GlobalSign Blog

The GlobalSign Cybersecurity News Round-Up: Week of March 9, 2020

The GlobalSign Cybersecurity News Round-Up: Week of March 9, 2020

Okay, let’s admit it. It’s been a weird week of Coronavirus talk every second. Of every. Single. Day. 

But life goes on especially if you’re a hacker. Because there’s nothing like a worldwide health disaster that really seems to get them all pumped up to cause even more trouble. 

To that end, superman of cybersecurity Brian Krebs wrote extensively about a scheme where hackers are using the interactive Coronavirus dashboard (originally produced by John Hopkins University) to spread password-stealing malware. 

Beyond Coronavirus-focused attacks, the usual cyberhackery unfolded in the last week, including a massive incident in Sydney, Australia. A car auction house was hit with a multimillion-dollar ransom demand which forced the company to remain offline for days. 

Finally, a new security flaw in Intel processors has been disclosed by vulnerability researchers at Bitdefender as well as by a team of academics from universities around the world. In response, Intel has already released firmware patches to mitigate attacks against its current CPUs and the chipmaker plans to deploy fixes at the hardware level in future generations. 

Grab a cup o’ joe and read all of this week’s news below. 

Top Global Security Stories 

Krebs on Security (March 12, 2020) Live Coronavirus Map Used to Spread Malware

"Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. 

In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by John Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.

Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller’s certificate.

'It loads [a] fully working online map of Corona Virus infected areas and other data,' the seller explains. 'Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral!'"


Sydney Morning Herald (March 10, 2020) Car auction house hit with $30 million ransom demand after crippling cyber attack

Cyber criminals have sent a $30 million ransom demand to one of the country's biggest car auction houses after using malware to lock it out its computer system.
The Australian branch of Manheim Auctions has previously confirmed it was the target of a ransomware attack on February 14 but in a statement released on Tuesday, WA's Consumer Protection agency revealed the extent of the attack and how much the cyber criminals were asking for.

Manheim has locations right across the country and sells cars over its website, which has been offline since the attack.
Manheim took to its Facebook page after the attack to tell customers it had restricted access to some its computer systems.


HealthIT Security (March 10, 2020) New Phishing Campaign Targets Health, Pharma with HIV Test Results

A new phishing campaign has been spotted in the wild by Proofpoint researchers, where hackers send insurance, healthcare, and pharma companies false HIV test results in malicious emails in hopes of luring victims into an emotional response.

Proofpoint discovered cybercriminals impersonating Vanderbilt University Medical Center to send potential victims fake HIV test results in emails embedded with malicious content. Notably, the attackers misspelled the health center name as “Vanderbit.”

The emails contain the subject line “Test result of medical analysis,” while the body encourages the recipient to open a Microsoft Excel attachment titled “TestResults.xlsb.” The message claims the recipient’s HIV tests are included. But when the malicious doc is opened, the user is prompted to enable macros and then the malware is downloaded.


International Business Times (March 8, 2020) Unfixable Intel Chips Flaw Threatens Encryption and DRM Protections

Integral vulnerabilities on Intel chips have become the norm for the company over the past several years since major exploits like ZombieLoad, Spectre and Meltdown affected almost all devices housing Intel chips. Security researchers recently discovered a new vulnerability on the Converged Security and Management Engine's mask ROM. The problem is, it looks like the issue in unfixable, and it threatens encryption and even DRM protection. 

The Intel chips flaw was uncovered by Positive Technologies, a security firm that warns users that the issue shatters a chain of trust for crucial technology. It includes hardware authentication, silicon-based encryptions, and modern DRM protections. The firm claims that “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms.”


Other Industry Headlines

University of Kentucky Defeats Month-Long Cyber-Attack

Hackers are targeting other hackers by infecting their tools with malware 

Deloitte: 8 things municipal governments can do about ransomware

Entso-E targeted in recent cyberattack

Ransomware Attacks on Healthcare Providers Rose 350% in Q4 2019 

Hackers target City of Châteauguay in cyber attack

Tips from recent UK enforcement  

Share this Post

Recent Blogs