Cybercrime Week in Review 14 November 2015
ISIS supporter Cyber Caliphate takes over 54,000 Twitter accounts (#ZDNet)
ISIS sympathizers have launched an attack against the FBI, CIA and hijacked over 54,000 Twitter accounts in retaliation for a drone strike which killed a British ISIS extremist.
Ransomware Now Gunning for Your Web Sites (#KrebsOnSecurity)
One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user’s documents and files with very strong encryption. A ransom, to be paid in Bitcoin, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site’s files, pages and images for ransom.
Refined Ransomware Streamlines Extortion (#Bank Info Security)
Notably, the gang behind notorious CryptoWall ransomware, which has been tied to at least $325 million in criminal proceeds, has released an updated and more streamlined version of their data-encrypting malware, and more than doubled the ransom they demand to decrypt infected PCs.
Ransomware meets Linux – on the command line! (#Naked Security)
In the past year, we’ve seen refrigerators being hacked, Jeeps being remotely controlled by attackers while the driver is a helpless passenger, and everything from baby monitors to routers being criticized for poor security which can place not only our Internet of Things (IoT) devices at risk, but our personal privacy and security.
TalkTalk Hack: UK Police Bust Teenage Suspect (#Bank Info Security)
TalkTalk has warned that the hack may have resulted in personal data on up to 4 million subscribers being stolen. The company recently confirmed that it received a ransom demand from the alleged hacking group behind the attack.
Police nab 9 for allegedly spoofing bank employees in £60 million scam (#Naked Security)
The Linux/Ransm-C “product” is ransomware, plain and simple, built into a small command line program designed to help out crooks who want to practise a spot of extortion against Linux users.
Securus prison phone call data breach raises privacy, supply chain questions (#SC Magazine)
The large breach of Securus Technologies prison phone call data that exposed more than 70 million phone records of prisoners in 37 states and, in many instances, revealed the content of privileged conversations between inmates and their attorneys, raises a number of privacy concerns and is a wakeup call for prisons and other organizations to tighten security at every point in their supply chains.
Bumper Christmas for Fraudsters Predicted After 25% Spike in Q3 (#InfoSecurity Magazine)
Anti-fraud experts have warned e-tailers that this year could be the biggest Christmas for cybercrime ever, after 45 million attacks on e-commerce firms were stopped in Q3.
Chrome Zero-Day Exploit Leaves Millions of Android Devices Vulnerable to Remote Hacking (#The Hacker News)
Hackers have found a new way to hack your Android smartphone and remotely gain total control of it, even if your device is running the most up-to-date version of the Android operating system.
Ransomware-as-a-service surfaces, wants 10 percent profit cut (#The Register)
No technical information is offered regarding the capabilities of the ransomware — which is claimed to be some version of the well known CryptoLocker — and should serve as a warning for all would-be criminals thinking of signing up.
In other Security News…
FBI Deputy Director Hacked, $1M iOS Jailbreak Bounty, ProtonMail Pays Ransom
The same group of teenage hackers that broke into the personal email account of CIA Director John Brennan last month have now reportedly hacked into the private email account of FBI Deputy Director Mark Giuliano, according to a report by The Hacker News. A Twitter account allegedly ran by the hacktivist group posted links to more than 3,500 “Gov/Police/Military names, emails and phone numbers.” An FBI spokesman declined to neither deny or confirm the breach.
UK telecommunications provider TalkTalk announced more details of the breach against its website, saying the attack was “much more limited than initially suspected.” The company said intruders accessed the personal information of nearly 157,000 customers; of those customers, more than 15,600 bank account numbers and sort codes were stolen, according to a report by BBC News. The firm noted affected customers would be notified “within the coming days.” Four arrests have been made in connection with the hack – all of which have been released on bail.
A second British telecommunications company, Vodafone UK, announced a similar incident this week. The company released a statement saying it was “subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October.” The statement reads:
“This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.”
