CERT-In or Indian Computer Emergency Response Team has alerted users against the malicious spread of ransomware virus ‘Egregor’. “Initial infection vector and propagation mechanism is still unknown, it is anticipated that Egregor ransomware may infiltrate via spam email attachments or maliciously link shared via email/instant messaging chats,” the agency said. CERT-In advised against paying the ransom as this doesn’t guarantee the release of files.
CERT-In has alerted NIC email service users of a phishing campaign, asking users to verify their govt accounts. The email, pretending to be from NIC, consists a malicious link/ attachment that contains topical info to lure users into opening it. Hence, infecting the system and stealing victims’ personal info. The system can also be used to send such emails to other users. Users are advised to verify the URL (https://email.gov.in) before entering their details.
CERT-In issued an advisory, warning Android users about a new malware called ‘BlackRock’. It can steal credentials and credit card info from e-comm apps, social media apps, email accounts, banking apps etc. This malware can surpass antivirus’ security scans. It comes from unofficial download sources including APK files and third-party Android app stores. The main preying technique of this malware is by luring users into downloading updates from unknown sources.
CERT-In alerted Windows users of CLOP ransomware that has been targeting businesses, firms worldwide. Pirated software, apps downloaded from unofficial sources are the carriers of CLOP. No decryptor tool is available for it. The ransomware leaks info on their “CL0P^_- LEAKS” data leak site, hosted on the dark web. It records keystrokes and stores info in CLOP’s remote servers. Victims’ breached data includes financial records, emails, vouchers etc.
CERT-In has warned Google Chrome users of potential cybercrimes. The agency has asked users to immediately update their Chrome browsers to version 84.0.4147.89. It comes with 38 fixes, improvements against exploitable vulnerabilities. Reportedly, these vulnerabilities can enable remote attackers to execute malicious code, access sensitive info, launch a DDoS attack etc. Google, recently removed 70 malicious Chrome extensions that spied on users’ activities.
CERT-In has issued a warning for a possible credit card skimming campaign targeting e-commerce websites hosted on Microsoft’s IIS server running with ASP.NET web app framework. The version 4.0.30319 of ASP.NET, which is no longer supported by Microsoft, can be targetted by the cybercriminals as it has multiple vulnerabilities making it an easy target for attackers. CERT-In asked e-com websites to use the latest version and conduct security audits.
Chrome was alleged to collect user data through malicious extensions. The firm recently removed 106 such extensions. These malicious extensions often disguised themselves as file converters, security scanners etc. They had code to bypass Chrome’s security scans. CERT-In advised users to uninstalls extensions with IDs in IOCs section, avoid installing extensions from unverified sources, switching to browsers’ developer’s mode to pick malicious extensions.
There has been an increase of 500% in cyberattacks since the lockdown was implemented in March. Small companies are said to be affected the most. Phishing, ransomware, malware, DDoS attacks topped the list. Govt. in collaboration with a third-party firm, CERT-In, is taking preventive measures. Last week CERT-In issued guidelines to avoid Phishing attacks. ISPs, telecom firms receive cyber alerts almost every alternate day which earlier used to be once a week.
CERT-In has warned users, SMEs of the upcoming COVID-19 theme massive cyber threats with tips to stay safe: 1. Beware of emails from email@example.com; report any unusual activity to firstname.lastname@example.org 2. Scan inbox regularly, avoids opening unsolicited attachments, URLs, even from known sources. 3. Mails with offers, spelling errors, etc can be malicious. 4. Do not enter private info/login details on unverified websites.