This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data.

And finally… our thoughts on Elon Musk’s new baby’s name.

Lucy ransomware impersonates FBI to exploit Android users

The “Lucy” malware-as-a-service (MaaS) botnet and dropper has reportedly been updated with ransomware capabilities in a new attack campaign against Android mobile-device users. The malware was purportedly spread via malicious links on social media platforms. After tricking Android users who visited the platforms―causing them to grant permissions―the malware encrypted all data on the victims’ Android devices. Lucy used a ransom note that impersonated the United States Federal Bureau of Investigation and demanded that victims pay via credit card, probably so the threat actors could also gain access to victims’ credit-card details.


Cisco offers patch for high-severity router software flaw

A patch was released for a high-severity security flaw affecting Cisco’s IOS XE software used by SD-WAN routers. Described as an insufficient input validation flaw, the vulnerability could allow attackers to execute arbitrary code and abuse root privileges on target systems. No attacks exploiting the vulnerability have been reported but users are being advised to apply the patch.


SaltStack vulnerability leads to attacks on Ghost blogging platform

The open-source blogging platform Ghost was reportedly compromised in attacks that followed a threat actor exploiting a vulnerability in the SaltStack software (CVE-2020-11651). Attackers attempted to use Ghost’s infrastructure to mine cryptocurrency,  by using cryptocurrency-mining malware. The attack campaign was discovered on 03 May 2020, just two days after the vulnerability in SaltStack was disclosed. Reporting suggested that no user data was compromised.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 08 May 2020