Trump’s Twitter hack, attacks on Russia’s defence complex, and other cybersecurity news

We have gathered the most important cybersecurity news from the past two weeks.

A researcher hacked Donald Trump’s Twitter account

On October 19, during a campaign appearance in Arizona, U.S. President Donald Trump stated:

“Nobody gets hacked. To get hacked you need somebody with an IQ of 197, and he needs to know about 15 percent of your password.”

“Nobody gets hacked. To get hacked you need somebody with an IQ of 197, and he needs about 15 percent of your password.”pic.twitter.com/6aR8yU2MVg

— Judy Ruliani (@mshelton) October 19, 2020

In response to Trump’s statement, Dutch information-security engineer Victor Gevers hacked Trump’s Twitter account. According to Gevers, he gained access to Trump’s private messages and was able to post on his behalf. Gevers also said that the president did not have two-factor authentication configured.

Dear @realDonaldTrump,
I’ve tried to notify multiple times because of your passwords for Twitter are too weak. Last Friday, I contacted @CISAgov, @TeamTrump, @WhiteHouse, @DonaldJTrumpJr, and @twittersecurity, just like in Oct 2016. But no one responds. Please keep 2FA enabled! https://t.co/DRCCS8NAa4

— Victor Gevers (@0xDUDE) October 19, 2020

The United States charged six Russian nationals in cyberattacks on infrastructure in France, South Korea, Ukraine, and the United States

The United States Department of Justice charged six Russian citizens in cyberattacks on infrastructure in France, South Korea, Ukraine and the United States. According to the department, all defendants were officers of the GRU.

They are linked to hacker groups such as Sandworm Team, Telebots, Voodoo Bear and Iron Viking.

It is claimed that the hackers used malware KillDisk, Industroyer, the NotPetya ransomware and Olympic Destroyer. NotPetya’s damages alone are estimated at $1 billion.

Additionally, Assistant Attorney General John Demers for National Security said that China is becoming increasingly willing to work with hackers who serve the Chinese government.

The recent US indictments against Chinese hackers suggest that the country has become a haven for cybercriminals if they also act in the interests of the state, Demers said.

Norway accuses Russia of cyberattacks on parliament

Norway’s Foreign Minister Ine Eriksen Søreide said that the August cyberattack on the parliament’s mail server was carried out by Russia, describing it as a serious incident that undermines “the most important democratic institution of the country.”

Moscow rejected the accusations, calling them nothing more than “a serious and deliberate provocation.”

North Korea conducts cyberattacks on Russia’s defence complex

The North Korean hacker group Kimsuky is conducting phishing attacks on Russian defence enterprises, specifically the state corporation Rostec.

Reports indicate the number of such cyberattacks rose sharply from April to September, but did not cause serious damage. Perhaps the hackers were simply probing.

Google reveals details of a massive DDoS attack

In 2017, Google Cloud was subjected to a massive DDoS attack, peaking at 2.54 Tbps.

It remains one of the largest DDoS attacks to date. According to Google, the attack originated from networks of Chinese internet providers. The described incident surpasses the scale of the Amazon AWS attack that occurred in February 2020, which peaked at 2.3 Tbps.

Germany launches trial against cyber-bunker operators

The operators of the “cyber-bunker” are charged with involvement in 249,000 crimes. Deals facilitated through the bunker included drug trafficking, cyberattacks and counterfeiting.

Among the main questions to be considered at the trial are — in which cases the operator is responsible for content on the servers it provides, and whether the cyber-bunker operators knew about the activities of their clients who owned illegal sites.

Cisco Talos notes rising activity of botnet for cryptocurrency mining

Cisco Talos warned about a campaign that uses a sophisticated multi-module botnet network with several propagation methods. The botnet, known as “Lemon Duck,” targets covert cryptocurrency mining, specifically Monero.

Chinese hackers mask malware as popular antivirus

Google said that a large campaign by the Chinese-linked APT31 groups distributes malware masquerading as the McAfee antivirus.

The hackers send emails to users with links that lead to a collaborative GitHub service, from which the user’s system begins to download malware. This allows hackers to upload and download files, as well as execute various commands on infected devices.

Phishing campaign masquerades as Microsoft Teams alerts

Analysts at Abnormal Security found a phishing campaign that mimics automated messages from the popular collaboration platform Microsoft Teams to steal Office 365 credentials.

According to the analysis, between 15,000 and 50,000 Office 365 users were targeted.

In numbers

• The number of IoT devices worldwide infected with malware rose by 100% over the past year, according to Nokia’s security threat report.
• Check Point Research data show an increase in the daily average number of ransomware attacks by 50% compared with the first half of the year. The countries with the highest number of such attacks in the third quarter were the United States (98.1%), India (39.2%), Sri Lanka (436%), Russia (57.9%), and Turkey (32.5%).
• Almost 88% of cybersecurity professionals surveyed are satisfied with their pay, but worry that new technologies such as artificial intelligence and machine learning will replace them in the future. The study was conducted in the United Kingdom, Germany, Singapore, the United States and Australia.
• $620 million McAfee raised after going public at $20 per share on Oct 21, per the IPO.

What to read?

• They explained how the COVID-19 pandemic affected internet freedom worldwide. Spoiler: it did not get any freer.
• They analysed what will happen to the darknet after a string of illegal-market closures.

Sign up for ForkLog news on Telegram: ForkLog Feed — all the news, ForkLog — the most important stories and polls.