Cybercrime Week in Review 12 September 2015
Did FFIEC guidelines curb account takeover? Survey says… (PhishLabs) In a recent study conducted by Info Security Media Group (ISMG), respondents indicated that, despite efforts to comply with updated authentication guidance set forth by the Federal Financial Institutions Examination Council (FFIEC), account takeover (ATO) has not decreased. In fact, 71 percent of respondents said that account takeover incidents either stayed the same or increased over the past year.
One password gifts hacker with hundreds of Firefox bugs, vulnerabilities (ZD Net) Mozilla has admitted an attacker was able to access a treasure trove of Firefox bugs and used at least one security vulnerability against users as a result.
Sophisticated Carbanak Banking Malware Returns, With Upgrades (Bank Info Security) Recently, four new variants of Carbanak have been used to target victims in the United States and Europe via spear-phishing attacks, warns Denmark-based CSIS Security Group (see Cybercrime Gang: Fraud Estimates Hit $1 Billion). CSIS says the attacks mark a resurgence of activity from the cybercrime gang, which experts say went quiet after their attack campaigns were described by three different security firms, beginning in December 2014.
LogMeOnce: Password manager takes a photo of anyone trying to hack into your accounts (IB Times) Police from around the UK, working with the country’s National Crime Agency (NCA), have arrested six teenagers in connection with the ‘malicious deployment’ of Lizard Squad DDoS tool LizardStresser.
UK Tops European Data Breach Table (Info Security) The UK suffered the most data breaches in Europe during the first half of 2015, coming second globally only to the United States, according to new data from Gemalto.
Turla cyberespionage group exploits satellite Internet links for anonymity (CSO) A cyberespionage group of Russian origin that targets governmental, diplomatic, military, educational and research organizations is hijacking satellite-based Internet connections in order to hide their servers from security researchers and law enforcement agencies.
This big U.S. health insurer just got hacked (Fortune) Excellus BlueCross BlueShield announced Wednesday that more than 10 million of its customers’ information has been exposed in a massive cyberattack. The breach mainly affects residents of upstate New York, where the health insurance company is based.
Stolen storage device leads to loss of customer bank and personal data (Naked Security) The personal details of thousands of Lloyds Bank account holders have gone missing following the suspected theft of a data storage box.
In other Security News…
Health Insurer Breached, Attacks on DOE, McAfee for President
Danish cybersecurity researchers have discovered new, more sophisticated variants of the evasive Carbanak banking malware – the campaign which led cybercriminals to successfully exfiltrate nearly $1 billion from dozens of banks and financial institutions worldwide. “From our analysis, it comes clear that Carbanak has returned and has been confirmed targeting large corporations in Europe and in the USA,” explained Peter Kruse, security specialist at Heimdal Security. Kruse warned that at least four new variants have been observed targeting key financial personnel via spear phishing attacks.
Health insurer Excellus BlueCross BlueShield announced this week that it had recently learned of a “sophisticated” cyber attack on its systems initially dating back to December of 2013. The company stated the breach may have led to the exposure of the personal information of over 10 million plan members, including claims and financial account information. As of yet, the company assured no evidence points to the misuse of such data.
In regards to online fraud, a new study from ThreatMetrix revealed that the UK was the most attacked nation in the world in Q2, with businesses being hit 50 percent more frequently than companies in the United States. Meanwhile, the second highest originators of cyber crime were also found to be based in the UK, after US-based criminals. According to the report, fraudulent attacks rose 20 percent in the second quarter of 2015.
The eccentric anti-virus pioneer, millionaire and former fugitive, John McAfee, has officially announced his plans to join the 2016 presidential race. In his campaign announcement, McAfee introduced his newly formed Cyber Party.
“The goal of the Cyber Party is quite simple: we aim to speed up the rate the federal government adopts new technology, without sacrificing American freedom and privacy.” – cyberparty.org
The very confident candidate claimed his “vey huge fan base” will help make him a promising contender. “We are losing privacy at an alarming rate – we have none left,” McAffee told CNN. “We’re given up so much for the illusion of security and our government is dysfunctional.”
Independent security journalist Brian Krebs reported authorities in Cyprus and Norway have arrested several key individuals believed to have been behind the development and deployment of highly sophisticated banking malware, including Citadel and Dridex. According to Krebs, the arrests involved a Russian national and Moldovan man, whom were traveling or residing outside their native countries and are now facing extradition to the US.
A USA TODAY report unveiled that the systems of the US Department of Energy (DOE) were breached more than 150 times between 2010 and 2014. Federal records obtained by the publication showed that DOE components were targeted more than 1,100 times over a 48-month period – 159 of those were successful. Furthermore, in a third of these cases, attackers were able to gain administrative access to the compromised systems. “The USA’s federal records are the tip of the iceberg when it comes to attacks against the global energy sector,” ICS security consultant Jalal Bouhdada told SecurityWeek. “With a growing number of ICS vulnerabilities and exploits being uncovered, it is clear critical infrastructure is seen as a highly susceptible and lucrative target.
