Issue 92- Week of Nov 21st

1.      Madison Square Garden admits hackers spent a year harvesting visitor credit-card data: Card issuing banks noticed suspicious patterns and notified MSG. After investigation, MSG has revealed that for a year malware has been capturing payment-card data from a system that processes payments for several of its properties. MSG warned customers that the breach had exposed customer data held on the magnetic strip of credit cards, including card numbers, cardholder names, expiration dates, and internal verification codes. Exact number of victims is not known, though it is known fact that millions of people visit MSG every year.

2.      Hackers attack Canada Army site, redirect visitors to China: Canada’s Defense Ministry has confirmed that hackers recently attacked its armed forces recruitment website and changed configurations redirecting visitors to the Chinese government’s official page instead, says a Reuters report. Canadian authorities have in the past complained of the country’s official network being frequently targeted by hackers. An official complaint had even been lodged with Beijing in 2014 about Chinese hackers compromising a key network system.

3.      FBI hacked into 8,000 Computers in 120 Countries using a single warrant: While investigating a child pornography website, the FBI used a malware on the site to gather details of all its visitors. FBI admitted in a court filing that they used the single warrant to hack 8000 computers in 120 countries.

4.      Hackers are targeting ATMs and stealing wads of cash: Issue 79 - we discussed - 'ATMs in Thailand hacked; 12 Million Baht stolen'. Now according to a Russian cyber security firm, cyber crooks have remotely infected ATMs with malware in more than dozen countries across Europe this year, which forces machines to spit out cash. The world's two largest ATM manufacturers, Diebold Nixdorf and NCR Corp., said they were aware of the ATM attacks and had already been working with their customers to mitigate the threat.

5.      Telecrypt Ransomware cracked, free Decryptor released: TeleCrypt, is a typical ransomware. For Russian victims, the blackmailing message is in Russian and they demand a ransom of 5,000 rubles ($77). Some of its unusual features are that it abuses Telegram Messenger's communication protocol to send decryption keys and other communication. If the victim has an unencrypted version of the file, Researchers can use this as an sample to generate the decryption key and thus easily crack this Ransomware.

6.      Locky ransomware spreading on Facebook Messenger via JPG file: Early part of last week - it was reported that a Malware in the form of .SVG image files was being spread using Facebook Messenger. Compromised FB accounts were extensively used to spread the Malware. Later part of last week - experts discovered how cyber criminals are hiding malware in image files, and how they are executing the malware code within these images to infect social media users with Locky variants. We discussed Locky way back in Issue 52, it has since become the biggest and most common Ransomware.

7.      Stampado ransomware gets worm-like techniques to spread in network: Stampado ransomware is available for sale on the dark web for $39, the seller describes this as a easy to manage ransomware with life time license. This ransomware also has capabilities to spread in the network like a worm and re-encrypt already encrypted files. It installs itself in the %AppData% folder under the name scvhost.exe, a slight deviation on a genuine Windows process named svchost.exe, and creates a registry entry to load automatically. Researchers advise victims not to pay the ransom, stating that it's possible to decrypt files infected by Stampado on their own.

8.      Headphones can be used to Spy - even with disabled Microphone: Issue 70, we saw the picture of Mark Zuckerberg with his laptop’s Webcam and Microphone taped for Privacy. Researchers have now shown that even if one tapes his camera and microphone, it is possible to turn headphones into a microphone by turning the output channel on the laptop for input signal, in order to spy on all the conversations in the background without user's knowledge. This malware is dubbed as 'Speake(a)r'.

9.      NTP DoS exploit released: A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet. The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and improvements.

PM Modi urges India to go Cashless / Less-Cash: After the demonetization process started 3 weeks ago, there has been a great push towards cashless society, while this is a welcome move - the experts are cautionary. They say that Cyber Security is clear and present danger and it is here to stay. Major concerns include - Card cloning, Malware infections, Card theft and misuse. Building awareness can help in keeping the crime under check. If these security issues result in declined / failed transactions - people will revert to the older ways of handling cash, slowing down the process of going cashless