Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label German. Show all posts

German Company Hit By Supply Chain Attack, Only Few Device Affected

Gigaset, a German device maker, was recently hit with a supply chain attack, the hackers breached a minimum of one company server to attach the malware. Earlier known as Siemens Home and Office Communication Devices, Gigaset is Germany based MNC. The company holds expertise in communication technology area, it also manufactures DECT telephones. Gigaset had around 800 employees, had operations across 70 countries and a revenue of 280 Million euros in the year 2018. 

The attack happened earlier this month, the malware was deployed in the android devices of the German company. According to experts, various users reported cases of malware infections, complaining the devices were attacked with adwares that showed unwanted and intrusive ads. Most of the users reported their complaints on Google support forums. A German website published a list of these package names (unwanted popups) which were installed on the android devices. 

Earlier complaints from the users are suggesting that data might've also been stolen from these devices. The foremost issue that these users faced was SMS texting and sending Whatsapp messages, the latter suspended few accounts on suspicion of malicious activity. The company has confirmed about the breach and said that the only the users who installed latest firmware updates from the infected devices were affected. The company is already set on providing immediate solutions to the affected customers. "It is also important to mention at this point that, according to current knowledge, the incident only affects older devices," said the company. 

The company during its routine investigation found that few of the old devices had malware problems. It was further confirmed by the customer complaints. Gigaset says it has taken the issue very seriously and is working continuously to provide short term solution to its customers. "In doing so, we are working closely with IT forensic experts and the relevant authorities. We will inform the affected users as quickly as possible and provide information on how to resolve the problem. We expect to be able to provide further information and a solution within 48 hours," said Gigaset.

Malspam Campaign attacks German organizations with Buran ransomware


As of Oct 2019 researchers have discovered malicious spam (malspam) campaign targeting German organizations that delivered Buran crypto-ransomware family. The emails are crafted so as to appear to be coming from online fax service eFax.

Public reporting indicates that Buran malspam campaigns began on 13 September 2019, corroborated by metadata found in emails and Microsoft Word documents. Then the campaign on 1 October 2019 copied the eFax brand, an online fax service. German organizations were targeted using an email that seemed like it was from eFax and Word document in German.

 Technical Details 

On opening the mail, the user is given a hyperlink, which if clicked directs the user to a PHP page that contains the malicious word document. The document then contains a Visual Basic for Applications (VBA) macro, when enabled, downloads the malicious executable.

On Activation, the Buran ransomware performs the following tasks- (Sc.Itssecure.com)

•Sends an HTTP GET request to hxxp://geoiptool[.]com, in order to determine the location of the victim machine.
•Copies itself to another directory & renames itself to “Isass.exe”, in order to evade being detected by security solutions in place.
•It then utilizes a command shell to establish persistence.
•Further, it modifies the windows registry’s run key, so that “Isass.exe” is executed every time someone logs into the machine.
•It then disables services like windows event log and windows error recovery & automatic repair.
•Finally, it deletes any backups made by Volume shadow copy service (VSS).
•Upon completion of the encryption process, a ransom note is displayed, containing the instructions that need to be followed by the victim, in order to decrypt his files.

These type of malicious spam ransomware campaigns leads to lag in business-critical operations, loss of sensitive and confidential data and financial loss to the organization. Such ransomware keeps surfacing often and can lead to degeneration of an organization and hence organizations should take active measures and protect themselves from such malevolent attacks. The organizations should create strong cybersecurity with updated systems and software and invest in employee training programs, to aware them about malspams, phishing, and other threats.

Belgian and German MasterCard data breach




European unit of MasterCard Inc.’ has formally informed  Belgian and German's Data Protection regulators about a data breach from the company's Priceless Specials loyalty program.

Customers data are available on the internet include, names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth.

The card company alerted the watchdog about the breach on Aug. 19 and said the episode would have affected thousands of people, “a significant portion” of them would be from Germany.

After the discovery of data leak, Mastercard suspended Priceless Specials Germany and took down its website. The message posted on the website says:  "This issue has no connection to MasterCard's payment network."

"We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities," says David Stevens, Chairman of the Belgian Data Protection Authority.

According to Heise Media reports Excel spreadsheets containing data of 90,000 and 84,000 rows that were distributed on the internet.

"On August 21, 2019, we became aware that the second file of personal information was published on the Internet. We are working to remove them as well."