Notable news stories and security related happenings:
Who can Stop Malware? It Starts with Advertisers. “Malware masquerading as advertising is a growing problem, and the ad industry must figure out how to weed out scammers from legitimate companies.” (Source: #InfoWorld)
Domain Hijacking Spear-Phisher Foiled by the Last Line of Defense — Paranoia. “As the old joke goes, “Just because you’re paranoid doesn’t mean that everybody isn’t out to get you.” Based on the contents of my e-mail inbox lately, I can confirm that my paranoia is well-founded.” (Source: #Ars Technica)
Lawyers Are Prone to Fall for Email Scams. “The truth hurts, but that’s what Verizon’s 2015 Data Breach Investigations Report seem to suggest. As lawyers Karen Rubin and Tom Zych of Thompson Hine note with alarm, the report finds that a company’s legal department is ‘far more likely to actually open [a phishing] e-mail than all other departments.’” (Source: #The American Lawyer)
How Employees Become Pawns for Hackers. “Employees are the greatest security risks, especially since they are prone to be used as pawns for hackers. That’s why they are vulnerable to attacks.” (Source: #Security Affairs)
Warning from Millennials: Tighten Online Security or Lose Our Custom. “95% of Millennials believe their digital identities are not completely protected by appropriate and effective security measures. That’s according to a survey by Intercede as the findings of a new consumer survey that suggests Millennials in the U.S and UK are losing trust in today’s digital economy.” (Source: #Talk Business Magazine)
iCloud Photo Leak and Cyber Security: What the Experts Say. “Security experts believe that many of the issues that existed before the iCloud photo leak still exist today, whether it be human error-based or new vulnerabilities in technology discovered by hackers.” (Source: #The Irish Examiner)
KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones. “Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims.” (Source: #Kaspersky Labs’s ThreatPost)
Russian-Speaking Hackers Breach 97 Websites, Many of Them Dating Ones. “None of the dating sites are nearly as prominent as Ashley Madison, which saw sensitive company information, emails, internal documents and details of 30 million registered users released in a devastating data breach. Holden said this Russian-speaking group is not related to Impact Team, which claimed credit for the intrusion into Ashley Madison.” (Source: #CIO)
Ransomware Growing Rapidly, Warns Intel’s McAfee Labs. “The total number of ransomware samples is also up, by 127% compared with the second quarter of 2014, the report said, attributing the increase mainly to rapidly-growing new ransomware families such as CTB-Locker and CryptoWall.” (Source: #Computer Weekly)
Shifu Banking Trojan Comes with Its Own Antivirus to Keep Other Malware at Bay. “The defenses of Japanese banks and financial institutions are being put under a serious test these days by a new banking Trojan created from a mix of previously detected malware.” (Source: #Softpedia)
Should the Removal of Personal Info Posted Online be a Human Right? “69% of online Americans agree that the ‘Right to be Forgotten’ should be a human right, 29% think it allows for censorship. Only 16% think the ‘right to be forgotten’ is not practical.” (Source: #Help Net Security)
CoreBot Can Steal Your Credentials, Download and Execute Malware. “This stealer malware is specifically designed with ample strength that it is quite easy to steal data from targeted victim and have the capability to control the computer, reveals a security report published by IBM.” (Source: #HackRead)
Apple vs. Android: Mobile Security Pros and Cons. “Both Apple’s iOS and Android have security strengths and weaknesses, experts say.” (Source: #eSecurity Planet)
26 Mobile Phone Models Contain Pre-Installed Spyware. “Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.” (Source: #InfoSecurity)
Finance and HR Staff Labeled Biggest Security Risks. “Finance and HR employees represent the biggest cybersecurity threat to organizations of any department, according to new research from security firm Clearswift. Nearly half (48%) of respondents claimed finance departments and their employees posed the biggest threat, versus 42% for HR.” (Source: #InfoSecurity)
Belkin Wi-Fi Routers at Risk from Multiple Vulnerabilities. “According to an advisory by US-CERT, The Belkin N600 DB Wireless Dual Band N+ router model F9K1102 v2 with firmware version 2.10.17 has flaws that could allow a hacker to arbitrarily inject files, perform man-in-the-middle attacks and forge cross-site requests.” (Source: #SC Magazine)
RedHat Security Finds Multiple Network Devices Leak ‘RSA-CRT’ Keys. “PFS helps address the event an attacker captures HTTPS encrypted sessions and later acquires the key to decrypt them, say under a warrant. Instead of relying on a single key for multiple sessions, with PFS a new key is generated for every encrypted session, making it more costly for an attacker decrypt. But a side-effect of the increased use of PFS is that it’s exposed an additional weakness in TLS that an attacker with little computing power could use to recover a server’s private RSA key.” (Source: #CSO)
Android Ransomware Uses XMPP Chat to Call Home, Claims It’s from NSA. “The updated version of Simplocker masquerades on app stores and download pages as a legitimate application, and uses an open instant messaging protocol to connect to command and control servers.” (Source: #Ars Technica)
Cybercrime by Wire Fraud – What’s Covered? “Perhaps the only thing worse than falling victim to a business email compromise or “CEO fraud” that results in millions of dollars in wire fraud theft – is wondering whether your insurance will cover any of the loss.” (Source: #CSO Online)
ReverbNation Notifies Users of Breach, Recommends Changing Passwords. “ReverbNation – an online platform that currently assists more than three million musicians in building their careers – experienced a breach in 2014, and is now notifying an undisclosed number of users and asking them to change their passwords.” (Source: #SC Magazine)
Self-Hacking: Corporations Start Thinking Like Criminals. “According to Bloomberg, companies like Barclays are now trying a new tactic: self-hacking. Can security professionals acting like criminals really help enterprises stay one step ahead?” (Source: #Security Intelligence)