Cybercrime Week in Review 24 October 2015
Analyzing Spear Phishing Attacks (#PhishLabs)
Once an attack is detected, it needs to be analyzed to determine the best mitigation strategy. The objective of the Analyze phase is to quickly establish sufficient threat context to drive the appropriate next action.
Stolen data on the dark web is cheaper than you might think (#ZDNet)
For as little as $5, you can buy a US software-generated payment card for almost untraceable purchases. The price depends on region, with some of the most expensive items coming from Europe. For a debit card with name, address, PIN number and Social Security data attached to it for extra validity, the cost can go up to anywhere between $30 and $45.
US High School Student Hacks AOL Account of CIA Boss (#Info Security)
A US teen is claiming he managed to hack the email account of CIA director John Brennan and make off with sensitive government files.
Malvertising meets the Daily Mail (#Naked Security)
Reported cases are said to have redirected visitors to web pages containing the Angler exploit kit, an infamous “cybercrime as a service” tool that automatically loads a sequence of booby-trapped files into your browser, and tries them one by one in the hope of getting control over your computer.
Long Island students busted for allegedly hacking into high school’s computer system, changing grades and schedules in Ferris Bueller-style scheme (#Daily News)
Three Long Island teens were arrested Tuesday for committing a Ferris Bueller-style hack into their high school’s computer system, where they pumped up their grades and altered the schedules for 300 students, officials said.
How Criminals Cracked EMV (#Bank Info Security)
European criminals cannibalized stolen EMV cards, combining clipped smartcard chips with miniature microprocessors to construct fake payment cards that defeated point-of-sale security checks, enabling them to commit as much as 600,000 euros ($680,000) in fraud.
Let’s Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers (#The Hacker News)
Let’s Encrypt – the free, automated, and open certificate authority (CA) – has announced that its Free HTTPS certificates are Now Trusted and Supported by All Major Browsers.
TALKTALK HACKED: 4 million customers affected, stock plummeting, ‘Russian jihadist hackers’ claim responsibility (#Business Insider)
British broadband provider TalkTalk has been hacked for the third time, the company announced late Thursday, and customers’ data — including credit card details — may have been stolen.
Capital One Launches SwiftID, A Way To Bypass Security Questions With Just A Swipe
Banks aren’t always known for being technical innovators – which is one thing that gives startups in the financial services space an edge. But this morning Capital One is attempting to change that perception with the launch of a new technology called SwiftID – a way to authenticate users with just a swipe on the smartphone’s screen. SwiftID, which aims to do away with the typical security questions like “name of your first pet?” or “mother’s maiden name?,” is the first offering of its kind in the financial services industry, Capital One claims.
In other Security News…
Adobe 0-Day Exploit, Dridex Disrupted, Vulnerable Androids
Dow Jones & Co., the publisher of The Wall Street Journal, recently disclosed that hackers gained unauthorized access to its systems, potentially exposing the personal and financial information of some former and current subscribers. In a notice to customers, the company said the incident impacted fewer than 3,500 individuals, although it has yet to discover evidence that the information was in fact stolen. According to NBC News, intruders had access to the system from August 2012 up until July 2015 when the company was notified.
Security researchers warned of a new zero-day exploit in Adobe Flash Player that attackers behind the long-running Pawn Storm espionage campaign are leveraging to install malware on high-profile targets’ computers. Adobe released a security advisory for the critical vulnerability stating, “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.” The researchers noted that in this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the world.
The UK’s National Crime Agency (NCA) alerted online users of the resurgence of a sophisticated strain of malware, known as Dridex, which enabled cyber criminals to drain more than £20 million from British bank accounts. The NCA said it estimates there could be thousands of computers infected in the UK – the majority being Windows users.
“In addition to its primary function of harvesting banking credentials, this particular strain of malware also exploits systems to send out phishing emails with infected attachments in an effort to compromise more systems,” explained Ken Westin, senior security analyst at Tripwire.
Law enforcement agencies in the US and UK have been working to disrupt the botnet, following the arrest of the alleged botnet administrator, Andrey Ghinkul, earlier this year.
A new hacking group reportedly stole more than 150,000 credit cards from an unnamed casino with a “flat, firewall-free network.” Security researchers said the cybercrime ring – dubbed Fin5 – is linked to numerous retailers’ payment card breaches, including Goodwill, and multiple Visa security alerts to merchants due to the use of its “RawPOS” malware. “The incident should serve as a warning to businesses to secure any access that third party organizations have to corporate networks,” said the researchers.
