Cyber Security News Update 09/21/2018

One of the creators of Scan4You has been sentenced to 14 years in prison for his assistance in helping hackers cause over $20 Billion in damages with their innovative tool. Antivirus software works on a communal database and herd immunity, similar to how vaccines work, that uploads a copy of any malicious software whenever it detects something. In this way, if a computer detects a new threat, even if it can’t prevent the infection, the research and development teams are made aware and can start working on a solution. This allows for cyber research groups to see new attack vectors and malware strains as they are released into the wild, and this hopefully allows them to create countermeasures before the virus spreads. Scan4You is counter-antivirus software: it allowed users to upload their attack programs and run them against antivirus programs without the data being uploaded to the communal database. With this tool potential attackers were able to create attacks that they were reasonably sure would go undetected. This allowed for billions of dollars in damage and for personal information to be stolen on a scale that isn’t normally seen. While the Scan4You team didn’t sell malware, they did facilitate attacks and have been charged with hacking and selling malicious products.
Source: Operator of VirusTotal Like Malware-Scanning Service Jailed for 14 Years

Microsoft is working to patch an exploit, brought to their attention by the Zero Day Initiative, that allows for attackers to execute malicious code on any server running the JET Database Engine (JET). This vulnerability affects all known version of Windows and Windows Server Edition as well and there is currently no patch available. Microsoft did not release a patch for this vulnerability in September, so the nearest time it could arrive would be in the October patch. The JET exploit works by creating a database file that is too large and allows an attacker to create and execute malicious code in the memory buffer necessary to process the file.
Source: Researcher Discloses New Zero-Day Affecting All Versions of Windows

There’s a new malicious group trying to sell its Malware-as-a-Service (MaaS) known as Black Rose Lucy which targets Android devices. Black Rose Lucy is the product of the Russian speaking Lucy Gang, and currently, there is no known connection to APT 28 or other Russian hacking groups though such a connection is not out of the realm of possibility. According to researchers the Lucy Gang, while apparently new, shows signs of past hacking experience and business acumen that belies their otherwise unknown reputation. Black Rose Lucy allows additional software to be installed on to infected devices, which opens them up to further attacks. Black Rose Lucy has been developed to be easy to use according to researchers, which will increase the market that it can sold to. Additionally, Black Rose Lucy appears to be the original product of the Lucy Gang due to its clean code structure that is unusual in code that has been copied from somewhere else.
Source: Lucy Gang Debuts with Unusual Android MaaS Package