- Adwind RAT Returns! Targeting Aerospace Industries
Adwind, which had previously targeted various users, is back again. Security researchers have discovered that Adwind, a popular cross-platform Remote Access Trojan written in Java, has re-emerged and is currently being used to target enterprises in the aerospace industry. Switzerland, Austria, Ukraine, and the US have by far been the most affected countries. Adwind is a RAT Trojan which is also known as AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, and jRat. It has been in development since 2013 and is capable of infecting all the major operating systems, including Windows, Mac, Linux, and Android. Adwind targeting users by using spam mails.
Working: first the user receives spam mails with malicious URL. Once the user clicks on the url, it automatically starts downloading a pdf. The pdf file is downloaded and installed. Then JRAT-wrappers connect to the IP address to drop and execute VB scripts. It also creates an entry in registry. Once it successfully installed in the system, it starts several malicious activities including stealing credentials, keylogging, taking pictures or screenshots, collects system’s fingerprints, along with a list of installed antivirus and firewall applications, data gathering and exfiltrate data. The Trojan can even turn infected machines into botnets to abuse them for destructing online services by carrying out DDoS attacks.
Cyber Security Tips: To prevent yourself from these Trojan, you are strongly recommended to avoid opening spam mails, not to click on spam links, disable automatic download feature, never visit malicious websites, keep your system up-to-date and keep installing updated antivirus.
- LDAP & RDP Relay Flaws Found in Windows Security Protocols
Security researchers at the behavioral firewall specialist firm Preempt have discovered two critical security flaws in the Microsoft Windows NT LAN Manager (NTLM) security protocols. The first vulnerability (CVE-2017-8563) was discovered in LDAP (Lightweight Directory Access Protocol) from NTLM relay while the second vulnerability targets widely used Remote Desktop Protocol (RDP) Restricted-Admin mode. According to the POC by the researcher, if vulnerability successfully exploited, can allow attackers to crack passwords and compromise credentials from a targeted network. LDAP protects users against credential forwarding and Man-in-the-Middle (MitM) but because of the vulnerability LDAP does not protect the credential forwarding. Therefore it can allow attackers to create a domain admin account and gain full control over the attacked network.
Cyber Security Tips: Microsoft has released path for first vulnerability while second patch is not yet released. Users are recommended to install the latest patch released by Microsoft and keep your system up-to-date.
- Avanti Markets’ kiosks hacked; credit card, biometric data stolen
Avanti Markets is one of the largest suppliers of self-service kiosks that are used by corporate employees to pay for snacks and victuals at the office’s breakroom. The machines use customer’s credit card and fingerprints to authorize the transactions. According to the latest report, the self-service kiosks of Avanti Markets were recently hacked with criminals stealing customer information which included credit card numbers, the first and last name of the customers along with certain biometric information. Approximately 1.6 million customers became the victims of the breach. The incident has been happened due to vulnerability present in network technology.
Cyber Security Tips: Customers are strongly recommended to reset their credentials, keep monitoring their bank statement, companies are recommended to keep their system up-to-date to prevent from such incident.