About 85 percent of Android devices are exposed to at least one of 13 critical vulnerabilities, according to a new study from the University of Cambridge. A group of security researchers examined more than 20,000 Android devices from a variety of carriers and manufacturers, revealing that the lack of updates to consumer’s devices is likely to blame.
“Unfortunately something has gone wrong with the provision of security updates in the Android market. Many smartphones are sold on 12–24 month contracts, and yet our data shows few Android devices receive many security updates, with an overall average of just 1.26 updates per year, leaving devices unpatched for long periods of time,” read the report.
Uber inadvertently leaked the personal information of nearly 700 drivers, including Social Security numbers, tax forms and copies of driver licenses, following the launch of the company’s new “Uber Partner” app. According to reports, a bug in the software was discovered by an Uber driver, who began alerting others on Reddit and other forums. The company has since resolved the issue.
Security provider Malwarebytes recently found that a malvertising campaign was targeting the popular British news site The Daily Mail. The campaign appeared have been redirecting users to the infamous Angler exploit kit – previously used to deliver ransomware. The Daily Mail, which attracts more than 156 million monthly visitors, has since removed the malicious ads.
Notable news stories and security related happenings:
US Ports – Cyber Attacks can Cause the Release of Dangerous Chemicals. “The Rep. Candice Miller, R-Mich explained that a cyber attack against a US port could cause serious damage to populated areas thanks to security gaps left unfixed by the Department of Homeland Security. According to the congressman, the security issues were reported more than a year ago by the Government Accountability Office, but the DHS hasn’t taken the necessary steps to fix them.” (Source: #Security Affairs)
Boffin’s Easy Remote Hijack Hack Pops Scores of Router Locks. “Thousands of routers mandated for use by a major Singaporean telco and operated by ‘top enterprises” around the world are open to a remote zero day exploit that allows routers to be completely hijacked and is indefensible by most users. Vantage Point Security senior security consultant Lyon Yang does not wish to disclose the name of the affected internet provider but says the ZHONE routers are required for subscribers to be able to connect to the service.” (Source: #The Register)
Japan’s Cybercrime Underground On The Rise. “Researchers at Trend Micro’s Forward Looking Threat Research team studied the inner workings of Japan’s cybercrime activity, and found some interesting characteristics. Japan is still a newbie here, and the bad guys have a higher bar to clear given the nation’s strict criminal laws. So Japan’s cybercriminals don’t write their own malware due to the tight legal environment against such activity there; they instead buy malware from their counterparts in other nations.” (Source: #Dark Reading)
European Aviation Body Warns of Cyber-attack Risk Against Aircraft. “Over the past two years, there has been an increasing number of cyber-security incidents reported in the aviation industry. As reported by French newspaper Les Echoes, Ky said the white-hat hacker, who was also a professional pilot, took five minutes to crack the messaging system. It was another couple of days before the same consultant managed to gain access to aircraft control systems. As reported by French newspaper Les Echoes, Ky said the white-hat hacker, who was also a professional pilot, took five minutes to crack the messaging system. It was another couple of days before the same consultant managed to gain access to aircraft control systems.” (Source: #SC Magazine)
Millennials Distrust Data Protection Methods Employed By Common Online Services: Study. “According to a survey released by Intercede, which polled millennials from both the United States and the U.K., members of the incumbent generation indicated they held low trustworthiness for many of the most commonly used online services. Sixty-one percent of respondents said they had “no” or “little” trust in social media platforms, 38 percent said the same for retailers and 22 percent for governmental services.” (Source: #Legal Tech News)
‘One of World’s Largest Child Porn Distributors’ Captured in Colombia. “A 27-year-old man was caught with a stash of just under 85,000 videos, the largest repository of pornography ever found in Colombia, consumed illegally by pedophiles across the globe. The minors who appeared in the images and videos of the distributor’s external hard drives were in particular from Asia, Europe and Latin America.” (Source: #Colombia Reports)
New Zero-Day Exploit Hits Fully Patched Adobe Flash. “Adobe officials have confirmed this vulnerability affects Flash version 126.96.36.199, which was released on Tuesday. The vulnerability has been cataloged as CVE-2015-7645. The company expects to release a fix next week.” (Source: #Ars Technica)
