Month in Breaches: November 2020

Cybersecurity News / Month in Breaches

This is an initiative by our Security Operations Centre team who have their eyes on the prize 24/7 and are proactively observing breaches and critical security trends. In this issue, malware continue to plague the global threat landscape. Part of protecting our clients is also promoting good security practices and raising awareness of current security trends, boosting your overall understanding of current breaches.

WAPDropper Android Malware

Researchers at CheckPoint have discovered new WAPDropper malware that signs up Android users to premium telecom services. Mainly targeting users in Southeast Asia, victims who download the infected app hosted on third-party app stores will be charged for premium services. Normally, a CAPTCHA test is needed to allow a subscription. The WAPDropper malware, however, overrides the CAPTCHA by using image recognition services with a machine-learning solution. To cover the malicious motives, the malware then downloads a second-stage malware, whichhas the ability to spread and initiate various attack vectors to steal victim information.

Hackers have been using third-party Android stores to spread WAPDropper malware. Avoiding these markets will reduce the chance of compromise. As well, the need for alternative security methods has grown immensely as text distortion-based and image recognition CAPTCHAs are vulnerable to machine-based learning attacks.

To avoid getting infected with WAPDropper malware, download Android apps from the Google Play Store. It is shiw\\own that WAPDropper malware has been discovered within applications such as ‘dolok’, ‘af’, ‘email’ and ‘game app’ that have been downloaded and updated from outside the Play Store. While the accounts could have been already breached, it is recommended that users should immediately uninstall these applications from their devices.

Critical VMware Zero-Day Bug

VMware has discovered a command injection zero-day bug affecting six VMware products. It is found to include Workspace One, Identity Manager, and vRealize Suite Lifecycle Manager. It is listed as CVE-2020-4006 with a severity rating of 9.1 out of 10. Versions impacted include:
VMware Workspace One Access 20.10 (Linux), VMware Workspace One Access 20.01 (Linux), VMware Identity Manager 3.3.3 (Linux), VMware Identity Manager 3.3.2 (Linux), VMware Identity Manager 3.3.1 (Linux), VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux), VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows).

An attacker with network access to an administrative configurator may have unrestricted privileges. Therein, to affect the underlying operating system. Typically, access is gained via brute-forcing/ Dictionary/ Password spraying.

The company has not published any patches yet for those versions at this point. However, the firm does provide admins with a temporary workaround designed to fully remove the attacker vector on affected systems and prevent exploitation of CVE-2020-4006. Full details for Linux-based appliances and Windows-based servers are available here.

Cyber Monday/Black Friday Shopping Risks

Generally, consumers lack knowledge about some of the biggest retail risks. This leaves cyber experts on alert with Christmas season shopping. AS suggested by research, 85% of online shoppers are at least mildly concerned about their personal information being compromised. Whereas 88% of shoppers are at least mildly concerned about the safety of mobile apps for retail purposes.

Magecart is an umbrella term encompassing several different threat groups who all use the same modus operandi. They compromise websites built on the Magento e-commerce platform, to inject card-skimming scripts on checkout pages. This facilitates the stealing of unsuspecting customers’ payment details and other information entered on the page. As well, hackers will engage in domain infringement, to deceptively spelled look-alikes – i.e. ‘.org’ vs ‘.com’ – to con customers into providing sensitive information. They may use this tactic in combination with others like spear-phishing email campaigns.

Overall, experts anticipate holiday shopping during the 2020 Black Friday and Cyber Monday season to be at high risk. Therefore, CTRL advises consumers to be cautious and circumspect of fraudulent site spoofing, unsolicited emails purporting from organisations and unencrypted financial transactions.

Related Articles

CTRL Group discuss the latest cyber attacks and cybersecurity trends
ELT Relationships / Incident Response
Cybersecurity for Employees, Board and ELTs
Read more
Cyber Compliance / Cyber Advisory, Cyber Compliance
Cyber Regulations and Australian Compliance Overview 2022
Read more
Cybersecurity / Incident Response
Incident Response – Be Prepared
Read more