Security News

Cyberattacks target government agencies

Avast Security News Team, 28 February 2020

Plus, more news bytes of the week, including U.S. ethics around AI weaponry and a new trend where ransomware attackers publicly post victims’ data

Critical governmental services within the U.S. and Mexico have disclosed that they have been the victims of a cyberattack. On Sunday, February 23, Mexico’s economy ministry detected a cyberattack on some of its servers. The attack did not result in any substantial damage, Reuters reported, as it hit mostly email and archive servers. “The ministry’s sensitive information as well as that of its users is not considered compromised,” the ministry announced in a statement. Details are still unclear regarding the nature of the attack, but the ministry has commented that it has beefed up its security measures in response.

Meanwhile, Reuters also reported that an agency within the U.S. Department of Defense (DoD), known as the Defense Information Systems Agency (DISA), has disbursed letters to affected individuals earlier this month informing them of a data breach to their network in May and June 2019. DISA is the department in the DoD that provides telecommunication support and security to the president, his staff, and top military intelligence personnel. The agency’s letters inform individuals that their personally identifiable information (PII), including social security numbers, may have been compromised in the breach.

“People might wonder how it’s possible that high government systems can be compromised, even within the DoD,” commented Luis Corrons, a security researcher at Avast. “We are talking about hundreds of thousands of computers and the people who use them. Bad actors can launch a million attacks and it doesn’t matter if most of them fail – they just need one to get through. It is therefore critical to be able to detect intrusions and to share the lessons learned so that everybody can protect themselves better.”

Pentagon announces new ethics in AI warfare

As artificial intelligence continues to be developed around the world for military use, the Pentagon announced this week that the U.S. is adopting new ethical principles as it moves forward in the AI race. AP reported that the new standards call for all AI systems to be “governable,” meaning that there should always be a way to deactivate them. They also rule that the human controllers of AI weapons must “exercise appropriate levels of judgment and care.” Those critical of the announcement claim that the new ethics are deliberately vague in order to allow AI development to excel without being tethered to moral restrictions so that the U.S. can keep up with the AI developments in China and Russia.

This week’s stat

Ransomware was part of 70% of total malware infections observed by the Verizon Data Breach Investigations Report

Malware hits 61% of critical communications industry

Finance news source Finbold reported that a new survey conducted by the International Wireless Communications Expo (IWCE) revealed that 61% of the critical communications industry – the businesses that oversee professional communication equipment such as police radios – have experienced a malware attack. The IWCE suggested that many of the vulnerabilities may lie in the 44% of employees who reported using their own personal devices for work. Also, 20% of those surveyed admitted that their company had no cybersecurity defenses in place.

This week’s quote 

“While cybersecurity incidents affect every industry around the world, an attack within the critical communications ecosystem, which includes police, fire and emergency services, has the potential to affect people’s lives. As hacks become more frequent and sophisticated, any organization working within the ecosystem must have the most sophisticated cybersecurity systems in place to avoid interruption of their crucial services.” - IWCE show director Stephanie McCall

Wi-Fi vulnerability Kr00k affected a billion devices

Researchers have found a vulnerability in both Broadcom and Cypress Wi-Fi chipsets, which are used in over a billion common routers, including hardware created by Amazon, Apple, Samsung, and others. The flaw, dubbed “Kr00k,” allows attackers to access data from the Wi-Fi networks by taking advantage of disassociation moments – those instances where connected devices temporarily lose the Wi-Fi signal and then gain it back. The flaw has now been patched, and users are urged to update all their Wi-Fi-capable devices. More on this story at Dark Reading

Raccoon malware on the rise

Underground criminal forums are abuzz with strong appreciation for Raccoon malware, reported ZDNet. While not an inexpensive option for cybercriminals, the infostealer is growing in popularity due to its ability to target at least 60 applications, including almost every browser in use today. The subscription-based, $200-per-month malware provides its users with tech support, bug fixes, and updates, as well as sophisticated capabilities to steal data and cryptocurrency. The malware is typically delivered through phishing campaigns that attempt to trick victims into clicking on a malicious Microsoft Office document attachment. 

Doppelpaymer launches site to post victims’ data

A new extortion tactic being used by ransomware attackers is the added threat to publicly post the victims’ data if the ransom is not paid. The strategy was first used by the Maze Ransomware group, but now the other major ransomware players are also getting on board. Doppelpaymer is an enterprise-targeting ransomware that goes after corporate networks, and its distributors recently launched “Dopple Leaks,” a website where it claims it will post data to shame the non-paying victims. The site currently lists four businesses, including Mexico’s state-owned oil company Pemex, who have not yet paid their ransom. This new ploy turns ransomware attacks into potential data breaches as well. For more, read the story at Bleeping Computer

This week’s ‘must-read’ on The Avast Blog

How do you manage cybersecurity as a one person IT team? Learn tips from these three IT pros on how to keep your company, and employees, safe. Read more. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus.