Weekly Intelligence Summary | 10 April 2020
Updated: Jun 11
In the spotlight this week: The vulnerabilities found in Zoom should be taken seriously by all businesses, especially during the current work-from-home period. A few points of concern:
UNC path injection
Two “zero-days” on Mac
End-to-end encryption was defined as endpoint-to-server only
Note: Zoom is not malware, and it offers a quality service for businesses. However, like many fast-developing modern technologies, security has not been properly built into the design. As such, the firm is being forced to patch and catch up quickly, and those businesses using Zoom should implement updates as often and as quickly as Zoom releases them.
Another interesting vulnerability comes from a blog post by 360.cn. The alarming DarkHotel (APT-C-06) was found attacking Chinese Institutions via exploiting the SangFor VPN. Attribution is uncertain, but it also links to the same pandemic event.
March 30, 2020 | FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoombombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
Source: FBI Boston. Retrieved from: https://www.fbi.gov/contact-us/field-offices/boston/news/press- releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
April 3, 2020 | Zoom’s Privacy and Security woes in the Spotlight
The seemingly insatiable demand among people and businesses alike helps reveal a rash of privacy and security issues facing the platform, Welivesecurity posted.
The app’s maker is weathering a storm of criticism from various quarters, including privacy advocates, security experts, several U.S. state attorneys general, a U.S. lawmaker, and the FBI. Bad news have kept piling up in recent days, prompting the company to respond.
Source: Welivesecurity. Retrieved from: https://www.welivesecurity.com/2020/04/03/zoom-privacy-security- spotlight/
April 6, 2020 | DarkHotel (APT-C-06) Attacks Chinese Institutions via VPN
Recently, Qihoo 360 detected an APT attack that delivered malicious files through hijacked security services of a domestic VPN provider. Further reversing shows that the attack can be attributed to the Darkhotel (APT-C-06), an APT gang in the Korean Peninsula. Since March this year, more than 200 VPN servers have been compromised and many Chinese institutions abroad have come under attack. In early April, the attack spread to government agencies in Beijing and Shanghai. The monitoring and analysis also suggest that a large number of VPN servers and endpoint devices in associated functioning units have been under the control of the attackers.
Source: Google Cache: https://bit.ly/34vsrwG (the original blog post is no longer available for access)