1. IRS defeats 'automated attack'
against tax e-filing systems: e-Taxpayers
are given a five-digit e-filing code, used to authenticate the user when filing
taxes. Hackers used an automated Bot to generate these codes with 464,000
stolen Social Security Numbers. The codes would have given them access to lot
of information about those tax payers. Though the bot successfully generated
e-filing codes for over 101,000 Social Security numbers, No taxpayer data was
compromised or disclosed by IRS systems The tax agency wasn't so lucky last
year when it was hit by a data breach, in which hackers pilfered tax
information of more than 100,000 Americans.
2. US Govt. looking for CISO: After a series of high-profile attacks against US government
departments, agencies, and systems - President Barack Obama announced a $5
billion hike in cybersecurity spending, taking the total funding to $19
billion, in an effort to make cyber-defenses and protections a top priority.
The Obama administration also set out to hire its first chief information
security officer to take on federal responsibility for cybersecurity policy and
strategy.
3. Cops arrest teen for hack and leak of
Dept. of Homeland Security (DHS), FBI data: A 16-year-old boy
living in England has been arrested in connection with the recent hack of FBI
and DHS data, as well as the personal
email accounts of CIA director. The boy stole and leaked the names,
titles and contact information for 20,000 FBI employees and 9,000 DHS
employees. This was possible through a compromised Department of Justice email.
The teen is suspected of being the leader of a group of hackers who call
themselves “Crackas with Attitude” or CWA.
4. Ukraine railway, mining company attacked
with BlackEnergy malware:
Weeks after the malware played a role in
'first known hacker-caused power outage' in Ukraine, BlackEnergy and its cohort
KillDisk were used in attacks on mining and rail transportation firms as well.
BlackEnergy has been floating around since 2011 and was originally used to
collect information from industrial control systems. The US ICS-CERT issued a
new YARA signature for detecting BlackEnergy. Everything that relies on an
industrial control system, whether it be an oil and gas facility, a pipeline, a
ship or a power generator could be compromised by this malware.
5. Poseidon cybercriminals - first hack,
then blackmail to sign contract: Poseidon launches spear
phishing campaigns specifically tailored for victim companies, and they may
include job applications with resumes for specific posts sent to HR. The
phishing emails contain malicious RTF or DOC files. If the attachment is
opened, the malware connects to the attacker's command and control (C&C)
center and launches IGT malware (also called 'treasure stealer'). IGT now knows
the apps, commands and vulnerabilities that can exploit this network. Armed
with this data, they approach the victim and force them to sign Poseidon as
their 'security consultants'. If a company refuses to hire them - they leak all
stolen information. There are 35 Enterprise players across the US, France,
Kazakhstan, UAE, India and Russia that have become targets, although Poseidon
heavily leans upon businesses within Brazil.
6. AlienSpy RAT strikes over 400,000
victims worldwide: Also known as Adwind, this malware is a Remote Access
Tool (RAT) based on Java which is distributed using a malware-as-a-service
platform. Hackers rent this platform and begin by sending the payload via
Phishing campaigns. If a victim opens the email attachment, the malware
installs itself on the PC and attempts to communicate with the operator's
command and control (C&C) server for additional instructions. The malware
is able to collect keystrokes, steal cached passwords and data submitted
through Web forms, take screenshots and pictures, as well as record video and
sound. Half of the RAT's victims were based in the UAE, Germany, India, US,
Italy, Russia, Vietnam, Hong Kong, Turkey and Taiwan. It is believed that
subscriptions to the MaaS platform generate an annual income of approximately
$200,000.
7. Valentine's Day Inspires DDoS Attacks
Against Online Florists:
Several online florists experienced a surge
in their traffic during the week leading to Valentine's day. Contrary to what
some might expect, the traffic did not appear to be opportunistic in nature.
Rather, it looked as if the florists were being individually targeted in
denial-of-service campaigns apparently designed to extort money from them. The
sudden spike in malicious traffic directed at online florists reflects a common
tendency among cyber crooks to escalate malware campaigns and attacks around
seasonal events and major news happenings.
8. IoT Could Be Used by Spies, U.S.
Intelligence Chief Says:
Billions of new systems, devices and sensors
connecting each year - widens the attack surface for hackers. Add to this, lack
of security in many of these connected devices and their growing popularity in
homes and businesses, makes the issue very concerning. But it's not all bad
news, especially for spies: while these badly-designed devices will undermine
security, the flip-side of that means ‘new opportunities for spies to collect
intelligence’. It's not hard to think of scenarios where poorly secured devices
in the home, from toys with built-in webcams to home automation systems, could
be hacked into and used by intelligence agencies to gather all sorts of
information.
9. Pakistani man admits to massive
telephone hacking scheme:
Last week, A Pakistani man admitted to his
role in a massive hacking scheme, in which he broke into various companies
EPABX, found unused numbers and directed them to dial into premium telephone
lines controlled by his criminal organization. AT&T paid the phony
companies set up by the criminal group for the phone calls and collected the
costs from the businesses that got hacked. The man also admitted to laundering
$19.6 Million, the money ill-earned through this telecom fraud scam.
10. Metel APT hacking group rolls back ATM
transactions to dupe banks:
Metel targets financial institutions through
APT-style spying missions and custom malware. It's new tactic- is to gain
control over bank machines which have access to transactions - such as support
center PCs. Once this is done, the hackers legally withdraw money from
the ATM of different Bank. After the cash is drawn, the hackers using their
access to support center PCs - cancel the transaction and that rolls back the
money drawn, back to the account. Now the hacker goes to another bank's ATM and
draws money using the same card which is then followed by rolling back
the transaction. This is repeated several times during one night or on a
holiday, the victim bank can only figure this out the next day.
No comments:
Post a Comment