[ALERT] ADVISORY ON RDP BRUTE FORCE ATTACKS

Submitted by irteam on Wed, 05/06/2020 - 13:30

BACKGROUND
    
A way for employees to access corporate devices is by using Remote Desktop Protocol (RDP). Remote Desktop is a remote management tool which allows you to connect to any computer and take over the desktop. It’s like you are sitting and looking at your own computer, only remotely. It is highly used especially during this pandemic situation, for those who have moved to work from home. If poorly configured, it might be vulnerable to attacks.


IMPACT

ADVISORY ON BITCOIN STORM INVESTMENT SCAM

Submitted by irteam on Wed, 05/06/2020 - 09:44

Background  

Fake news articles have been circulating on social media as sponsored ads, encouraging the public to invest in a cryptocurrency trading platform called Bitcoin Storm, which allegedly can transform anyone into a millionaire within 3-4 months.  

Impact  

  • May lead to huge financial losses 
  • Credit card or banking details will be stolen
  • Leakage of personal information such as email address, username and password 


Recommendations  

ADVISORY ON INSTAGRAM COPYRIGHT VIOLATION SCAM

Submitted by irteam on Wed, 04/22/2020 - 17:14

Background

Scammers are sending fake copyright infringement notices through WhatsApp and email, claiming to be from Instagram. The message claims that the user’s Instagram account will be permanently deleted for violating copyright guidelines, unless the user provides feedback within 24 hours by clicking on a link.

The link leads to a phishing website where the user is asked for their Instagram username and password, followed by their email address and password.


Impact

ADVISORY ON WHATSAPP FLAW LEADS TO SHOULDER SURFING ATTACKS

Submitted by irteam on Wed, 04/22/2020 - 10:37

Background Description:

Studies show that 80% of Bruneians use WhatsApp for businesses and sharing information via mobile devices. Due to the way that WhatsApp sends an SMS to users who login to their account on a new device, it leaves users open to account hijacking just by ‘shoulder surfing’. Someone who knows a user’s phone number can easily take over their account just by looking at the victim’s phone when it receives the 6-digit code.


Impact:

[ALERT] ADVISORY ON “HOVER WITH POWER" ATTACK VIA POWERPOINT FILES

Submitted by irteam on Mon, 04/13/2020 - 14:52

Background Description:

A novel hack called “Hover with Power” allows an attacker to create a mouse-over in a PowerPoint file which would trigger the download of malware when a user hovers over a link in the presentation. Utilizing an element of social engineering, the user would then have to accept a pop-up dialogue box to run or install the program. The executable file can also be run from a remote server by using the ‘HyperLink To” action. This attack affects .ppsx files which are designed to play presentations and can’t be edited.

[ALERT] ADVISORY ON STAYING CYBER SAFE WHEN WORKING FROM HOME

Submitted by irteam on Fri, 04/03/2020 - 21:32

Background

With the ongoing COVID-19 outbreak and in view of Brunei's Ministry of Health advisory to implement social distancing measures, many organizations are encouraging or requiring staff to work from home for an indeterminate amount of time.

However, remote working creates additional opportunities for cyber threat actors to perform malicious cyber activities by exploring open vulnerabilities in less secured networks, thus gaining access to users’ data or the organization's network.

[ALERT] ADVISORY ON ZEUS SPHINX BANKING TROJAN

Submitted by irteam on Thu, 04/02/2020 - 15:21

BACKGROUND

Zeus Sphinx trojan first appeared in August 2015. Also known as Zloader or Terdot, it resurfaced in December 2019 and became aggressive in March 2020. Like other banking trojans, Sphinx’s main ability is to collect credentials for online banking sites and the newer version is looking to cash in on interest in government relief efforts around the Covid- 19 pandemic.