Welcome to the 100th edition of Cyber Pulse

OurMine Group Targets Facebook By Hacking The Company's Twitter and Instagram Accounts

A notorious hacker group named OurMine took to Twitter to announce its feat of hacking Facebook’s Twitter and Instagram accounts. The hacker group made a post from the hacked Twitter account of Facebook. It is the same group that took over social media accounts of the US NFL teams last month. OurMine hacking collective hijacked the Twitter and Instagram accounts for Facebook and tweeted that "even Facebook is hackable". The group’s post on Facebook's Twitter account read, "Hi, we are OurMine. Well, even Facebook is hackable but at least their security is better than Twitter." It made a similar post via Facebook’s Messenger account as well. Hackers also posted a photo of OurMine's logo on Instagram. After around 30 minutes of tussle, accounts were restored. The group claimed that its actions are only to manifest cyber vulnerabilities. Twitter confirmed that the hacking occurred via a third-party platform Khoros, a marketing platform that businesses can use to manage their social media account. OurMine has long been targeting accounts belonging to high-profile firms and figures. The Dubai-based hacking group had infiltrated the social media account of notabilities including Twitter's founder Jack Dorsey, Alphabet's chief executive Sundar Pichai, and others. It was also behind the hack of corporate accounts of Netflix and ESPN.

Android Users Targeted in Two Newly Discovered Malware Campaigns

Security researchers have reported two new malware campaigns that primarily rely on malicious apps. The purpose of these campaigns is to target Android users and manipulate their data by infecting their devices with malware. The first campaign, identified by Trend Micro, involves nine apps that claim to be utilities. However, in a real sense, they connect to attacker-controlled servers to download malware onto compromised devices. The apps can even log in to users’ Google and Facebook accounts to perform ad fraud. These apps can also be used to post fake reviews through compromised devices. According to researchers, these malicious apps have been downloaded more than 470,000 times from the Google Play Store. A second campaign, disclosed by the researchers from Cofense, uses phishing email to install the Anubis banking trojan. After compromising a device, Anubis starts to create a list of installed apps and then compares them against a list of 263 targeted apps. Once an app is identified, it overlays with a fake login page to steal the user’s account details. Researchers explain that there is an increased use of Android phones in business environments. Therefore, it is important to defend against these threats by ensuring devices are kept current with the latest updates.

Protect Your Docker Registry Before Hackers Locate It

Security experts alerted that misconfigurations in Docker registry may lead to critical data theft and malicious attacks. Docker registries are Docker repositories organized to store all-important images, which contain bundled application code, dependent libraries, and operating system files. These registries therefore provide access to application source code and business-critical data. Thus, it also requires strong security. Researchers at Palo Alto Networks’ Unit 42 found docker registries exposed to the internet, some of which were accessible even without the required permission. The team unveiled misconfigured registries’ network access controls that can let attackers infiltrate and steal sensitive information. Researchers reported a total of 941 Docker registries with 2956 repositories and 15,887 tags in these laid bare nearly 3000 applications and almost 16,000 unique versions of these. According to the research firm, the remediation strategy for this problem statement is simple and straight. Organizations can add a firewall rule to prevent the registry’s online availability and enforce authentication header for all the API requests.

Hackers Impersonate Journalists For High Profile Hacks

Researchers from a London-based security firm discovered a phishing campaign that attempts to steal victim’s passwords and credentials. The advanced persistent threat (APT) group Charming Kitten is believed to be the culprit by the researchers responsible for discovering the campaign. The group, also known as APT35, is believed to have ties with the Iranian government. The campaign was launched in November 2019 and still ongoing, according to the report by the security firm Certfa Lab. Researchers said the hackers pose as a former Wall Street Journal reporter, also an Iranian-American journalist, Farnaz Fassihi and send documents with potential interview questions. Emails were camouflaged as to originate from the personal Gmail account of Fassihi to decoy victims into responding. It was supposedly created to target eminent Iranian figures, including Iranian-born German academic Erfan Kasraie. According to Certfa researchers, their “findings show that these new attacks by Charming Kitten are focused on stealing email account information of the victims and finding information about their contacts [and] networks."

Average 77,000 Active Web Shells A day, Microsoft Reports

Recently, Microsoft released an investigative report revealing that on average 77,000 active web shell attacks take place every day. A web-shell is a malicious script attackers plant to escalate or maintain persistent access on an already compromised web application. Microsoft published a report where it detected an average of 77,000 active web shells across 46,000 infected servers each day. Commenting on their finding, Microsoft researchers said 77,000 detections on a daily base is a worrisome figure. It implies an intense activity of threat actors in the cybers landscape. In October 2018, security agencies belonging to Five Eyes (United States, United Kingdom, Canada, Australia, and New Zealand) have released a joint report that details some popular hacking tools, including China Chopper. China Chopper was one of the most widely adopted web shells. It was reportedly employed in many cyberespionage campaigns carried out by China-linked APT groups. Microsoft has cautioned system administrators to take the report findings seriously. From their experience of earlier investigations, Microsoft said hackers use web shells to upload other hacking tools on a victim's systems, which could later be used for reconnaissance operations and lateral movement across a victim's internal network.

Edited and compiled by cyber security specialist James Aguilan.