Web / Internet Threats















        Feds warn against Hidden Cobra’s Hoplight malware. A consortium of U.S. federal agencies released a
        notification on Hoplight, a new data collector malware being used by the North Korean cyberespionage group
        Hidden Cobra (aka Lazuras). The Department of Homeland Security, FBI, and Department of Defense in its
        malware analysis report on Hoplight noted it obfuscation plays a large role in the malware’s behavior
        containing 20 malicious executable files, 16 of which are designed to mask activity between the malware and
        the operator. “When executed the malware will collect system information about the victim machine including
        OS Version, Volume Information, and System Time, as well as enumerate the system drives and partitions,” the
        report states. The malware is extremely sophisticated and uses proxies to generate fake TLS handshake
        sessions using valid public SSL certificates, so the network connection is effectively disguised.

                Source:  https://www.scmagazine.com/home/security-news/government-and-defense/feds-warn-
                against-hidden-cobras-hoplight-malware/



        Magecart Groups Attack Simultaneous Sites in Card-Theft Frenzy. In an interesting development on the
        financial cybercrime scene, different Magecart groups have been spotting stepping over each other and
        attacking the same sites. Magecart is an umbrella term encompassing several different threat groups who all
        use the same modus operandi: They compromise websites built on the Magento e-commerce platform in
        order to inject card-skimming scripts on checkout pages, stealing unsuspecting customers’ payment card
        details and other information entered into the fields on the page. According to research from PerimeterX,
        multiple Magecart attacks are skimming credit cards from sites at the same time. These don’t seem to be
        coordinated, according to the firm, given that each of the attacks were different in terms of the techniques
        used to compromise the target retailers.

                Source: https://threatpost.com/magecart-groups-attack-simultaneous-sites-in-card-theft-
                frenzy/149872/



        Nunavut government rebuilding network after ransomware attack. The government of Nunavut is rebuilding
        its communications network after a ransomware attack encrypted its files. All Word documents and PDF files
        the virus had access to are encrypted and unreadable by the government, according to Martin Joy, Nunavut's
        director of information, communications and technology. According to their investigation, Joy said it looks like
        the ransomware began acting on the government's network around 4 a.m. Saturday morning. By 6:30 a.m.
        information technology (IT) staff had confirmed the attack. Minister of Community and Government Services
        Lorne Kusugak said in a statement in the Legislature Monday that it would be at least a week before services
        are restored. The virus was likely downloaded to Nunavut's network when an employee, working late on
        Friday night clicked on a web advertisement or email link, said Joy.  Joy said security systems in place didn't
        detect the virus.  The email sent by the ransomware looks like the DoppelPaymer, a newer ransomware that
        the government of Nunavut's security systems weren't yet trained to detect, Joy said.

                Source: https://ca.news.yahoo.com/nunavut-government-rebuilding-network-ransomware-
                010114047.html



                                                    www.accumepartners.com
                                                                                                                    13