North Korean Reaper rises, Tesla cryptojacking and fake Facebook profiles: The week in cybersecurity
As cybercriminals continue with their nefarious activities, here are the best cybersecurity stories of the week from the IBTimes UK tech team.
This week in cybersecurity, security experts detailed some of the increasingly sophisticated cyberactivities of the lesser-known North Korean hacking group Reaper as it expands its horizons beyond the Korean peninsula into other targets. Meanwhile, Russia's central bank reported hackers stole over $6m worth of roubles from a local bank last year by exploiting the Swift payments messaging system.
In other Swift-related news, hackers are now sending out Swift-themed emails regarding a phoney "wire transfer to your bank account" to deploy the Adwind malware and steal sensitive, personal data.
Speaking of malware, mod developer Flight Sim Labs was caught in a storm of controversy after users discovered they were secretly embedding a password-stealing malware to tackle pirates.
As cyberattacks, data breaches and leaks become increasingly common, it's hard to keep up with the slew of security-related news churned out every week. To help you stay up-to-date, here are a few links to some of the best cybersecurity stories of the week from the IBTimes UK technology desk:
1. North Korean hacking group 'Reaper' widening scope and skills beyond South Korea
Primarily operating in the shadow of the more well-known group North Korean APT Lazarus Group, a second group dubbed APT37 or Reaper has been stepping up its attacks and cyberarsenal in 2017. According to FireEye, the group has been targeting victims in Japan, Vietnam and the Middle East and has expanded its arsenal to include an array of zero-day vulnerabilities and custom malware for espionage, stealing data and destructive purposes.
Researchers expect this group will serve as an "additional tool" for the regime that will continue to operate in a "cloud of obscurity".
RedLock researchers discovered an unsecured Kubernetes console that exposed the access credentials to Tesla's Amazon Web Services account. The exposed S3 bucket included sensitive data such as vehicle telemetry, mapping and servicing data.
Meanwhile, hackers who spotted the unprotected console swiftly exploited it to run cryptomining scripts and mine digital currency. Tesla has since resolved the issue and said no customer data was affected in the breach. The researchers also received $3,133.70 (£2240.81) as part of Tesla's bug bounty programme for their findings.
3. Cybercriminals now exploiting Microsoft Word documents in cryptojacking attacks
As cybercrooks continue to seek new, sneakier ways to earn cryptocurrency via malware attacks and cryptojacking, some have been found using malicious Microsoft Word documents to do so.
Votiro researchers said hackers have been spotted abusing Microsoft Word's Online Video feature to secretly mine Monero coins while users watch a seemingly "innocent" video inserted in the document.
4. Fake Facebook profiles used to trick users into downloading Tempting Cedar spyware
Suspected Lebanese hackers have been found creating fake Facebook profiles and tricking victims into downloading a new spyware dubbed "Tempting Cedar".
The malicious code is capable of swiping victims' contacts, call logs, photos, geolocation and more. So far, Avast researchers said most of the victims targeted are located in the Middle East with the majority in Israel.
5. Find out if your password has been compromised using 1Password's new tool
This week, 1Password unveiled a new tool for users to check if their passwords have been compromised or leaked online in an earlier data breach. The proof-of-concept feature was unveiled this week and integrates security expert Troy Hunt's "Pwned Passwords".
Hunt's "Pwned Passwords" features a database of over 500 million passwords compiled from earlier breaches and leaks. He also made the database and API freely available to download for other services to build upon and "made a positive difference to web security for everyone".
6. IRS scam campaigns on the rise again
As taxpayers in the US prep for another tax season, cybercriminals and identity thieves are also gearing up with fresh new phishing campaigns. The Internal Revenue Service (IRS) has already warned about a new scam in which hackers steal client data from tax preparation companies, use it to file fake refunds and then scare victims into "returning" the money.
In this scam, the crooks pose as debt collectors who claim the money was "erroneously" credited to the victim's account. They demand the victim return the money and threaten to file criminal fraud charges or "blacklist" their Social Security Number.
Thousands of people have already fallen for the scam as banks work with customers to close their accounts and open new ones since their data has been compromised.
7. JPMorgan Chase 'glitch' let some customers access the bank accounts of other random clients
Multiple JPMorgan Chase banking customers attempting to log into their accounts found themselves erroneously accessing the online accounts of other random clients this week. The bank said the error that affected customers for about three hours was caused by a technical "glitch" on Wednesday (21 February) before it was resolved.
A company spokeswoman said there are currently no incidents of malicious money transfers made as a result of the glitch. She also noted that the glitch "was on our end" and not the work of "a malicious actor".