Hacker Tracker | February in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1 Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam | 2.17.21

  • The owners of a popular barcode scanner application that became a malicious nuisance on millions of devices with one update insist that a third-party buyer was to blame.
  • Having gained a following and acting as innocent software for years, in recent months, users began to complain that their mobile devices were suddenly full of unwanted adverts.
  • Barcode Scanner was fingered as the culprit and the source of the nuisance ware, tracked as Android/Trojan.HiddenAds.AdQR. Researchers tracked malicious updates as the reason — with aggressive advert pushing implemented in the app’s code.
  • View the Source 

#2 30,000 Macs infected with new Silver Sparrow malware | 2.22.21 

  • Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems.
  • Discovered by Red Canary, the malware is called Silver Sparrow. It’s been analyzed by researchers from both Malwarebytes and VMWare Carbon Black.
  • Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17th, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany.
  • View the Source

#3 Chinese hackers cloned attack tool belonging to NSA’s Equation Group | 2.22.21

  • According to researchers, Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched.
  • The tool was found to be a “clone” of software developed by the US National Security Agency (NSA’s) Equation Group, known as one of the most sophisticated cyberattack groups in the world.
  • According to CheckPoint, the tool called Jian, has been actively utilized between 2014 and 2017 and was not a custom-build by Chinese cyber actors.
  • View the Source

Lessons Learned From This Month’s Hacks

  1. Time and time again, the Android App store has proven to be more insecure than the Apple App Store. Apple tends to review app code more aggressively than Google, which results in fewer malicious apps in the Apple ecosystem. If your business relies on an Android or Apple app(s) to operate, our recommendation is to manage your updates vs. allowing them to update automatically. Create a recurring event on your calendar to check for updates, review what changed, then apply the update after a waiting period. Some apps will require you to update them to open them, so it may not always be possible. Have a backup plan if your business relies on apps to operate. I.e., is there a web version you could switch to if the app is acting up?
  2. As we said in the past, Macs can get viruses. Use a solid antivirus solution, such as Sophos. Also, don’t use Safari — use more intelligent browsers that can block malicious content such as Firefox or Chrome. On top of that, consider using an Adblocker such as Ublock.  
  3. This one is tough. The government has back doors into nearly every operating system that are unknown to the general public. When their hacks get released into the wild, it’s a race for vendors to develop and release a security update to close it up—our advice to small businesses: use an IT Company that includes Managed Updates. Reliably applying Windows security updates and third-party security updates within two weeks of their release puts you ahead of your competition, who, like nearly every business we’ve pre-assessed, do not apply updates reliably and are at great risk to malicious actors. 

Reach out if you have questions here.