Fraudsters Exploit Weak SSL Certificate Security to Set Up Hundreds of Phishing Sites. “Netcraft internet services developer Graham Edgecombe warned in a 12 October blog: ‘Consumers have been trained to “look for the padlock” in their browser before submitting sensitive information to websites, such as passwords and credit card numbers. However, a displayed padlock alone does not imply that a site using TLS (the successor to SSL) can be trusted, or is operated by a legitimate organisation.’” (Source: #SC Magazine)
Even in Public Life, Some Things Should be Private. “Sunshine does not belong everywhere. Nor is it always helpful in a world too hasty to judge. Not convinced? Ask the family of Lord Brittan, who went to his grave knowing that millions thought he was guilty of a most disgusting crime. A little less openness would have been kinder – and more just.” (Source: #The National)
Cops Don’t Need a Crypto Backdoor to Get Into Your Phone. “But despite the iPhone’s title as the highest-security smartphone—or even consumer-focused computer of any kind—it still offers significant cracks for the cops to exploit, says Nick Weaver, a security researcher at Berkeley’s International Computer Science Institute. ‘The iPhone is the hardest target, but in practice law enforcement can find a way in,” Weaver says. “There are three or four ways into the typical iPhone. It takes someone really paranoid to have closed all of them.’” (Source: #Wired)
Uber Error Leaks US-based Drivers’ Data. “Uber has acknowledged that a flaw in its software caused it to leak personal data belonging to its drivers. The company said that about 700 of its “partners” in the US had been affected by the mistake. Exposed data included social security numbers, photos of driver licences, tax forms and other details, according to news site Motherboard, which first reported the issue.” (Source: #The BBC)
Yahoo’s Attempt to Eliminate the Password. “…the company announced, users of the Yahoo Mail app on both iOS and Android will have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords. When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account.” (Source: #IT News)
Universities Trying to Safeguard Sensitive Student, Parent Data. “Universities have been requiring and retaining students’ and parents’ sensitive financial and medical information for decades and are taking steps to safeguard it from hackers.” (Source: #Business Insurance)
‘Legitimate’ Rooting Apps Paving Way for Malware. “Somewhere between 27 and 47 percent of all Android smartphones are rooted, said Qian. This allows users to get rid of pre-installed apps that are otherwise impossible to remove, to personalize their phones beyond what is allowed by the official limits, to get better backups, or better power management tools.” (Source: #CSO Online)
The Evolving Landscape of “Hacking Back” Against Cyber Attacks. “Broadly speaking, ‘hacking back’ refers to attempts by cyber-attack victims to locate the perpetrator of the attack and, in some cases, identify and recover any information that may have been stolen by working backwards from the point of entry of the attack. Cyber security scholars have debated the effectiveness and propriety of such an approach. Some liken hacking back to a justified response to a physical attack, while others compare it to vigilantism.” (Source: #JD Supra)
Firms Pit Artificial Intelligence Against Hacking Threats. “Sometimes the best way to stop a bad machine is with a lot of good machines. Several companies are applying the techniques of artificial intelligence, or A.I., to the world of security, and they are using a whole bunch of machines strung together in so-called cloud computing networks to do it.” (Source: #The New York Times)
Disney is Hiring an Intelligence and Counter-Terrorism Intern. “According to the job description, first reported by The Independent, the winning candidate will join the company’s ‘Counter Threat’ intelligence support team, which ‘provides strategic intelligence, threat assessments, vulnerability mitigation strategies and in-depth analytical products covering existing and developing threats that include counter terrorism, physical threats, cyber-attacks and all reputational risks to TWDC, its affiliated business units, facilities, guests and employees.’” (Source: #Quartz)
Is Your Phone Safe for Work? “The most surprising finding in the report, he says, is the percentage of data breaches attributable to mobile devices. Nearly three-quarters of the 100 IT and security leads surveyed (about half of whom are chief information security officers) reported that their organizations have ‘experienced a data breach as a result of a mobile security issue.’ Common reasons for mobile data breaches? Malware-laden apps, security holes, and unsecured Wi-Fi connections, according to the study.” (Source: #Fortune)
Prices of Stolen Data on the Dark Web. “Payment card data is perhaps the most well-known data type stolen and sold. McAfee Labs researchers found a value hierarchy in how this stolen data is packaged, priced and sold in the dark market. A basic offering includes a software-generated, valid number that combines a primary account number (PAN), an expiration date and a CVV2 number.” (Source: #Help Net Security)
Malvertising is a Troubling Trend. “Over the past few weeks, my company’s employees have been hit by more than the usual number of malware infections. And the reason why is both startling and troubling, because these infections represent a new type of threat that is much harder to avoid than anything we’ve seen before.” (Source: #Computer World)