Cybersecurity Roundup Series - May 2020

The credentials you use to login to your online accounts are some of the most important pieces of information that is imperative to keep secure. These user IDs and passwords give access to data that is sensitive and--when in the wrong hands--can be harmful. Whether you use cybersecurity software that tracks the strength of device passwords or use a password manager to keep track of login credentials across different sites, better management and protection of logins will go a long way. Important tips to keep in mind as we review some of the top cybersecurity news from May. 

COVID-19 blamed for 238% surge in cyberattacks against banks

As recent data shows, pandemic or not cyber criminals don’t take a break. ZDNet published an article stating that as COVID-19 spread rapidly across the globe, financial organizations experienced a massive uptick in cybersecurity attacks. In a survey conducted with 25 CIOS at major financial institutions, a report from VMWare Carbon Black showed that, “80% of firms surveyed have experienced more cyberattacks over the past 12 months, an increase of 13% year-over-year.”

From the beginning of February to the end of April, VMWare Carbon Black’s report also uncovered Ransomware attacks against the financial sector increased roughly 9x and that 64% of organizations have reported a 17% increase in wire fraud attempts.

Bitdefender Discovers Complex Android-based Malware Active Since 2016 

Bitdefender announced that they identified a new, highly sophisticated malware that has been active for at least 4 years. According to their findings, this Android-based malware is complex and rather than trying to infect as many victims as possible, every attack is targeted individually. With complete control over a victim’s device, the malware has the ability to execute malicious activities like steal credentials, exfiltrate information, access phone data, conduct phishing scams and more. It is believed that this malware is most likely financially motivated.

Bitdefender has detailed the malware’s anatomy and reports that Mandrake has divided its functionality into 3 components:

Dropper

• Clean applications found on Google Play 
• Downloads and installs the Loader 

Loader 

• Malicious component with exfiltration capabilities that attempts to hide itself. A stripped version of the core. 
• Will download the core component and load it dynamically 

Core 

• Main component of the malware. 
• Contains advanced exfiltration capabilities and persistence mechanisms

You can learn more insight into Mandrake by viewing Bitdefender’s whitepaper.

“Login with Facebook” Bug Uncovered Through Bug Bounty Program

There’s a good chance you’ve visited a site and were given the opportunity to create a new account or simply log in using existing social logins. If you’ve ever chosen the latter, you would likely agree that it’s convenient due to not having to remember yet another login and password. While convenient in the eyes of the user, they can pose risks that we may be unaware of. 

In an article published by ThreatPost, security researcher Vinoth Kumar identified a vulnerability with Facebook’s “Login with Facebook” button, which can be found on many sites. According to his findings, if the exploit was left unresolved, a malicious attacker would be able to gain access to a user’s account if they happened to visit an attacker-controlled website. As part of Facebook’s Bug Bounty program, Vinoth was able to identify the vulnerability before it could be exploited and land in the wrong hands. Facebook has since confirmed that the bug has been fixed and that its logs showed no malicious exploitation. 

For full details about Vinoth’s findings and his demonstration of the exploit, click here.

Did we miss out on any other relevant cybersecurity news in the last month? Let us know in the comments below!