Weekly Cybersecurity Recap May 13
Table of Contents
- By Patrick Ryan
- May 13, 2022
As we transition to the second half of the year, it is becoming increasingly clear that digital attacks are not slowing down in the slightest. Search the web for "cyber-attacks," and you'll find a litany of stories from the current day as well as previous days and weeks highlighting nasty online threats. Let's shine the spotlight on some of the most notable digital attacks from the week gone by.
Wormable Malware Targets Windows Installer
A new variation of wormable malware that delivers digital pain via USBs is taking aim at Windows installers. The wormable malware, also known as Raspberry Robin, uses the Microsoft Standard Installer to inflict damage. The malware sends DLL files by way of USBs. DLL is short for dynamic link libraries. The USB devices also deliver the wormable malware through a LNK file shortcut. Though the file might appear harmless, it accesses the computer registry to access files and steal information. The identity of the digital criminals behind Raspberry Robin has not been determined as of the time of this publication.
Saintstealer and Prynt Malware
The malware families referred to as Saintstealer and Prynt are stealing user logins and passwords. The new malware families also steal credit card information to boot. The stolen information is compressed with the use of a password-protected ZIP file. Saintstealer relies on an executable that is C# and 32-bit to pilfer login details. Saintstealer even has internal checks used for anti-analysis for self-deletion if necessary. Sainststealer takes login information as well as autofill data, cookies, and screenshots. This malware plucks data right out of Chromium web browsers, including Chrome, Vivaldi, Yandex, Opera, Edge, and Brave. The stolen information is subsequently compressed directly to the criminals' Telegram channel.
Prynt is more focused on stealing financial data through apps and web browsers. This malware scans a computer drive for keywords and steals all relevant information. Prynt is advanced to the point that it can access funds in digital wallets used for cryptocurrency.
Illuminate Education Breach
A breach at the Illuminate Education headquarters has opened the door for the sensitive data of students in grades K through 12 to be accessed and sold on the dark web or another black market. The illegal access occurred because of an unencrypted database. The Illuminate hack is a fantastic example of why every organization should encrypt data and implement the industry's latest digital safeguards with regularity. The breach has impacted a million students.
National Health Service Phishing Emails
The National Health Service, based in the United Kingdom, is being used for the manipulation of others. Hackers are using NHS employees' email accounts to send thousands of phishing messages, creating the impression that the NHS is reaching out to patients and other relevant organizations. The messages in question are actually from digital criminals. A total of 139 NHS employee email accounts were illegally accessed to send the messages.
Zero-Day Bug Patch Issued by Microsoft
Microsoft is proactively addressing a zero-day bug with a patch. The aim of the patch is to stop LSA spoofing. This software specialist's patch also pertains to infrastructure flaws, particularly those used in the cloud environment. Microsoft released a total of 73 patches in the month of May.