Avast Blog_News: Microsoft reports nation-state political attacks

[harlan4096]

Plus, a new malware framework hits Chrome and Firefox, a new phishing scam targets AmEx cardholders, and data is breached at Sprint and Evite.

Microsoft has notified political organizations more than 780 times in the past year that they’ve been targeted or compromised by nation-state attacks. “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” the company said in a blog post. The majority of activity originated from Iran, North Korea and Russia, Microsoft said. Since the launch of the program Microsoft AccountGuard a year ago, the company has uncovered attacks targeting political campaigns, parties, and democracy-focused nongovernmental organizations (NGOs). This week at the Aspen Security Forum, Microsoft also demonstrated parts of the free, open-source project ElectionGuard, which offers voting directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller; a tracking code that confirms votes are counted and not altered; and end-to-end verifiable elections with paper ballots.

This week’s stat

Most contaminated e-mails arrive on Sundays in the morning and midday, AV-Test reported. Brazil (14%) and Russia (13%) produce more than a quarter of the world’s spam.

New malware framework hits Chrome and Firefox

Cybersecurity researchers have identified a new malware framework targeting Google Chrome, Mozilla Firefox, and the Yandex browser, ZDNet reported. The framework infects the browsers in three stages – first installing itself as a scheduled task; then communicating with its command-and-control server (C2) about the data stored in the browser and next steps; and finally adding an extension to the browser to generate fake Google Adsense impressions and YouTube likes for reward. The researchers who discovered the framework estimate that over a billion fraudulent ad impressions have been spawned over the past three months. The highest concentration of infections have been in Russia, Ukraine, and Kazakhstan. Avast security evangelist Luis Corrons says the risk extends beyond advertisers and their networks. “Once your browser is compromised, it’s just a matter of time until attackers start targeting the actual user. It would be easy for them to go after the credentials saved in the browser and spy on our online activities.”

AmEx phishing scam fools spam detectors

A novel phishing attack with a hidden malicious link is targeting American Express users, Bleeping Computer reported. A malicious email demands that customers verify their information or face account suspension. Anti-spam solutions treat it as a legitimate email because the embedded malicious link is obfuscated. The scam splits the phishing landing page into separate pieces, hiding the URL from users and security software. At first glance the link looks authentic, but it contains an embedded URL that leads to the phishing page. That page is set up to look like a genuine AmEx login page from which attackers steal victims’ credentials.

This week’s quote

“Taking a step back to look at the facts shows this is not a major cybersecurity issue.” – Nikolaos Chrysaidos, Avast head of mobile threat intelligence, on FaceApp. The viral sensation was called a national security risk by a top American political leader.

Sprint alerts customers to data breach

Sprint sent a notification to subscribers to alert them of a data breach involving phone numbers, subscriber IDs, account numbers, names, and addresses. The alert states that subscribers’ accounts had been accessed through a vulnerability in the Samsung.com “add a line” website. The company also sent prompts to victims’ devices to change their PINs. SC Magazine reported the news broke following the announcement of a $26.5 billion merger between Sprint and T-Mobile.

Continue Reading