Weekly News Digest #33

Millions of Google, Samsung, and LG phones affected by Qualcomm chip vulnerability

The researchers of the Israeli cybersecurity company Checkpoint found the vulnerability related to the ubiquitous Qualcomm chipset that affected millions of devices worldwide. The exploitation of this vulnerability could enable hackers to inject malicious code into Qualcomm’s Mobile Station Modem from Android so that to get access to user’s SMS and call history and listen to their conversations. According to Checkpoint’s researcher Slava Makkaveev, hackers could also unlock the SIM by overcoming the limitations imposed by service providers via the exploitation of the vulnerability.

Close to 30% of all smartphones in the world have the Qualcomm Mobile Station Modem Interface and, thus, could be potentially vulnerable to cyberattacks. However, the company Checkpoint notified Qualcomm of the detected issue tracked as CVE-2020-11292 in October 2020. The company labelled the issue a “ high rated vulnerability”. The patches were sent to the producers of smartphones at end of 2020. This case demonstrates the “supply chain” nature of the issue since companies face serious challenges when trying to sustain ultimate security at all stages.

Read more

Security flaws detected in millions of older broadband routers 

The older routers that do not pass regular upgrades may be affected by serious security vulnerabilities. The consumer watchdog Which? in cooperation with security researchers has carried out the investigation and identified that millions of households in the United Kingdom still use old broadband routers that make them vulnerable to cyberattacks. The watchdog collected 13 order routers actively used in the UK and sent them to technology consultancy company Red Maple Technologies. The latter identified that only 4 out of 13 routers meet the new security standards. As a result, according to estimates, close to 7.5 million users in the UK may potentially fall victim to cyberattacks exploiting the identified vulnerability.

The list of devices that may be vulnerable includes Sky’s SR101 and SR102, the Virgin Media Super Hub and Super Hub 2, and TalkTalk’s HG523a, HG635, and HG533. The consumer watchdog recommends the users whose devices have not been updated for the last few years to immediately contact their providers and ask them to provide new routers. The other issue associated with older routers is weak default passwords. The consumer watchdog suggests that providers need to be more transparent in their relationships with consumers so that to mitigate the risks of potential cyberattacks on weakly secured routers.

Read more

The websites of 200 organizations in Belgium were taken offline by a large DDoS attack 

The government, educational and scientific institutions, and parliament in Belgium have been affected by a massive DDoS attack. The attack took place on 4 May at 11 am and the sites of the entities were overwhelmed with traffic. The attack targeted the Belgian government-funded ISP provider Belnet that provides services to all the above-mentioned institutions. As a result, since users could not access the virtual services, some meetings and debates were postponed. 

The DDoS attack became so disruptive for the affected entities since the malicious actors initiating it were constantly altering the techniques used to commit this cybercrime. The affected parties contacted the Center for Cybersecurity Belgium (CCB), Belgium’s central authority for cybersecurity, to help them resolve the issue. Belnet could restore the normal functioning of the affected resources only one day after the attack. According to Belnet, no data breach or theft took place during and after the DDoS attack and malicious actors did not even try to infiltrate the network. Belnet has not provided any information on who could stand behind the attack.

Read more

New cryptocurrency stealer spreads through global spam campaigns and Discord channels 

The researchers from Trend Micro said that the malware dubbed Panda Stealer has been affecting individuals in Germany, the USA, Australia, Japan, and other countries. The malware begins its journey through phishing emails sent to users. Also, executables have been downloaded by users via Discord links from malicious web pages. There are 2 methods linked to this campaign. Under the first method, there is an attached .XLSM document that requires victims to enable malicious macros. When users follow the request, a loader starts downloading and executing the main stealer. 

Under the second method, there is an attached .XLS file containing an Excel formula with a hidden PowerShell command that is used to grab fileless payload by scripting to the victim’s system. Upon being downloaded, Panda Stealer starts looking for keys and addresses related to crypto wallets with funds including  Ethereum (ETH), Litecoin (LTC), Bytecoin (BCN), and Dash (DASH). Although the malicious actors standing behind the attack have not been identified, Trend Micro says that the IP addresses and the virtual private server used during the attack were rented from the server Shock Hosting which is currently suspended.

Read more

Billions of computers affected by new spectre flaws in Intel and AMD CPUs 

The class of critical vulnerabilities affecting modern processors referred to as Spectre was publicly revealed in 2018. Spectre is not easy to fix and requires researchers to spend a lot of time to this end. The team of researchers representing the University of Virginia and University of California, San Diego have detected a new line of attack that can bypass the existing built into the chips Spectre protections. As a result, almost every system including laptops, cloud servers, desktops, and smartphones may be affected by the same issues like the ones they were facing 3 years ago. 

Spectre can access arbitrary locations in memory to leak the contained secrets by crashing the isolation between various applications and exploiting the optimization method called speculative execution in CPU hardware implementations. As a result, processors execute the path in the wrong way, thereby, enabling hackers to access confidential information. 

Read more