Cyber Bites

Web shells are tools deployed by threat actors on already hacked servers to gain and maintain access. They allow these hackers to remotely execute arbitrary code or commands, move laterally within a network or deliver malicious payloads. Last year the number of monthly web shell attacks nearly doubled, reported Microsoft. Last year an average of 140,000 of these malicious actors were found on compromised servers every month. Web shell attacks can be deployed in many...

More than 6,500 girls entered this years qualifying round of the 2021 CyberFirst Girls Competition, run by the National Cyber Security Centre (NCSC). Teams from more than 600 schools took part in online cyber security puzzles. 9 of the teams are from Scottish schools and will move on to the semi-finals, where they will take on their rivals. These schools have already accepted their place in the virtual semi finals: Hyndland Secondary School in Glasgow...

The US Customs and Border Protection (CBP) used facial recognition scanners in order to monitor the arrivals and departures of more than 23 million travellers at over 30 different entry points in 2020. However, these systems failed to detect a single example of an imposter. The US CBP agency revealed these statistics in their annual report for 2020. The facial recognition scanners are placed at a number of entry points including seaports, pedestrian crossings, and...

On Wednesday Myanmar announced its new proposed cyber-security laws, allowing it to ban content it dislikes, restrict internet providers and intercept data. The proposal outline contains 36 pages, which were given to mobile operators and telecoms license holders for comment. However, spokespeople for the government or the telecommunications ministry were unavailable for comment. The document has not yet been verified, although it has been widely circulated in Myanmar. A statement, which was signed by more...

On Wednesday, the European police agency, Europol, announced that it had assisted in the arrest of 10 hackers. The 10 individuals are being accused of stealing $100 million in cryptocurrency using "SIM-swapping" attacks. This type of attack allows criminals to gain access to their victims' phones, by tricking the phone company into deactivating a working SIM card and transferring its functions to the hackers. Europol stated that “the attacks orchestrated by this criminal gang targeted...

Security researcher, Alex Birsan had an idea last year while working with Justin Gardner, another researcher. This idea led to him being able to gain access to over 35 major tech companies' internal systems in a supply chain attack. Among these were Microsoft, Apple, Netflix and Uber. This particular supply chain attack is so sophisticated, it needed no action from the victims, who as a result automatically received malicious packages. The attack leveraged a unique...

According to a leading cyber-security company, Iran is targeting dissidents in an effort to install spyware on their PC and mobile devices. More than 1,000 individuals were affected. The spyware was being used to steal call recordings and media files. One of the groups is known as Domestic Kitten or APT-50, which allegedly tricked people into downloading malicious software onto their mobile devices. The methods they used include: using an existing version of an authentic...

On Friday a hacker accessed the water treatment computer systems for the city of Oldsmar, Florida, and altered the chemical levels of the water to a dangerous level. News of the attacks was only publicised on 8th February, after Oldsmar city officials held a press conference about the matter. It appears that the hacker first accessed the computer systems on 5th February at 8am, and then later on in the day at 1:30pm. The first...

Morse code, invented as a way of transmitting messages across telegraph wire, is being used by cybercriminals to hide malicious URLs within email attachments. This obfuscation technique was discovered last week, and so far there is no record of it being used in phishing attacks before. Numerous samples of the targeted attack have been uploaded to VirusTotal since the 2nd of February, 2021, BleepingComputer reports. The attack starts with a phishing email, which claims to...

Leon Medical Centers and Nocona General Hospital suffered a ransomware attack in November, in which attackers stole tens of thousands of patient records. The attack was only officially announced in January. Among the records stolen were scanned diagnostics results and letters to insurers, which include personally identifiable information such as names, addresses and birthdates.  The attackers demanded a ransom payment in return for a decryption key and a promise not to publish the records stolen....