Advisory

PrintNightmare Bug (CVE-2021-1675 and CVE-2021-34527)

BACKGROUND

Known vulnerabilities in Windows Print Spooler service can allow a total compromise of Windows systems. The print spooler is an executable file that manages the printing process. Management of printing involves retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on.

Nobelium cyberattacks targeting IT and government organizations

BACKGROUND

Hacking group Nobelium which has caused concern for a lot of companies all over the world due to its ongoing malicious activity and sophisticated phishing attacks, is once again targeting IT and government organizations in various countries.
Information-stealing malware was found on a device belonging to one of Microsoft's employees with access to account information for a small number of their customers, and the attacker has used the information in some cases to launch highly targeted attacks as part of a broader campaign.

“MariSewaBank” Scam

BACKGROUND
 
BruCERT has recently received a number of reports on a scam called “MARISEWABANK”. The scammer contacts victims via SMS containing a WhatsApp link. Once the link is clicked, the victim would be lured into online gambling by promising a profit of 100% to 350% depending on the bank that the victim deposits their money into. The victim will then be asked for their personal and banking details, namely:
•    Bank 
•    Name of account holder 
•    Account number 
•    Online banking username & password 

TELE-SURVEY SCAM

BACKGROUND

BruCERT has received several complaints recently about a tele-survey phone scam allegedly from a company named Prolific, asking people for their personal email address purportedly to send a survey through email. However, the real purpose is to collect sensitive and personal information.

MODUS OPERANDI

Hacked Email Account: What to do and how to prevent it

BACKGROUND
 
According to a study, 91% of cyber-attacks start with an email. Scammers hack email accounts so that they can send messages from a trusted email address in hopes of getting the recipients to take action. Their main goal is to get these email contacts to send money, reveal personal information, or click on a link that installs malware, spyware, or a virus.

IMPACT
 

ADVISORY ON TRICKBOT

BACKGROUND
Trickbot is a malware-as-a-service botnet that is often described as one of the world's largest. It first appeared as banking malware in 2016, used to steal online banking credentials, and is designed to stealthily infiltrate a victim's computer and remain silent thus no particular symptoms are clearly visible on an infected machine.

ADVISORY ON EMOTET ATTACK AGAINST ORGANIZATION

BACKGROUND

Emotet started as a banking trojan in 2014 and has recently returned as a more dangerous malware targeting local government agencies. It acts as a downloader/dropper to deliver trojans and malicious code to infect devices. Emotet typically spreads through phishing emails or spam that contain Microsoft Word attachments or links along with zip files in order to bypass security filters (i.e. antivirus) to lure victims to click on the link or file.

 
IMPACT

ADVISORY ON PHISHING WITH WORMS-EMAIL ACCOUNT TAKEOVER

BACKGROUND

The latest phishing attack has caused a wave of business email account takeovers.

Once an email account is compromised, the account credentials are sent to a remote bot which would then sign into the account and analyse recent emails. For each unique email thread, it would then reply to the most recent email, sending a link to a phishing page to capture credentials. Since the phishing emails are being sent as replies to genuine emails between suppliers, customers, and colleagues, this makes the emails appear trustworthy.