Security News > 2020 > December

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "Killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. FireEye said hacked networks were seen communicating with a malicious domain name - avsvmcloud[.

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. Initially, ransomware groups that leverage SystemBC have been observed first infecting systems using spam or phishing emails.

Dutch prosecutors Wednesday said a man had cracked US President Donald Trump's Twitter account in October despite denials from Washington and the company, but added that the so-called "Ethical hacker" would not face charges. Both the White House and Twitter have strenuously denied reports that the account had been hacked.

INDEPENDENCE, Mo. - A ransomware attack on the city of Independence's computer systems has left some residents unable to pay their utility bills. The cyberattack occurred last week, officials in the Kansas City suburb told KSHB. City Manager Zach Walker said that 90% of the billing issues plaguing the city trace back to the cyberattack, which has left customers unable to pay their utility bills online and has caused a delay in bills being delivered by mail.

SECOND UPDATE. A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated," it said in an updated bulletin on Thursday.

Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites. While Avast spotted the extensions in November 2020, they estimate that they could have been used for malicious purposes for years given that some Chrome Web Store reviewers have reported link hijacking starting with December 2018.

Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. As part of a coordinated disclosure with Microsoft and SolarWinds, FireEye released a report on Sunday with an analysis of the supply chain attack and how the Sunburst backdoor operates.

New spyware is targeting iOS and Android frequenters of adult mobile sites by posing as a secure messaging application in yet another twist on sextortionist scams. The spyware, dubbed Goontact, targets users of escort-service sites and other sex-oriented services - particularly in Chinese-speaking countries, Korea and Japan, according to research published by Lookout Threat Intelligence on Wednesday.

An extortion campaign targeting Chinese, Korean, and Japanese speakers recently started using a new piece of spyware, mobile security firm Lookout reported on Wednesday. The campaign is focused on infecting iOS and Android of illicit sites, such as those offering escort services, in order to steal personal information, likely with the intent to blackmail or extort victims.

Social engineering is allowing cybercriminals the way in. It's time to shift some of the focus from technology to psychology, as even the most sophisticated cybersecurity system has not prevented people from falling victim to social engineering.