Hackers Use Interactive COVID-19 Map to Spread Malware; Illinois Public Health Ransomware Attack; Cyberspace Solarium Commission Report

Hackers have weaponized a live COVID-19 map to spread the AZORult malware, which steals passwords, payment card information, cookies, and other sensitive data. In a related story, state-sponsored hackers are using COVID-19 information as a lure in phishing attacks.

Read more in

The website of the Champaign-Urbana Public Health District (C-UPHD) in Illinois was hit with ransomware earlier this week. C-UPHD, which serves more than 200,000 people, including students at the University of Illinois's largest campus, has set up an alternate website while it works to restore its primary site.

Read more in

The US Cyberspace Solarium Commission's report, mandated by the 2019 National Defense Authorization Act, "advocates a new strategic approach to cybersecurity: layered cyber deterrence." The report makes more than 80 recommendations, which are organized under six pillars: reform the U.S. government's structure and organization for cyberspace, strengthen norms and non-military tools, promote national resilience, reshape the cyber ecosystem, operationalize cybersecurity collaboration with the private sector, and preserve and employ the military instrument of national power.

Read more in

A report from Palo Alto Networks found that 83 percent of medical imaging devices in the US are running outdated operating systems. This marks a 56 percent increase over two years, which can be attributed in part to Microsoft's end of support for Window 7 in January 2020. The report "analyzed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States." The researchers also found that 98 percent of traffic sent by IoT devices is unencrypted.

Read more in

Microsoft's monthly security update for March 2020 addresses 115 security issues, 26 of which are rated critical. None of the vulnerabilities is currently being actively exploited.

Read more in

Microsoft has released a fix for a critical remote code execution flaw in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol. Details of the vulnerability were inadvertently released online earlier this week. The vulnerability could be exploited to execute code remotely and spread to other vulnerable machines with no user interaction. The issue affects 32- and 64-bit Windows 10 versions 1903 and 1909 and Windows Server 2019 versions 1903 and 1909.

Read more in

Working alongside partners in 35 countries, Microsoft has helped to take down the infrastructure that supported the Necurs botnet, which had been used to spread malware. Necurs comprises more than 9 million computers worldwide. On March 5, 2020, a federal judge in New York gave Microsoft the authority to take control of the computers in the US that are supporting Necurs. Microsoft then analyzed the Necurs algorithm for generating new domains, predicted six million of these potentially harmful domains, and reported them to the associated registry so they could be blocked and prevented from being used by the Necurs operators.

Read more in

Hackers inserted malicious code into a website belonging to a US meat delivery service. The code, which includes a malicious domain, allowed the hackers to intercept customers' payment information. While the malicious domain has been removed from the company's website, it has been detected on other companies' sites.

Read more in

According to a study from Deloitte, ransomware attacks targeting state and local government systems have grown more sophisticated and have become more frequent. The study says that in 2019, there were 163 reported ransomware attacks against local governments; at least $1.8 million in ransom was paid, and millions more spent on recovery efforts. In 2018, there were 55 reported attacks and less than $60,000 in ransom paid.

Read more in

US federal law enforcement agents have arrested Kirill Victorovitch Firsov for allegedly operating deer.io, an online forum where cybercriminals could buy and sell stolen account credentials. Firsov is scheduled to be arraigned later this week.

Read more in

Avast has disabled the JavaScript engine in its antivirus product after it was found to contain a remote code execution vulnerability. Researchers at Google Project Zero say that the emulator, which checks JavaScript code tor malware before it is allowed to execute, "is unsandboxed and has poor mitigation coverage."

Read more in