Cybercrime Week in Review 12 December 2015
Analyzing Bartalex – A Prolific Malware Distributor (#PhishLabs)
Bartalex is a name that continues to appear in a cyberthief’s arsenal as one of the most popular mechanisms for distributing banking Trojans, ransomware, RATs, and other malware. The SANS ISC recently published a very interesting technical analysis of Bartalex. With this post, we hope to add a little more color and supplement what you already know about this prolific malware distributor.
Dorkbot Botnets Get Busted (#Bank Info Security)
One of the world’s most prevalent malware families – Dorkbot – and its associated botnets have been disrupted by an international coalition of law enforcement agencies in cooperation with technology and security firms.
UK police target script kiddies, teenage hackers (#ZDNet)
A recent UK National Crime Agency (NCA) poll found that the average age of cybercrime suspects — such as those involved in the recent TalkTalk hack — is 17, in comparison to 24 a year ago. There are teenagers out there able to flit in and out of servers, pinch data and cause chaos for enterprise players — all before completing their mandatory education, exams, or being able to legally drink.
Adobe, Microsoft Each Plug 70+ Security Holes (#KrebsOnSecurity)
Adobe and Microsoft today independently issued software updates to plug critical security holes in their software. Adobe released a patch that fixes a whopping 78 security vulnerabilities in its Flash Player software. Microsoft pushed a dozen patch bundles to address at least 71 flaws in various versions of the Windows operating system and associated software.
Dailymotion hit by malvertising attack as perpetrators ‘up their game’ (#The Register)
Bankers Fear Cybercrime More than Economic Failure (#Info Security)
Bankers in North America and the UK are more concerned about cybercrime than the economy, according to new research from PricewaterhouseCoopers.
Bill requiring reporting of social media terrorist content is back (#Naked Security)
A pledge of allegiance to the Islamic State (IS) – otherwise known as Daesh – that might have been posted to Facebook by suspected terrorist Tashfeen Malik has prompted US lawmakers to revive a bill that would require technology companies such as Facebook and Twitter to report suspected online terror activity.
Hacker Lexicon: Malvertising, the Hack That Infects Computers Without a Click (#Wired)
The news page looked perfectly innocent. Apart from the reams of celebrity gossip stories and throw-away magazine layout, nothing about the the website for UK news site The Daily Mail seemed particularly malicious. But, if you visited the site in October, you might have fallen victim to a sophisticated hacking campaign without even realizing it.
When kids start getting hacked, it’s time to wake up about cybersecurity (#Washington Post)
It was not an auspicious beginning to the holiday season. On Black Friday, we learned that a hacker had broken into the servers of Chinese toymaker VTech and lifted the personal information of nearly five million parents and more than 200,000 children. The data haul included home addresses, names, birth dates, email addresses, and passwords. Worse still, it had photographs and chat logs of parents with their children.
In other Security News…
Business Email Compromise Attacks Rapidly Evolving (#Bank Info Security)
Business email compromise attacks, also known as “masquerading” or invoice scams, are becoming more sophisticated and pervasive, and small businesses are the primary targets, says Joseph Opacki, vice president of threat research at security firm PhishLabs.
Gas Theft Gangs Fuel Pump Skimming Scams (#KrebsOnSecurity)
Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam: Crooks embed skimming devices inside fuel station pumps to steal credit card data from customers. Thieves then clone the cards and use them to steal hundreds of gallons of gas at multiple filling stations. The gas is pumped into hollowed-out trucks and vans, which ferry the fuel to a giant tanker truck. The criminals then sell and deliver the gas at cut rate prices to shady and complicit fuel station owners.
Holiday scams that will be donning your inbox soon (#CSO)
Just like Santa, cybercriminals are busy making their toys. It’s a great time for IT to remind employees the poisonous gifts that were given last year. It’s likely you’ll see them (or some form of them) again this year.
Hack Brief: Hacker Strikes Kids’ Gadget Maker VTech to Steal 5 Million Accounts (#WIRED)
On Monday, children’s electronics manufacturer VTech acknowledged that a data breach on November 14 affected 5 million customer accounts, along with the user profiles of kids connected to those accounts. The hack, first reported by Motherboard over the holiday weekend, specifically targeted VTech’s “Learning Lodge” app store database.
Hackers turn up their noses at Darkode forum resurrection (#ZDNet)
The Darkode black market, once a hotbed of software exploits and hacking tools, is clinging on to life despite the best efforts of law enforcement — but is now little more than a shadow of its former self.
Robot that was “busted” for buying drugs on the Dark Web is back (#Naked Security)
Random Darknet Shopper, a bot that was busted earlier this year by prosecutors for buying ecstasy on a Dark Web marketplace, is back at it again.
Web Scripting Languages Fail OWASP Top 10 (#Info Security)
Some 80% of applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, according to new research conducted by Veracode.
JD Wetherspoon hit by cyber attack (#Financial Times)
You’re going to get annoyed this holiday season dealing with new chip-card readers, now making their way into stores. I know I have. It will take time before they perfect this technology.
