installing applications from the official app stores, such as Google Play for Android…

Read More

Data breaches involving healthcare or insurance information could result in insurance fraud. In addition to the normal precautions such as placing a freeze request with the major credit bureaus and monitoring financial accounts for unusual transactions, victims of medical data breaches should also be aware that identity thieves might attempt to get expensive medical procedures using their stolen insurance information. Carefully check “Explanation of Benefits” (EOB) forms or online claims notifications and promptly inform health…

Read More

The primary risk introduced by this breach is the combination of the unencrypted metadata with customer account information. With those two pieces of information, malicious actors can put together a profile of websites the exposed customers have accounts on, combine that with open source intelligence (OSINT) from social media, and perform activities such as spearphishing, vishing, or other social engineering techniques against employees. Additional social engineering awareness training may be effective over the next couple…

Read More

Pay-per-install services aren’t new, but their presence usually indicates a reasonable degree of confidence by the service provider that their malware will provide the desired end state to their client. Primarily, companies should keep any Detection and Response systems (EDR/MDR/XDR/etc.) and Anti-Virus (AV) up-to-date to identify the latest detected malware campaigns. Additionally, netflow analysis and DNS monitoring can help detect command and control (C2) and data exfiltration, which requires an understanding of baseline user behavior…

Read More

Although this proof of concept (PoC) was crafted for academic proposes, it does establish that if an attacker were to trick a victim into downloading the right application, these types of data could be extracted from the victim’s phone calls. The researchers suggest that phone manufacturers should ensure sound pressure stays stable during calls and place the motion sensors in a position where internally originating vibrations are either leaving motion sensors unaffected, or at the…

Read More

The main methods that Zerobot uses to infect a system, via brute-force or vulnerability exploitation, can easily be prevented by following a few recommended steps. The first recommendation would be to make sure all devices on a network are up-to-date on their patches, particularly any Internet-facing devices. The threat actors rely on devices remaining unpatched to infect systems and grow their botnet, so by making sure all devices are up-to-date and not vulnerable, an organization…

Read More

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon…

Read More