Saturday, March 25, 2023
Home Tech News Cyber Security Today, Nov. 29, 2021 – Ikea under phishing attack, evasive...

Cyber Security Today, Nov. 29, 2021 – Ikea under phishing attack, evasive JavaScript loader discovered and malware found hiding in Linux calendars

Ikea under phishing attack, evasive JavaScript loader discovered and malware found hiding in Linux calendars.

Welcome to Cyber Security Today. It’s Monday November 29th. I’m Howard Solomon, contributing writer on cybersecurity for

International furniture retailer Ikea has been fighting a cyberattack through its email system. According to the Bleeping Computer news service, a hacker is using the legitimate email addresses of employees to spread malicious attachments to other Ikea employees. These phishing emails may also appear to be coming from Ikea partners and suppliers. Usually the victims click on a file that contains a malicious Microsoft Excel document. To execute the document the victim has to then click on a button to Enable Content or Enable Editing. Most smart IT departments have turned off this capability because it’s how malware is spread. Employees have to be repeatedly warned that malware can come in attachments in emails that look like they are from co-workers, friends and business partners. They should be trained to always ask a knowledgeable IT worker before disabling the safety features in productivity suites like Microsoft Office.

It’s no surprise that threat actors use infected email attachments to compromise the computers of employees. But researchers at HP have discovered a new campaign that uses an evasive JavaScript loader for initially compromising computers. After infection the loader distributes a variety of remote access trojan malware, which allows an attacker to secretly access the system. The variety of the second stage of malware suggests whoever created the loader, which HP calls RATDispenser, may be operating a malware-as-a-service business. Network defenders can prevent infections by blocking executable email attachment file types like JavaScript or VBScript from passing through their email gateways. They can also change the default file handler for JavaScript files by only allowing digitally signed scripts to run, or by disabling Windows Script Host.

Drug manufacturing and research organizations in the life sciences and biotechnology sectors are being warned their IT systems may face an attack by a very sophisticated threat actor. This alert from the Bioeconomy Information Sharing and Analysis Center comes after the discovery in October of advanced persistent malware in a company. It was the second found in a facility this year. According to researchers, the first detection came following a ransomware attack. They think this particular complex malware is specifically aimed a biomanufacturing and research organizations. Researchers say organizations must ensure proper segmentation between corporate and manufacturing or operational networks. Phishing defences are paramount.

Finally, threat actors try to hide their malware in a number of places on IT systems to prevent it from being detected. Researchers at a cybersecurity company called Sansec found a remote access trojan hiding in new location in several online shopping systems: Tucked away in the calendar subsystem of Linux servers under the date “February 31st.” As you all know, February doesn’t have 31 days, so few IT security systems would detect it. The real purpose of this malware is to steal credit and debit card data of shoppers. Usually cyber crooks try to inject this kind of data-stealing malware into a browser. However, increasingly they are hiding payment card stealing malware in servers.

That’s it for now Remember links to details about podcast stories are in the text version at That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

- Advertisment -

Most Popular

Students hit day 5 of hunger strike seeking McMaster University move away from fossil fuels

A group of students are now on day five of a hunger strike aimed at getting McMaster University to divest from four on-site natural...

Some questions for the employees behind Google Docs

/ Something something you ship your org chart.I have a lot of questions! Illustration: Alex Castro / The VergeWhy is the toolbar a...

Yellowjackets season 2 is more of an appetizer than a feast

The gruesome mystery returns, but it’s lacking some of the punch that made the first season so potent.Share this story Image: ShowtimeWinter was always...

Vancouver Art Gallery memorial to residential school children to be removed

A memorial to the Indigenous children who never made it home from residential school has been lining the steps of the Vancouver Art Gallery...