The intrusion led to less than 2,000 customers having their accounts accessed, potentially giving criminals information regarding their name, mobile phone number, bank sort code and the last four digital of their account, said Vodafone.
A team of hackers claimed a $1 million bug bounty prize for jailbreaking iOS 9.1 and 9.2 beta. The start-up company Zerodium was offering the reward to hackers that successfully developed a remote browser-based untethered jailbreak that worked on Apple’s latest operating system. Zerodium said it’s not planning to report the vulnerabilities to Apple just yet, but will likely disclose the technical details to its customers, whom it has described as “major corporations in defense, technology, finance and government organizations in need of specific and tailored cybersecurity capabilities.”
ProtonMail, a Switzerland-based encrypted email service, suffered an “extremely powerful” distributed denial-of-service (DDoS) attack that intermittently knocked its networks offline – and those of some of its upstream providers – over the course of several days. Despite paying nearly a $6,000 ransom, ProtonMail said it continued to witness attacks, and turned to Swiss and European authorities as part of an ongoing investigation.
“The attack conducted against us was the most sophisticated attack ever seen in Switzerland and displayed capabilities more commonly possessed by state sponsored actors,” said the provider.
XcodeGhost, the malware that infected hundreds – if not thousands – of legitimate Apple iOS apps offered on the Chinese app store, is back with another variant. Researchers at Symantec reported the malicious code was discovered in unofficial versions of Xcode 7, which allows developers to create applications for the latest iOS operating system. “[The malware] should serve as a reminder to app developers to use official, verified versions of Xcode,” warned the researchers.
Notable news stories and security related happenings:
Vodafone UK Fights-off Breach Attempts, Blocks 1,800 Accounts in Aftermath. “On Saturday, Vodafone UK told customers that attackers used information obtained from an external source to target customer accounts late last week. The attack was stopped, but not before 1,827 accounts were accessed.” (Source: #CSO)
Socially Acceptable: The Perils of Social Media Discovery. “…private social media accounts aren’t exactly private in the eyes of many judges. However, there may be some wiggle room, at least according to one New York court.” (Source: #Legal Tech News)
Most Consumers Believe Cloud-based Apps Can Be Hacked. “Consumers often don’t realize that the applications they depend upon daily live in the cloud and therefore many may be unaware of the threat of breach to their personal data, according to Radware.” (Source: #Help Net Security)
Hackers Use Anti-Adblocking Service to Deliver Nasty Malware Attack. “…the incident is the latest to show how people visiting known sites can still be exposed to drive-by attacks with serious consequences.” (Source: #Ars Technica)
Mobile Malware Makes Mobile Banking Treacherous. “The number of mobile threats percolating on devices worldwide has risen precipitously this year—over three-fold, according to a new report out by Kaspersky Lab. And though the occurrence of enterprise breaches caused by mobile devices continues to be questioned by experts, attackers do seem to be profiting from their attacks by targeting individual users’ bank accounts.” (Source: #Dark Reading)
A Tangled Web: Exploring the World of the Dark Web. “The terms Deep Web and Dark Web are often used interchangeably, but they are different. While both are parts of the Internet that are not indexed by traditional search engines, and therefore not easy for the average user to find, the Deep Web is reachable via a standard browser and does not require special tools or niche software to access.” (Source: #Cyveillance Blog)
Facebook Finally Changes Real-name Policy. “The Nameless Coalition, consisting of 75 human rights, digital rights, LGBTQ, and women’s rights advocates – including the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) – had penned an open letter (PDF) to Facebook, on October 5, 2015, explaining why the policy is broken and how Facebook could mitigate the damages it causes.” (Source: #Sophos’s Naked Security Blog)
Snapchat Reassures Users That Photo Messages are Still Totally Private. “Snapchat’s policy update was not nearly as controversial as Instagram’s, but the reaction it elicited goes to show that companies need to invest time in explaining what changes will really mean to users.” (Source: #CNET)
