1.
Cyber-scammers steal $54 million from Austrian Airplane manufacturer: Last week, FACC
announced that its finance department had become a victim to cyber-crime
executed from outside of the company in which it roughly lost $54 million.
According to experts, the incident is a classic CEO Fraud incident, also known
as Business
Email Compromise (BEC), in which, attackers send emails to company
employees or CEOs, posing as other employees or partners, asking for urgent
money transfers. If staff members don't double-check big money transfers via
telephone calls, fraudsters can trick employees into sending large amounts of
cash to accounts under their control.
2.
Linux malware:
Malware researchers have identified a new Trojan (Linux.BackDoor.Xunpes.1) for
Linux devices that takes screenshots and
logs keystrokes. The malware runs a package creating a backdoor that
establishes an encrypted connection to a remote server that executes several
commands, including ones for taking screenshots and logging keystrokes, and
then re-transmits the resulting data. Last week another Linux malware was also
detected (Linux.Ekoms.1). This takes screenshots every 30 seconds and sends
them to a remote server. Nov’15 - thousands
of sites infected with Linux encryption ransomware were detected.
3.
Public Holidays Website Leads to RIG EK & Drive-by Download of
Qakbot Malware: Researchers have found evidence that a famous 'public holiday'
website called Officeholiday[.]com was hacked last week and visitors to this
site were silently redirected to an exploit kit called RIG. This kit attempts
to find and exploit vulnerabilities in Adobe Flash Player on the system in
order to download the Qakbot malware. Qakbot is capable of stealing passwords,
certificates, cookies & browser traffic. The malware was also in news last
week after it downed Melbourne Health's systems.
4.
Angler exploit kit & CryptoWall 4.0 ransomware update: We discussed
this combo in issue
41, since then, Angler has become one of the largest exploit kit found
in the market and has been making news for its ransomware campaigns. It is
estimated that Angler now infects 90,000 victims a day and generates more than
$60M annually. Several servers running these campaigns have been identified and
details published, it is believed that this will dent Angler income by 50%.
5.
TeslaCrypt 2.0 cracked, victims need not pay ransom: The flaw leveraged by researchers to crack the ransomware - is not in the encryption algorithm itself, but rather how encryption
keys are stashed on a victim's PC. Given today computing capabilities, researchers
were able to build tools that could retrieve the keys and decrypt the machines
without having to pay any ransom. Unfortunately, the latest 3.0 version of the
malware has patched the design flaw.
6.
Kovter Actors Now Turning Machines Into Zombies: Kovter is one of the oldest malware
strains around, one that has adapted to fit various needs and niches, and
survived mainly as a click-fraud toolkit, ideal for making a quick buck out of
online ads. The malware is distributed using malicious emails with ZIP attachments
and subject lines like ‘Notice to Appear
in Court’ or 'You have received a new
fax'. When opened, these ZIP files automatically execute a JavaScript file
which connects to a Web server and downloads the Kovter malware, which could
then either - run a proxy or a bot on the machine to create ad impressions that
are seen by no one but often get charged to marketers as a viewed promotion. It
is estimated that bots will inflict $7.2 billion in damages to digital
advertisers in the coming year.
7.
Ad blockers - Google reveals it now has over 1,000 staff just fighting
bad ads: Google
says last year it eliminated 780 million "plain bad" ads carrying
malware, promoting fake goods or leading to phishing sites. Malvertising
has become a popular mechanism for distributing malware, it harms internet
users and threatens the multi-billion dollar ad industry. Google developed a
similar humans and machine strategy for combating bad apps on Google Play, last
year hiring its first human reviewers to help identify apps that violate its
store policies.
8.
AMX fixes backdoor vulnerability 10 months on: AMX, owned by
HARMAN International, is a manufacturer of video switching and control devices.
Way back in March last year it was discovered that an administrative account
with hardcoded credentials was added to an internal user database that can be
used to access SSH and its web interface. This "Black Widow" account
was deliberately hidden and had additional features like- ‘packet capture’ on the
network interface which not even an administrator account could perform. The
company claims they have released firmware updates for the affected products,
while denying the account was deliberately hidden. AMX's client portfolio
includes The White House, Fortune 100 companies and various other departments. Juniper
and Fortinet have had similar issues.
9.
'Asacub' Trojan converted to mobile banking weapon: This Trojan has
been around since last June and was originally used for stealing browser
histories, contact lists, and other data from infected mobiles- including
incoming SMS messages. Last week it was found that the new versions of the
Trojan contained phishing screens with the logos of major European banks -
designed to steal credentials. It also had additional capabilities like
tracking and sending current location data, and taking a snapshot using the
device camera. Other Mobile malware discovered recently include - Bankosy,
Faketoken (Steals OTP) & SlemBunk, Marcher (steals credentials using rigged
lookalike apps).
No comments:
Post a Comment