Cyber Security News (27th July 2018)

1. New wave of ransomware attacks in India

A year later when most of the infrastructure associated with the ransomware has been taken down, new reports have emerged stating that WannaCry still exists in dormant form in India.

This is observed by telemetry servers of the internet security provider eScan. In a statement, the company stated that eScan’s telemetry servers have been picking up reminiscent artefacts of WannaCry ransomware on regular basis.

According to the report, Maharashtra received the highest number of Ransomware attacks, 56%, of total Ransomware attacks that were aimed at India in June 2018.

The top states which have been affected by ransomware are:

Maharashtra 56%

Delhi 13%

Gujarat 12%

Telangana 9%

Tamil Nadu 9%

The telemetry servers observed that newer ransomware and various variants are being added to the family.

This development is serious and should be a cause for concern because India is the fifth most attacked country in the World and the third most attacked in Asia. The report went on to point that 20.77% of Ransomware attacks were recorded around the world in the month of June and India recorded 22.94% Ransomware attacks in the same month.

Cyber Security Tips: 

  • Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
  • Restore any impacted files from a known good backup.
  • Do not provide personal information when answering an email, unsolicited phone call, text message or instant message.
  • Use reputable antivirus software and a firewall.
  • Do employ content scanning and filtering on your mail servers.
  • Do make sure that all systems and software are up-to-date with relevant patches.

 

2. Malware Sneaking Onto Android Device Via Google Play Store

Is Android device working very slowly or prompts up annoying pop-ups, then device has contracted malware through the Google Play Store.

A security research firm BleepingComputer reported a spreading number of mobile malware has started using a tool known as a “dropper,” which hides code inside an app.

The droppers are very cordial and contained within an app, making it difficult for Google Play Store to detect it using its standard security tests.

The droppers generally use dual or multiple-stage infection technique, the first stage of this process is to just gain a foothold on a device so that it can help to download other more harmful threats.

Interestingly enough, most AV’s also failed in detecting the dropper campaigns.

Cyber Security Tips: 

  • Android device users are always advised to install apps from official stores, and disable the installation of apps from unknown sources on their smartphone by heading on to Settings → Security → Unknown sources.
  • Keep the operating system updated of your Android Phone.
  • Do Not Root Your Device.
  • Back Up Your Personal Data Regularly
  • Install an Anti-Virus App which should be Authentic & update it when Prompted.

 

3. Hackers Distributing Backdoor using Microsoft Office Vulnerabilities

Newly discovered malware campaign distributing powerful FELIXROOT Backdoor using Microsoft Office Vulnerabilities to compromise the victim’s windows computers.

FELIXROOT backdoor campaign initially discovered in September 2017.

Currently attackers distributing weaponized lure documents that contains exploits for Microsoft office vulnerabilities. Based on the source, the malware is distributed via Russian-language documents.

FELIXROOT  backdoor using HTTP and HTTPS POST protocols for command & control server communication and once it collected the data from the victims machine then the data sent over the network that is encrypted and arranged in a custom structure.

Once it complete the execution and steal the compromised machine information, the  FELIXROOT  backdoor stops the loop execution and finally it wipe the footprints of the infected machine.

Cyber Security Tips: 

  • Users are Recommended to Install Updates of MS Office Regularly (Enable Automatic Updates to Install for Windows OS from Settings)

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: