Cyber Weekly Digest - Week #45
Updated: Nov 13, 2020
This week's digest is another packed with the latest, most intriguing cyber security stories. Keep reading to find out about a hacker who is selling 34 million user records and how criminals are taking advantage of the US election.
We are all intensely watching as the outcome of US election unfolds, and as per usual cyber criminals are looking to take advantage of our curiosity. QBot is a banking trojan with worm features actively used since at least 2009 to steal financial data and banking credentials. It has been spotted sending emails with a malicious excel attachment disguised as a secure DocuSign file allegedly containing information related to election interference. This is another reminder to watch out for scams related to current world affairs.
The website GrowDiaries, which is a community for cannabis growers to share updates on their plants, has exposed over 3.4 million user records. The stakes are high as the data includes information on individuals from countries where cannabis is illegal. This means the users could face legal repercussions or even extortion. However, the firm has assured that starting an account is “100% anonymous and secure”.
The British Broadcasting Corporation blocked an average of 283,597 scam emails a day during the first eight months of 2020 according to a Freedom of Information request by the Parliament Street think tank’s security team. Additionally, it was found that 18,662 malware attacks are blocked a month by the BBC.
A new technique called NAT slipstreaming was demonstrated over the weekend by new research, it allows an attacker to bypass firewall protection and remotely access any TVP/UDP service on the victim’s machine. The method begins with the victim opening a link to a malicious site which then triggers the gateway to open any TCP/UDP port and therefore evading browser-based port restrictions.
A threat actor has been found selling databases from 17 companies which contained 34 million user records, which is just under the total population of Morocco. The hacker claims that he was not responsible for hacking and stealing the databases, but instead is only acting as a broker. He refused to disclose how he acquired the information; however, the information includes a variety of emails, passwords, personal information, and partial credit card information.