The malware arrives pre-installed on handsets that are bought in their millions by typically low-income households. The malware found on android smartphones installs malicious code known as xHelper which then finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge. About 200,000 Tecno smartphones are affected even though this threat was only found on 53,000 phones. It was discovered that over 19.2 million suspicious transactions has been recorded since march 2019 from over 200,000 unique devices. The xHelper Trojan persists across reboots, app removals and even factory resets, making it extremely difficult to deal with.
On 15th October, 2020, the database of a government agency was leaked online via Twitter and Pastebin by a hacker group called “Anonymous”. On accessing some of the database files, it was observed that, the attacker exploited an SQL Injection vulnerability by dumping the database records into a file.
The antivirus giant gave an insight into a planned massive cyber-attacks by some hacking firms. The plan attacks likely targets are military, education, health care and diplomatic institution in Nigeria, South Africa and Kenya.
This vulnerability is known to affect SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) which are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems and disconnecting affected devices. It started with a "dry run" in October 2019 when "innocuous code" was changed. Then sometime in March, the operators behind this attack did put malicious code into the supply chain, injected it in there and that is the backdoor that impacted everybody.
SUPERNOVA Malware
SUPERNOVA is not malicious code embedded within the builds of the Orion® Platform as a supply chain attack. It is malware that is separately placed on a server that requires unauthorized access to a customer’s network and is designed to appear to be part of a SolarWinds product. The SUPERNOVA malware consisted of two components. The first was a malicious, unsigned webshell .dll “app_web_logoimagehandler.ashx.b6031896.dll” specifically written to be used on the SolarWinds Orion Platform. The second is the utilization of a vulnerability in the Orion Platform to enable deployment of the malicious code. This vulnerability in the Orion Platform has been resolved in the latest updates.
SUNBURST Malware
SolarWinds was the victim of a cyberattack to systems that inserted a vulnerability (SUNBURST) within the Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card information. This occurs when an attacker pretends to be a trusted entity to dupe a victim into clicking a malicious link that can lead to the installation of malware, freezing of the system as part of a ransomware attack, or revealing of sensitive information. Phishing is still one of the most widespread and damaging cyberattacks. Phishing attacks can lead to financial loss, data loss and reputational damage.
How to Detect Phishing Attacks
Be suspicious of all requests. Ask, "Is this real?" Use the following checklist to check for common signs of phishing messages:
Types of Phishing Techniques
Five key phishing techniques that are commonly employed:
1) Link manipulation: Link manipulation is done by directing a user fraudulently to click a link to a fake website. This involves, use of sub-domains, Hidden URLs, Misspelled URLs, IDN homograph attacks.
2) Smishing: Smishing is a form of phishing where someone tries to trick a victim into giving their private information via a text message.
3) Vishing: Vishing is the telephone version of phishing, or a voice scam. Similar to email phishing and smishing, vishing is designed to trick victims into sharing personal information, such as PIN numbers, credit card security codes, passwords and other personal data. Vishing calls often appear to be coming from an official source such as a bank or a government organization.
4) Website forgery: Website forgery works by making a malicious website impersonate an authentic one, so as to make the visitors give up their sensitive information such as account details, passwords, and credit card numbers. Web forgery is mainly carried out in two ways: cross-site scripting and website spoofing.
5) Pop-ups: Pop-up messages, other than being intrusive, are one of the easiest techniques to conduct phishing scams. They allow hackers to steal login details by sending users pop-up messages and eventually leading them to forged websites.
