10 April 2020 | Asia Cyber Summary

In the spotlight this week:

The vulnerabilities found in Zoom should be taken seriously by all businesses, especially during the current work-from-home period. A few points of concern:

  1. Privacy issues

  2. UNC path injection

  3. Two “zero-days” on Mac

  4. End-to-end encryption was defined as endpoint-to-server only

Note: Zoom is not malware, and it offers a quality service for businesses. However, like many fast-developing modern technologies, security has not been properly built into the design. As such, the firm is being forced to patch and catch up quickly, and those businesses using Zoom should implement updates as often and as quickly as Zoom releases them.

Another interesting vulnerability comes from a blog post by 360.cn. The alarming DarkHotel (APT-C-06) was found attacking Chinese Institutions via exploiting the SangFor VPN. Attribution is uncertain, but it also links to the same pandemic event.

March 30, 2020 | FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoombombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.

Source: FBI Boston. Retrieved from: https://www.fbi.gov/contact-us/field-offices/boston/news/press- releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic

April 3, 2020 | Zoom’s Privacy and Security woes in the Spotlight

The seemingly insatiable demand among people and businesses alike helps reveal a rash of privacy and security issues facing the platform, Welivesecurity posted.

The app’s maker is weathering a storm of criticism from various quarters, including privacy advocates, security experts, several U.S. state attorneys general, a U.S. lawmaker, and the FBI. Bad news have kept piling up in recent days, prompting the company to respond.

Source: Welivesecurity. Retrieved from: https://www.welivesecurity.com/2020/04/03/zoom-privacy-security- spotlight/

April 6, 2020 | DarkHotel (APT-C-06) Attacks Chinese Institutions via VPN

Recently, Qihoo 360 detected an APT attack that delivered malicious files through hijacked security services of a domestic VPN provider. Further reversing shows that the attack can be attributed to the Darkhotel (APT-C-06), an APT gang in the Korean Peninsula. Since March this year, more than 200 VPN servers have been compromised and many Chinese institutions abroad have come under attack. In early April, the attack spread to government agencies in Beijing and Shanghai. The monitoring and analysis also suggest that a large number of VPN servers and endpoint devices in associated functioning units have been under the control of the attackers.

Source: Google Cache: https://bit.ly/34vsrwG (the original blog post is no longer available for access)

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.