Domination: Crims steal admin logins, infect sites, drop Cryptowall 4 (#The Register)
Virus slingers who find themselves unsatisfied by merely ruining computers with ransomware are now first stealing a victim’s admin passwords to enslave their websites into attack campaigns.
Notable news stories and security related happenings:
CyberSecure: Using a Crisis as an Opportunity to Protect and Enhance the Company’s Reputation. “The realization that all companies will inevitably experience a data breach at some point exposes the need for a strong communication strategy to preserve a company’s reputation. More than 70 percent of global organizations are expected to experience a breach in the next three years.” (Source: #LegalTech News)
Telegram Android App is a Stalker’s Dream. “Popular instant messaging service Telegram provides optional end-to-end encrypted messaging and, in general, is highly focused on protecting user privacy. Despite these efforts, some security experts have advised against using it if you want to keep your identity and your messages secret.” (Source: #Help Net Security)
Some Raspberry Pi Devices Have Predictable SSH Host Keys. “Raspberry Pi devices running on Raspbian may need to be patched to avoid a security issue that results in the device generating weak and predictable SSH keys” (Source: #Softpedia)
Team America, World Police, Take Down 37,479 Counterfeit Sites. “A band of merry world police lead by the United States Customs and Border Protection service shut down 37,479 copyright-infringing websites hawking counterfeit goods in the lead up to the Cyber Monday buying blitz. The takedown involved varying forms of collaboration between 27 countries including the Britain, France, Denmark, and Spain.” (Source: #The Register)
Bring Your Own Debate: Balancing Risk and Reward in BYOD Policies. “In the past decade, mobile computing has fundamentally changed the way that we work, live and interact with one another. And as a direct result of that paradigm shift, we no longer view the world through window panes, but rather through the small glass displays we keep in our pockets.” (Source: #LegalTech News)
Hacked Toymaker Leaked Gigabytes Worth of Kids’ Headshots and Chat Logs. “VTech, the hacked maker of electronic toys and apps that leaked the data of 4.8 million customers, including hundreds of thousands of children, exposed gigabytes’ worth of pictures and chat histories on the same compromised servers, according to an article published on Motherboard, the website that first broke news of the breach.” (Source: #Ars Technica)
Americans Say It is Riskier to Use Public Wi-Fi than a Public Restroom: Survey. “Although consumers consistently give themselves a solid A when it comes to grading their online security behaviors, most leave their information vulnerable.” (Source: #LegalTech News)
Popular 3G/4G Data Dongles are Desperately Vulnerable, Say Hackers. “Cellular modems from four vendors have been popped by security researchers, who have documented cross-site scripting (XSS), cross-site request forgery (CSRF), remote code execution (RCE) and integrity attacks on the products.” (Source: #The Register)
How Facebook Bakes Security into Corporate Culture. “Sophisticated systems and advanced engineering capabilities are critical for scaling security at Facebook, and we’re fortunate to have them. However, one of our most powerful defenses is something businesses of any size can develop: a strong security culture.” (Source: #Dark Reading)
Gas Theft Gangs Fuel Pump Skimming Scams. “Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam: Crooks embed skimming devices inside fuel station pumps to steal credit card data from customers. Thieves then clone the cards and use them to steal hundreds of gallons of gas at multiple filling stations.” (Source: #Krebs on Security)
Phishing Blast Uses Dropbox to Target Hong Kong Journalists. “Researchers at FireEye have disclosed an ongoing Phishing campaign that’s using Dropbox as a delivery platform. The campaign is ran by a group that researchers have named “admin@338″ and it’s targeting media organizations in Hong Kong that publish pro-democracy materials.” (Source: #CSO Online)
Custom Secure Apps are Gaining Popularity in the Enterprise. “For the fourth quarter in a row, secure browser led all app categories, growing 57 percent quarter-over-quarter to account for 37 percent of all apps deployed by organizations. Custom apps, secure IM, document access and document editing followed as the next most popular app categories.” (Source: #Help Net Security)
Scammers Threatening Users with Apple ID Suspension Phishing Scam. “A phishing email has been discovered alerting Apple users that their Apple ID would be suspended if they do not complete a verification within time. The email further states that the user supposedly didn’t respond to a previous warning email and now it is compulsory to click on “verify now” button to complete the pending verification.” (Source: #HackRead)
App Broke ‘Every Rule in the Book’, Leaving Billboards Open to the Threat of Real-life Ad-blocking. “OutdoorLink Inc. has patched several vulnerabilities in its SmartLink Systems app that could have allowed an attacker to assume control of outdoor electronic billboards and compromise users’ login credentials […] Its mobile app, SmartLink Systems, allows users to assume remote control and monitoring of their OutdoorLink-connected billboard via the use of their phone or tablet.” (Source: #Graham Cluley’s Blog)
WebEx Android App Users Told to Update ASAP, Due to Risk of Attack. “…And that point is driven home once again, by an alert issued by Cisco telling users of its WebEx Meetings business conferencing app to urgent update their Android software, after a serious security flaw was discovered. More than five million Android users are thought to have installed the app.” (Source: #Tripwire’s The State of Security Blog)