Drinik malware returns, CISA unveils critical performance goals and rise in global data breaches
Drinik malware returns on Android targeting Indian banks, CISA announces cybersecurity performance goals for critical infrastructure and the rise in global data breaches. Catch all this and more in this week’s edition of Cybersecurity Weekly.
1. Drinik Android malware now targets users of 18 Indian banks
Drinik, the malware that has existed since 2016, has evolved into a sophisticated Android banking trojan. The new variant of Drinik comes in the shape of an APK with keylogging, screen recording, the ability to conduct overlay attacks, and abuse of Accessibility services. 18 Indian banks are affected by the malware, which impersonates the country’s Income Tax Department’s official app to steal users’ banking and personal information.
2. CISA unveils cybersecurity goals for critical infrastructure sectors
CISA (Cybersecurity and Infrastructure Security Agency) has issued a report highlighting baseline CPGs (cybersecurity performance goals) for critical infrastructure sectors. The CPGs are based on current cybersecurity guidance and frameworks, but also rely on real-world threats and adversary tactics observed by the agency and its partners. The development results from a July 2021 security memorandum, which tasked NIST and CISA with developing core cybersecurity practices for critical infrastructure.
3. Twilio hack investigation reveals second breach, as the number of affected customers rises
Messaging services provider Twilio disclosed that it experienced a second breach in June 2022 that saw hackers access customer contact information. The beach was carried out by the same adversary group that compromised Twilio again in August, the company said in an updated advisory shared last week. The June security incident saw the adversaries socially engineer an employee through voice phishing to provide their corporate credentials, enabling them to access contact data for a limited number of customers.
4. Data breaches rise by 70% globally in Q3 2022
A new study by cybersecurity company Surfshark reveals that the third quarter of 2022 saw a 70% rise in global data breaches compared to the previous quarter. Russia, France, Indonesia, the US, and Spain are the countries most affected by data breaches. While Russia led in terms of accounts compromised in each quarter of 2022, the United States remained the single most breached nation throughout the last decade.
5. Researchers report massive upgrade to Fodcha DDoS botnet
A new version of Fodcha, the DDoS botnet discovered by 360NetLab researchers in April 2022, has emerged, boasting new features to evade detection of its presence and ransom demands injected into its packets. The botnet’s latest version, Fodcha 4, leverages 42 C2 domains to run 60,000 active bot nodes daily, generating up to 1 Tbps of destructive traffic. Fodcha’s average number of targets has increased tenfold since April, reaching 1,000 daily victims compared to 100 per day in April.