Web / Internet Threats















        New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data. Cybersecurity researchers have
        discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group
        that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen
        data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for
        targeting journalists, activists, and dissidents with spyware in the Middle East, primarily in the United Arab
        Emirates (UAE). Dubbed Win32/StealthFalcon, named after the hacking group, the malware communicates
        and sends collected data to its remote command-and-control (C&C) servers using Windows Background
        Intelligent Transfer Service (BITS).

                Source:  https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html



        Several states in US targeted with TrickBot trojan in massive phishing attack. The infamous TrickBot trojan
        has returned in a massive phishing attack targeting several states in the U.S. The affected states include
        California, Maryland, Illinois, New York, Texas, Minnesota, and New Jersey. According to researchers from 360
        Total Security Center, the attacks were carried out using phishing emails. These phishing emails included two
        sensitive texts such as ‘receipt’ and ‘invoice’ to trick the users into opening an attachment disguised as a Zip
        file.
                Source:  https://cyware.com/news/several-states-in-us-targeted-with-trickbot-trojan-in-massive-
                phishing-attack-bd6b3a56



        Ransomware cripples Internet and phone lines at Rockford Public Schools District. A ransomware attack on
        Rockford Public Schools (RPS) District 205 in the State of Illinois has downed school systems, including phone
        lines, the district said in a letter to staff and parents. The outage will likely last “several more days” as IT staff
        wrestles with the contagion. “The electronic and digital systems outage districtwide will continue this week
        and could last several days,” the letter says The outage was triggered by ransomware, and we’re working with
        our Information Technology team and an outside computer forensics firm to restore access.” RPS won’t say
        what ransomware strain was used in the attack, nor will it say how much the attackers demand in ransom to
        decrypt school systems, whether the district paid or how the attack occurred. However, RPS does confirm that
        its access to the Internet has been severed and that phone access at its schools has been intermittent.
        Because of this, management has been rerouting any downed phone lines to working lines so parents and
        guardians can still contact their children’s schools.

                Source:  https://hotforsecurity.bitdefender.com/blog/ransomware-cripples-internet-and-phone-lines-
                at-rockford-public-schools-district-21511.html












                                                    www.accumepartners.com
                                                                                                                    13