MSS News: Today's Activity Report
IC3 Warning about Corporate Email Compromises
The IC3 is warning about corporate email compromise messages. You can read the bulletin here. We have been reporting on several similar type issues to include shipping notification messages as well as Office 365 themed malware. See the Jigsaw Security threat intelligence system for specific information, data and IOC information.
You can read about our previous post on this topic here.
Continued Cellular Phone Eavesdropping Activity
Recently we posted a story about some locations in which we have been observing strange cell phone towers popping up and even moving in vehicles. Our blog post available here, went into some detail on locations. We just wanted to update that the issue appears to be growing and software used by Jigsaw Security has identified additional locations.
One of the roving vehicles spotted and observed by Jigsaw Security
It should be noted that our investigation indicates that in most instances that the phones will drop back to lower protocols which is indicative of this type of technology. For instance instead of receiving an LTE signal, we would see 1RXTT and instead of 4G we would observe phones to step down to 3G when this activity is occurring. This is not the only indicator but should be kept in mind when attempting to detect this type of eavesdropping.
See our original blog post on this issue here. A month later and we are still seeing the activity and we believe that it will only continue as methods and hardware cost get cheaper. The scary part is that with the current cost of hardware, it puts this technology within reach of the average consumer so it's not surprise that foreign Governments, hackers and others are looking to exploit weaknesses in the cellular phone system.
As part of our daily reports we will begin rolling out a more detail report on Security Events over the next several weeks. Be sure and invite your fellow professionals so they can monitor what we are reporting. The RSS feed is available here.
Smishing Attack Traced to other Campaigns
Jigsaw Security observed a Smishing attack at several customer sites last week. As part of our reporting we noted that there were overlaps in the data once we started researching this. The host associated with the attack are also related to Luminosity RAT, Alienspy Malware, Wild Neutron and NJRat's H Variant. It appears as the threat actors are leveraging traditional malware as part of their campaign.
Several binary examples of code observed have been included in the event.
VPNFilter New Detection Methods
A new non signature based method has been employed on Jigsaw FirstWatch sensors to stop VPNFilter and detect unknown infected routers.
DASH Cryptomining Activity
A new campaign named DASH by the Jigsaw Security team has been identified and protection has been rolled out into our signatures and FirstWatch sensors to disrupt this threat.