Inside Security - August 8th, 2019

Inside Security (Aug 8th, 2019)

Phishing scams / FinFisher and QualPwn malware / Warshipping

New blank template
Subscribe | View in browser

If you aren’t a premium subscriber, you missed my perspective yesterday on bulletproof hosting and the latest effort to deplatform 8chan. You can read a great historical perspective on the history of 8chan in Inside Social. There is more information that came out yesterday about this that I summarize below. 

A schedule note: I will be off tomorrow due to travel demands. See you Monday.

-- David Strom 

1. Since I wrote my premium newsletter yesterday, the U.S. CERT has issued this advisory. It warns users of potential phishing scams that try to lure you in based on subject lines mentioning the past week’s tragedies in Dayton and El Paso. My colleague and distant relative Megan Squire has written an excellent piece for the Brookings Institute blog on how policy makers are missing the mark when it comes to fighting online extremists that is well worth reading. She has done extensive research into the alt-tech world and shows how these individuals use similar tactics to the malware authors.

2. New Android-based malware called QualPwn has been discovered by Chinese researchers. It can remotely control infected phones by leveraging three different Qualcomm chipset vulnerabilities. The company acknowledged the flaws here. Google issued an update to patch the problem but Samsung hasn’t yet done so. Users should upgrade accordingly. -- THE HACKER NEWS

3. Throwback Thursday: FinFisher.

One of the world’s most dangerous malware programs reappeared five years ago today. Called FinFisher, it can remotely control PCs, intercept Skype calls, log keystrokes and evade detection. Until then it had been sold exclusively to government and law enforcement agencies and was notably used to target dissidents in authoritarian nations. Five years ago its code was leaked online. This hack was big news at the time: the leak revealed all sorts of information about the malware’s methods, including the finances of its creator, Gamma International. A parody Twitter account announced the hack. The malware continues to pop up around the world, most recently in Myanmar this summer, where an Android version was discovered that could collect and copy a wide variety of phone data.  

4. It isn’t surprising that fraudsters are increasingly using mobile devices. But this post, which analyzes billions of transactions from TransUnion data, shows how to catch the more risky behaviors. Mismatching SIM card country identity and currency and language being used, using mobile emulators on desktop PCs, running an app when the phone is face down on a surface, and other “tells” can be used to flag questionable transactions. -- IOVATION BLOG

5. You have heard of wardriving, but how about warshipping? The practice involves mailing a small computer to a target company. Once the package has been delivered to the mailroom, it is activated and attempts to connect to the corporate network. IBM red team hackers were able to use this technique to infiltrate various networks. They have produced a video showing you how the attack is done. -- SECURITY INTELLIGENCE (IBM)

6. Two reports from the Retail Information Sharing and Analysis Center are worth reading, even if you don’t run a retail business. First is a cogent and quick guide to understanding a CISO’s responsibilities under the California CCPA privacy law. It defines what is personal data, addresses common questions about compliance, company roles and responsibilities and steps that companies can take to plan for the future. Second is a warning about credit card skimmers and how to better detect them.

7. This post takes a deeper dive into how the MegaCortex ransomware operates. It has mostly been used to target businesses and used to work in conjunction with manual methods to infect various endpoints. Researchers have found a new version that can self-install, making it more potent. The malware creators have traded some security for ease of use and automation of their attacks. -- ACCENTURE BLOG

8. There are five ways you can make cyberattacks more difficult to accomplish, according to this new research paper. Three of them are to make the data obsolete (by changing passwords for example), move quickly after a breach and identify threat vectors. Worthy showing to your managers. -- 4IQ (PDF)

9. Attacks are getting more targeted, hitting higher volumes and using more financial-astute methods. These results are from new analysis of NetScout telemetry over the first half of 2019. Botmasters are taking advantage of smart home devices to launch their attacks and malware is hitting more IoT devices on corporate networks, even those behind firewalls. -- NETSCOUT REPORT (PDF, reg. req.)

10. I am a big fan of the writings of David Froud, and have cited his blog in numerous newsletters. His latest is about his “honest CV,” which describes things that you might not find in the run-of-the-mill document. How he came to assemble the document and why you should do so is worth reading. -- FROUD ON FRAUD

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and’s business websites. You can find me at @dstrom or my personal site. Finally, we note our editing team: Kim Lyons (Pittsburgh-based journalist and managing editor at Inside), David Stegon (senior editor at Inside, whose reporting experience includes cryptocurrency and technology), and Bobby Cherry (senior editor at Inside, who’s always on social media).

Copyright ©, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security