HTML smuggling as a method to bypass network detection.

The PlugX activity targets foreign policy entities in Europe, mainly Eastern Europe, by using HTML Smuggling. HTML Smuggling is a method used by hackers to conceal harmful payloads within HTML documents. The SmugX email campaign uses HTML Smuggling to download a JavaScript or a ZIP file. This creates a long infection chain that ultimately results in the victim being infected with PlugX.

Adversaries have used HTML smuggling for a while. Still, it has become more common since Microsoft blocked other popular methods of sneaking malware onto systems, like default-blocking macros in Word documents.

Lure for European politicians

The Attackers primarily focused on European domestic and foreign policy and were mainly used by Eastern and Central European governmental organizations.

Most of the documents found had content related to diplomacy, with some specifically concerning China and human rights. Furthermore, the names of the files imply that the targets were likely government officials and diplomats.

Attack on the European government

The attackers implemented HTML smuggling to enable downloading a JavaScript or ZIP file onto a compromised system. In the case of a ZIP archive, it includes a harmful LNK file that triggers PowerShell. On the other hand, if a JavaScript file is utilized, it will download and activate an MSI file from the attackers’ server.

After infecting a system, the DLL decrypts the PlugX malware. This malware can conduct several harmful activities, such as capturing screenshots, logging keystrokes, executing commands, and extracting files. A legitimate executable is hijacked and downloaded during the infection process to ensure that the malware remains on the system. The malware then duplicates the fair program and DLL, storing them in a hidden directory. The malware adds the legitimate program to the Run registry key to maintain persistence.

Is it possible to evade PlugX infection?

Potential targets of such attacks must prioritize defense. In a significant cyber attack, resetting the organization’s cyber security approach and posture is recommended. Every organization must reflect on its actions and decisions following a considerable spell. Though, it should be a lesson not only for governmental services but also for companies.

• Regularly update the systems. It is essential to regularly update your operating systems, software, and applications with the latest security patches and updates to fix known vulnerabilities.
• To enhance your security measures, it is necessary to revamp the cybersecurity training provided to government officials.
• A unique role for such organizations is the Zero Trust principles, so you can completely change the state of affairs in security.
• Implementing strict access controls such as strong passwords, multi-factor authentication (MFA), and role-based access control is essential to prevent unauthorized access to sensitive data and systems.

To minimize the risk of attacks, companies should implement various security measures. These include adopting robust security strategies, such as the Zero Trust model, regularly updating and patching systems, providing thorough security awareness training, implementing strict access controls, segmenting networks, using advanced threat detection tools, regularly backing up data, conducting security assessments, and utilizing third-party security services. By taking these steps, companies can significantly reduce their vulnerability to attacks.

The post PlugX malware attacks European diplomats appeared first on Gridinsoft Blog.

The Austrian Data Protection Authority has stated that the use of the Google Analytics statistics collection system violates the General Data Protection Regulation (GDPR) and poses a privacy risk.

NOYB (none of your business) founder Max Schrems, who successfully sued Facebook for violating the privacy of European citizens in the past, scored another victory, this time against Google. According to a court decision, Google Analytics is declared illegal for use on European websites.

The story began on August 14, 2020, when Max Schrems went to an Austrian site dedicated to health problems. The website used Google Analytics and the user data was sent to Google. With the help of the collected data, the tech giant was able to identify the user. On August 18, 2020, Schrems complained to the Austrian data protection authority.

During the trial, which lasted about two years, it became known that Google “is subject to surveillance by US intelligence agencies, and companies may be ordered to disclose the data of European citizens.” The collection of personal data was supposedly carried out using cookies.

The consequences could be far-reaching. Although the complaint concerned only one website publisher, it was one of 101 complaints filed at the same time a year and a half ago by NOYB. This massive offensive has prompted EU data protection authorities to coordinate their actions, so there is a good chance that up to 100 such decisions will be made.

If so, then websites operating in Europe would have a strong hurdle to stop using Google Analytics and other cloud services in the US.

Many companies in Europe may have to remove Google Analytics from their sites or risk being fined for violating the GDPR.

According to Google, in 15 years, US law enforcement agencies have never filed a request to provide information collected using Google Analytics. In addition, the tech giant invited the EU and US authorities to agree on a new data exchange model.

Let me remind you that we also wrote that Google developers told how they will implement Manifest V3.

You might also be interested to know that Hackers attacked Microsoft Exchange servers of the European Banking Authority.

The post Companies in the EU will have to remove Google Analytics from their websites appeared first on Gridinsoft Blog.

The European Commission found that Google required manufacturers to preinstall its search engine and browser apps in order to gain access to its Play Store, which is essential for distributing apps on Android phones. The Commission also found that Google paid manufacturers and mobile network operators to exclusively preinstall Google search on their devices.

This practice was deemed to be anti-competitive, as it prevented other search engines and browsers from competing on a level playing field. The Commission also found that Google’s actions had hindered innovation in the market, as competitors were unable to develop new and innovative products.

The €4.3 billion fine is the largest ever imposed by the European Union on a company for violating competition rules. It follows a previous €2.4 billion fine that was imposed on Google in 2017 for promoting its own shopping comparison service over those of its rivals.

Google has denied the allegations and has announced its intention to appeal the decision. The company has argued that the preinstallation of its apps is necessary to ensure a consistent and high-quality user experience on Android devices.

The decision has been widely welcomed by competitors of Google, who argue that the company has abused its market power to stifle competition and innovation. The fine is also seen as a signal to other tech giants that the European Union is serious about enforcing its competition rules.

In conclusion, the European Union’s decision to fine Google €4.3 billion for violating competition rules is a significant development in the ongoing battle between tech giants and regulators. It is a reminder that no company is above the law and that anti-competitive practices will not be tolerated. The decision is likely to have far-reaching consequences for the smartphone market and the wider tech industry, as companies will need to ensure that they are complying with EU competition rules if they want to avoid similar fines in the future.

The post Google Fined Record €4.3 Billion for Abusing Dominance in Smartphone Market appeared first on Gridinsoft Blog.