Security News

Microsoft reports nation-state political attacks

Avast Security News Team, 19 July 2019

Plus, a new malware framework hits Chrome and Firefox, a new phishing scam targets AmEx cardholders, and data is breached at Sprint and Evite.

Microsoft has notified political organizations more than 780 times in the past year that they’ve been targeted or compromised by nation-state attacks. “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” the company said in a blog post. The majority of activity originated from Iran, North Korea and Russia, Microsoft said. Since the launch of the  program Microsoft AccountGuard a year ago, the company has uncovered attacks targeting political campaigns, parties, and democracy-focused nongovernmental organizations (NGOs). This week at the Aspen Security Forum, Microsoft also demonstrated parts of the free, open-source project ElectionGuard, which offers voting directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller; a tracking code that confirms votes are counted and not altered; and end-to-end verifiable elections with paper ballots.

This week’s stat

Most contaminated e-mails arrive on Sundays in the morning and midday, AV-Test reported. Brazil (14%) and Russia (13%) produce more than a quarter of the world’s spam. 

New malware framework hits Chrome and Firefox

Cybersecurity researchers have identified a new malware framework targeting Google Chrome, Mozilla Firefox, and the Yandex browser, ZDNet reported. The framework infects the browsers in three stages – first installing itself as a scheduled task; then communicating with its command-and-control server (C2) about the data stored in the browser and next steps; and finally adding an extension to the browser to generate fake Google Adsense impressions and YouTube likes for reward. The researchers who discovered the framework estimate that over a billion fraudulent ad impressions have been spawned over the past three months. The highest concentration of infections have been in Russia, Ukraine, and Kazakhstan. Avast security evangelist Luis Corrons says the risk extends beyond advertisers and their networks. “Once your browser is compromised, it’s just a matter of time until attackers start targeting the actual user. It would be easy for them to go after the credentials saved in the browser and spy on our online activities.” 

AmEx phishing scam fools spam detectors

A novel phishing attack with a hidden malicious link is targeting American Express users, Bleeping Computer reported. A malicious email demands that customers verify their information or face account suspension. Anti-spam solutions treat it as a legitimate email because the embedded malicious link is obfuscated. The scam splits the phishing landing page into separate pieces, hiding the URL from users and security software. At first glance the link looks authentic, but it contains an embedded URL that leads to the phishing page. That page is set up to look like a genuine AmEx login page from which attackers steal victims’ credentials.  

This week’s quote

“Taking a step back to look at the facts shows this is not a major cybersecurity issue.”  – Nikolaos Chrysaidos, Avast head of mobile threat intelligence, on FaceApp. The viral sensation was called a national security risk by a top American political leader.

Sprint alerts customers to data breach

Sprint sent a notification to subscribers to alert them of a data breach involving phone numbers, subscriber IDs, account numbers, names, and addresses. The alert states that subscribers’ accounts had been accessed through a vulnerability in the Samsung.com “add a line” website. The company also sent prompts to victims’ devices to change their PINs. SC Magazine reported the news broke following the announcement of a $26.5 billion merger between Sprint and T-Mobile. 

This week’s must-read on The Avast Blog

Mobile threat researchers at Avast detected seven apps on the Google Play Store that allow people to stalk employees, romantic partners, or kids. Google removed the apps, but they were installed a combined 130,000 times. 

Evite data breach victims reach 101M

An Evite data breach announced earlier this year has affected 10 times as many people as originally believed, reported Bleeping Computer. When the online events company sent out its security update on the breach in May, it was believed that 10 million users had been affected. The data breach monitoring service HaveIBeenPwned, however, has received a database of 91 million more people – mostly recipients of Evite invitations – apparently affected by the breach. The original 10 million accounts suffered a leak of names, addresses, usernames, passwords, email addresses, birthdates, and more. The new batch of 91 million more affected accounts only included email addresses. 


Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.