Security News

New cybersecurity tools take a bite out of cybercrime

Avast Security News Team, 8 March 2019

Chronicle teams up with Avast on a new platform and the NSA gives a gift to the cybersecurity community plus more security news.

New platforms to clobber cybercrime

Two major announcements at this week’s RSA mark strident leaps forward in cybersecurity, and both rely on the same core principal — sharing knowledge. The combined efforts that make these cybersecurity tools so potent go to prove that there is, in fact, safety in numbers.

One of the tools is nothing less than a global security telemetry platform built by Chronicle Security, a new Alphabet company focused on enterprise security. The platform is called Backstory, and it is a cloud-based service that compares an enterprise’s network activity against a constantly updating database of threat intelligence. Aggregating the most reliable threat intelligence for the project, Chronicle has partnered with Avast and a couple of other security entities. “It made sense for Chronicle to work with Avast, who has the biggest threat intelligence network,” comments Luis Corrons, Avast security expert. “Thanks to Backstory and the threat intelligence we can feed into it, companies all around the world will be safer.”

The other platform unveiled at RSA is called Ghidra, a reverse-engineering tool developed by the National Security Agency (NSA) to allow cybersecurity researchers to better analyze malware they find in the wild. The NSA has been developing the software for years, and the agency is publishing it as open source, calling it “a contribution to the nation’s cybersecurity community.” The tool is designed to allow analyzers to work collaboratively within it, and it includes various features that simplify the reverse-engineering process so that researchers can more easily get to the heart of today’s worst malware.

Here’s a video from NBC's Jonathan Bloom on highlights from RSA.

Jokeroo starts Ransomware-as-a-Service membership

A new underground company calling itself Jokeroo has been promoting itself on Twitter as a Ransomware-as-a-Service (RaaS), a one-stop shop for a would-be cybercriminal, providing all the tools needed to run a ransomware campaign from the malware to the payment system all the way to the customizable ransom note. The RaaS offers a tiered membership system. The least expensive package starts at $90, which includes the full ransomware service, a bitcoin payment system, and 15% of each ransom payment going to Jokeroo. The more premium packages, at $300 and $600, do not include the 15% skim and offer other cryptocurrency payment systems as well as extra features. The company is so new that researchers have not yet seen traces of its branded ransomware in the wild.

Luis Corrons notes, “This is not the first time we have seen this kind of ‘business’ model, however, you can usually find them on the dark web or hacking forums. Offering itself openly on Twitter is not that common. This approach looks like an offer for script kiddies and wannabe cybercriminals. Let's hope Twitter takes quick measures to stop these guys from using their platform to promote illegal business.”

Same chip, different flaw

After the discovery of the Spectre and Meltdown flaws inherent in Intel processing chips last January, and then the discovery of the Foreshadow flaw in addition to those two, there is now a fourth vulnerability that can be found on every Intel chip, and it is called Spoiler. And as with the previous three, Spoiler abuses the speculative execution feature of the chip. It differs from the others by targeting a different part of the processor — the Memory Order Buffer, used for memory functions and coupled with the cache. The Spoiler vulnerability facilitates Rowhammer and cache attacks, technical attacks that barrage a row of transistors on a computer chip with a repeated program until data charges leak from the transistors and compromise the next row over. Intel has not announced any patch to this flaw, but they advise users to employ side-channel safe software to protect against Rowhammer types of attacks.

Phishing with Uncle Sam

As the US enters tax season again, the IRS warns that phishing schemes are tailored to taxpayers and tax professionals during this time of year. People can expect to see a surge of tax-related and money-related malicious emails crowding their inbox, claiming to be from the IRS, a bank, an employer, a vendor, possibly even a customer, all claiming to need some sort of sensitive info, or trying to seduce the user into downloading an attachment or clicking a link. One creative new variation on the phishing scam entails direct depositing stolen tax refunds into a user’s bank account. While the user is bewildered as to how the money got there, the cybercriminal gets in touch, falsely claiming to be the IRS or a collection agency, and reclaims the funds. The IRS also warns that tax professionals are specifically targeted during this time of year, as bad actors try to access their client bases. If you receive a tax-related phishing email, the IRS requests you report it to phishing@irs.gov.

Hackers like WordPress

In a cybersecurity report this week, researchers revealed that WordPress websites comprised 90% of all hacked CMS platform sites in 2018. After analyzing over 18,000 hacked WordPress sites, security experts learned that the prodigious amount of hacks was due not to old versions of the software, but to the wide spectrum of third-party plug-ins allowed by WordPress. Most WordPress sites are run by SMBs employing e-commerce, and hackers have learned they can compromise the sites by hiding in added components. Once within the website’s code, the hacker can access customer payment info and any other sensitive data. All WordPress site owners should completely update their software and enhance their security.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.