Security News > 2021 > February

In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered. In January and February 2021, the group was observed delivering the FriarFox extension, customized to specifically target the Firefox browser and provide attackers with access to and control of victims' Gmail accounts.

Researchers at Cequence Security track bots across the internet, and the company's hacker-in-residence, Jason Kent, told Threatpost that sneaker bots are plaguing new shoe releases, like the Adidas Yeezy "Ash Blues" released in late February, and creating legions of frustrated customers who can't get new products. While regular shoppers are stuck working through a retailer's web interface, Kent said these sneaker bots get in through the site's API, a much more efficient route to scoop up product.

With a stalkerware app on your phone, another person can spy on your activities and view your personal information, Kaspersky says. A report released Friday by Kaspersky explains how stalkerware works and how you can protect yourself against it.

A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. To propagate itself over the local network, the new Ryuk variant lists all the IP addresses in the local ARP cache and sends what looks like Wake-on-LAN packets to each of the discovered devices.

Cybergangs are joining forces under the guise of affiliate groups and "As-a-service" models, warns Maya Horowitz, the director of threat intelligence research with Check Point Research. Several malware gangs have paired up over the past year - such as the FIN6 cybercrime group and the operators of the TrickBot malware.

An analysis of 40 COVID-19 contact tracing applications for Android has led to the discovery of numerous security and privacy issues, according to a new research paper. Contact tracing applications have been created to help authorities automate the process of identifying those who have been in close contact with infected individuals.

Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware. The Chinese state hackers also infected victims with the Scanbox malware reconnaissance framework, which allowed them to harvest their targets' data and log their keystrokes.

Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack. The company has released the source code of CodeQL queries, which it used to analyze its code at scale and identify any code-level indicators of compromise associated with Solorigate.

Ransomware attacks continue to plague companies, with researchers from Fortinet's Fortiguard Labs saying they saw an explosion in ransomware activity towards the end of the fourth quarter of 2020. According to Fortinet's new "FortiGuard Labs Threat Report: Disruption Key Threat Trend in 2020," released this week, researchers saw a seven-times increase in Q4 in ransomware activity across various families - from Ryuk to Egregor.

Target paid the largest data breach settlement in history back in 2017, after hackers obtained confidential payment information of more than 41 million customers. Merchants dealing with sensitive data submitted online such as credit card payment information will want to protect their business from potential POS system intrusions.