Avast Threat Labs discovered information that could be useful to past and present victims of the Ursnif banking trojan and, we have shared that data with as many of the victimized banks and payment processors as we could identify. Ursnif has been a constant and persistent international threat for over 10 years, and, according to the information obtained by Avast, the malware has targeted over 100 Italian banks. In the same batch of data, our researchers also found over 1,700 stolen credentials to a single payment processor. Among this data were usernames, passwords, credit card information, and banking information. In an effort to help victims recover from the impact of the attack, we have shared the information with the appropriate victimized institutions and finance information groups such as CERTFin Italy.
Far-right platform Gab gets hacked
Not long after controversial social media site Parler was hacked, another far-right platform, Gab, has had its data extracted and then shared with a Wikileaks-style group known as Distributed Denial of Secrets. DDoSecrets claims the hacker shared 70GB of data, which included passwords, private communications, and over 40 million posts. DDoSerets cofounder Emma Best called it “another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6.” DDoSecrets will not publish the data publicly, she said, but instead share it selectively with journalists, social scientists, and researchers. Read more on Wired.
Microsoft Exchange Servers hacked
Microsoft informed users this week that a series of attacks have been detected against on-premises versions of Microsoft Exchange Server, and they attribute the attacks “with high confidence” to Hafnium, a group suspected to be sponsored by the Chinese government. Microsoft reported that the group exploited four vulnerabilities to carry out the hacks. Microsoft Online Exchange Servers were not affected, but the company urges all businesses using the on-premises software to update immediately with the appropriate patches. Check out Microsoft’s blog post to learn the indicators of compromise.
Myanmar military government curbs internet
As soon as it overthrew the government on February 1, Myanmar’s military arm plunged citizens into darkness by shutting off the internet. The measure kept the country’s population from learning details about the coup while military leaders arrested government officials. While internet use has been returned since, limits have been placed on certain popular services, such as Facebook and Messenger, and every night the internet is completely offline from 1am to 9am. Some Myanmar residents fear the nightly outages are intended to get the populace accustomed to regular internet shutdowns, the end goal being information control. Read one Myanmar couple’s experience living through the coup in Wired.
Google pledges to stop tracking web browsing
In a blog post this week, Google announced that after it phases out third-party cookies, which enable online entities to track one’s web browsing, it will not replace them with any alternate identifiers that track users. Citing the fact that 72% of people feel that anything they do online is tracked by advertisers, the blog states, “If digital advertising doesn’t evolve to address the growing concerns people have about their privacy and how their personal identity is being used, we risk the future of the free and open web.” Privacy advocates are hopeful that with an internet giant like Google taking a firm stance on privacy, all smaller companies will follow suit.
This week’s ‘must-read’ on The Avast Blog
The violent and deadly insurrection on the US Capitol on January 6 highlights just want happens when the spread of misinformation gets out of control. How did we get here? And what can we do about it?