Security News

LinkedIn attachments carrying malware sent by espionage group

Avast Security News Team, 26 July 2019

Plus Equifax pays out up to $700 million in data breach damages, teen hackers are given a second chance, and a WordPress plugin flaw lets in malvertising.

An espionage ring is targeting key infrastructure and government services with malware-infected files sent as LinkedIn message attachments, SC Magazine reported. The fraudulent LinkedIn messages from the group APT34 supposedly come from a member of Cambridge University offering business opportunities. The targeted victim is told the attachment is an application form to fill out and send back. Once the target opens it, though, a new strain of malware called TONEDEAF downloads onto the victim’s system and creates a “backdoor” – a secret portal into the system for the hacker to use remotely. 

Researchers have identified two other new families of malware used in the campaign: VALUEVAULT, a tool used to steal login credentials, and LONGWATCH, a keylogger that records and keeps everything the user types. APT34 has been an active cyber espionage group since 2014 and has historically used phishing campaigns centered on academic or professional career themes. “LinkedIn is the perfect place to find targets in the professional world,” commented Avast Security Evangelist Luis Corrons. “Malware is not that common there, so victims have more confidence in the content they receive on the platform. At the same time, all the victims’ professional information is right there, which makes it easier for cybercriminals to target a specific company or industry.”

This week’s stat

Can a browser help your computer’s battery stay charged? Yes. The new release of Avast Secure Browser prolongs your laptop battery life by up to 20% by suspending inactive browser tabs.

FTC orders Equifax to compensate breach victims

Equifax will pay up to $700 million in restitution and fines for the 2017 data breach that affected approximately 147 million consumers, the U.S. Federal Trade Commission (FTC) announced in a recent press release. The global settlement had been reached amongst the Commission, the Consumer Financial Protection Bureau (CFPB), the U.S. states and territories, and credit reporting agency Equifax. The settlement resolves a complaint filed by the FTC that Equifax failed to properly secure the personal information of its customers, which led to the massive breach. Millions of names, birthdates, Social Security numbers, addresses, and other personal information that could be subjugated for identity theft were vulnerable in the breach. 

As part of the settlement, Equifax will pay $300 million to a fund that will compensate victims and pay for credit protection. The settlement stipulates that if $300 million is not enough to compensate all the victims who step forward, Equifax will pay up to an additional $125 million to cover the remainder. On top of those payments, Equifax will also pay $175 million in restitution to U.S. states and territories, as well as $100 million in penalties to the CFPB. “While it might look like a huge amount of money, the truth is that it could have been worse,” Avast’s Corrons observed. “Especially considering the negligence of Equifax and the way some of their officials behaved when they learned about the data breach. Patching systems is critical, and this is a great example of what can happen if companies do not take it seriously.” In addition to the financial penalties, the settlement also requires Equifax to re-tool its security practices per the specific direction of the FTC and CFPB. 

European authorities urge teen hackers to ‘Hack_Right’

Teens caught hacking in the UK and the Netherlands are getting a second chance. At the International Conference on Cybersecurity at Fordham University, representatives from the two countries announced a legal intervention campaign for first-time offenders, Cyberscoop reported. The program, called Hack_Right, is geared toward young people from 12 to 23. Should someone in that age range get caught hacking illegally, instead of jail time the hacker is offered a kind of community service that teaches ethical computer use. Then they are connected with a professional career coach who will guide the young hacker towards a future that can make use of their talent. 

In order to qualify for Hack_Right, suspects must have little or no criminal history. They must confess to what they’ve done and agree to amend their behavior. Authorities in the UK and the Netherlands launched the program when they realized that young hackers often don’t know that they’re breaking the law. Their actions are usually spurred on by simple curiosity or peer approval, not criminal intent. 

Plugin flaw used to infect WordPress sites with malvertising

A recently patched vulnerability in the WordPress plugin Coming Soon Page & Maintenance Mode allowed hackers to inject malvertising into users’ WordPress sites. The campaign floods the sites with unwanted pop-up ads that redirect users to various malicious destinations, from illegitimate ads to infected URLs, Bleeping Computer reported. Based on browser information and the type of device the victim uses, the malware selects a suitable scam, such as tech support fraud, shady pharmaceutical ads, or infected mobile apps. WordPress site owners using the plugin version 1.7.8 or below are still at risk and strongly urged to patch the vulnerability by updating.

This week’s ‘must-read’ on The Avast Blog

State-backed cyber spying is pervasive – and its impact on geo-political affairs is deepening. Read Viewpoint contributor Byron Acohido on things everyone should know about the current state of government-backed cyber ops.

_________

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.