Share this:

Briefly about security incidents last week

Last week, the German concern Rheinmetall reported a cyber attack that resulted in disrupted the company’s factories in Brazil, Mexico and the United States. The incident affected Rheinmetall Automotive’s IT infrastructure. Details of the incident were not disclosed, and the company did not disclose exactly what kind of malware the enterprise systems were infected with.

Over the past few weeks, thousands of Windows-based computers in countries around the world have been attacked using rare malware called Nodersok. The program downloads and installs a copy of the Node.js infrastructure to turn infected systems into proxy servers and conduct fraudulent operations. Nodersok uses two legitimate tools to infect the system – WinDivert and Node.js. The first is an application for capturing and interacting with network packets, and the second is a well-known tool for running JavaScript on web servers.

In Russia, scammers have stepped up to replace the phone numbers of banks. According to the Central Bank of the Russian Federation, over the past summer, attackers changed 198 numbers, but market participants claim that the real figure is much higher. In the period from June to August, Bank of Russia specialists sent to telecom operators data on more than 2.5 thousand phone numbers from which scammers called customers of financial institutions. As a result, in 218 cases, operators blocked numbers, in 59 – they limited the use of financial services, and in 198 cases, a bank number was found to be replaced. In more than 2 thousand cases, the operators refused to take measures “due to the lack of legal grounds”.

A botnet has been discovered on the Web that uses a recently published exploit for vulnerabilities in the vBulletin forum engine to build its own army of bots. Attacks were carried out from different countries, most often from Brazil, Vietnam and India.

Employees of the Ukrainian cyberpolice neutralized a criminal gang that hunted for the illegal re-registration of seized property. The group members infected the computers of notaries and public servants with malware, with the help of which they interfered with the work of state registries and re-registered property rights to real estate for third parties.

Security researchers have reported a malicious campaign targeting shipping and shipping organizations operating outside of the Gulf of Kuwait. As part of the cyber attacks, the xHunt group used the backdoors Sakabota, Hisoka, Netero, and Killua.

Want to know more?

Send a message and our managers will contact you.