iOS 9 Can Now Finally Be Remotely Jailbroken — but YOU Can’t Do It. “Bad news iOS 9 users. Someone has developed a way of jailbreaking your iPhone or iPad and spying on you, in a way that is currently unstoppable.” (Source: #Intego’s The Mac Security Blog)
How to Earn the Trust of Millennials Concerned with Security. “Millennials are growing increasingly weary of data and security when it comes to their favorite brands. And that means it’s vital that companies include a strong cybersecurity message in their marketing plan to help rebuild trust.” (Source: #CSO)
What CISA Means for Organizations and Their Data. “The Cybersecurity Information Sharing Act (CISA) was passed by the Senate early last week, and while it still has a few hoops to jump through before it is enacted into law, the hotly debated proposed rules may considerably impact both those organizations holding sensitive data and the users that data belongs to.” (Source: #Legal Tech News)
How Carders Can Use eBay as a Virtual ATM. “How do fraudsters ‘cash out’ stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own.” (Source: #KrebsOnSecurity)
There’s a Good Chance Your Mobile Device Is Vulnerable to Data Thieves. “Skycure says it measures the security of mobile devices using its own formula, called the Mobile Threat Risk Score, ‘which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.’” (Source: #The Street)
Irish Cyberpsychologist Inspiring CSI Show Tells Web Summit: We Should Learn from Kids in Cybercrime. “She said she is currently working on one project with Europol which involves using geographic profiling, normally used to track offenders of serious crimes, and apply it to a cyber context to see how people, particularly teenagers, become involved in hacking or other cyber crime.” (Source: #Independent.IE)
UK Unveils Powers to Spy on Web Use, Raising Privacy Fears. “Britain unveiled plans on Wednesday for sweeping new surveillance powers, including the right to find out which websites people visit, measures ministers say are vital to keep the country safe but which critics denounce as an assault on freedoms.” (Source: #Reuters)
New Type of Auto-rooting Android Adware is Nearly Impossible to Remove. “Researchers have uncovered a new type of Android adware that’s virtually impossible to uninstall, exposes phones to potentially dangerous root exploits, and masquerades as one of thousands of different apps from providers such as Twitter, Facebook, and even Okta, a two-factor authentication service.” (Source: #Ars Technica)
Chip Card Phishing Scams Flourish. “If you have not received your new credit and debit chip card yet — the Federal Trade Commission (FTC) is warning that cybercriminals are lining up email phishing campaigns and posing as credit card issuers.” (Source: #Norse Corp’s Dark Matters Blog)
Magid: Cybercriminals Often Resort to Simple Trickery. “As it does every year, security firm Trend Micro has released its annual threat report, titled “Security Predictions for 2016 and Beyond.” And, to me, the most profound statement in the report is ‘cybercriminals don’t need to use the most advanced technologies or sophisticated methods to succeed. Sometimes, simply understanding the psychology behind each scheme and its targets can be enough to make up for the lack of sophistication.’” (Source: #San Jose Mercury News)
Reverse Social Engineering Tech Support Scammers. “Our experiment provided some interesting insights into the methods these scammers use to fool their victims as well as the infrastructure supporting their operations. In addition, we discovered a broad New Delhi-based scamming network employing multiple websites and VOIP phone numbers to carry out their duplicitous activities.” (Source: #Talos Intel Blog)
“Offline” Ransomware Encrypts Your Data without C&C Communication. “…while most known ransomware requires Internet connection and successful communication to their C&C servers before initiating the encryption, this sample does not need Internet connection to encrypt files and display the ransom message. This means that there is no key exchange between the infected machine and the attacker, which eliminates one option of stopping the attack.” (Source: #Check Point Blog)
CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware. “When the malware makes its move, the new CryptoWall not only encrypts files, as it always has done, it also encrypts filenames. Heimdal Security states this new technique increases victims’ confusion, and thereby increases the likelihood that they’ll pay the ransom, and quickly.” (Source: #Dark Reading)