Weekly Cybersecurity Recap March 11
Table of Contents
- By David Lukic
- Mar 11, 2022
The temperatures are finally rising after a grueling winter. People are spending less time indoors on their computers. However, the transition to spring does not mean digital attacks are dissipating. The war in Eastern Europe has ramped up cyber-attacks around the world. Here's a quick look at some of the most notable digital breaches publicized in the past week.
The Google Play Store is hit by TeaBot Trojan
The Google Play Store has been infiltrated by a covert trojan referred to as TeaBot. The trojan is hidden within apps available in the popular store. The trojan is designed in a manner to avoid detection by virus-scanning tools. To be more specific, the trojan is contained within software updates.
TeaBot is best described as a type of malware that obtains SMS messages and user credentials from Android devices. The malware proceeds to steal highly sensitive and valuable information ranging from contact information to bank account information, phone messages, and private data.
Samsung is Struck by Lapsus$
Ransomware attack has struck Samsung. The breach culminated in the release of Samsung employee credentials to the internet. The attack comes one week after a similar Lapsus$ infiltration of NVIDIA. Samsung officials noted the attack also has the potential to leak the company's keys that would jeopardize the integrity of its devices' TrustZone environment. The TrustZone environment is meaningful as it has sensitive data ranging from biometrics to login credentials and more.
Amazon Devices Struck by a new Hack
Amazon Echo devices are susceptible to a new type of attack dubbed Alexa vs. Alexa. The attack weaponizes the smart machine, generating the potential for it to self-hack. The end result of this threat is a release of user information as well as control over the user's home devices connected to the Echo device.
The attack merely requires that a laptop is within range of the target Echo device to obtain access. Hackers can also use internet-based radio stations to access Echo devices.
Dayslong DDoS Attack with Ransom Note
A cyber-attack described as a dayslong DDoS threat has emerged. This threat is somewhat unique in that it contains a ransom note transmitted before a computer/network is compromised, likely in an effort to encourage the target to sidestep potential problems with the timely payment of the ransom. One company has already been targeted by the attack, yet it has not been named. If digital security forensics specialists are correct, REvil hackers are responsible for the attack.
Linux Kernel Dirty Pipe Addressed
A permission flaw in Linux Kernel dubbed "dirty pipe" has been patched. The privilege escalation vulnerability permitted the full takeover of a target device.
Though the weakness has been patched, there is still the potential for hackers to find a workaround that necessitates another update or patch.
The initial flaw made it possible for hackers to obtain control over a computer, read through user messages, and even obtain privileges at the administrator level. The patch is designed to prevent hackers from injecting code into targeted read-only files. We will find out if the patch proves effective in the ensuing days.