10Fold – Security Never Sleeps – 71

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: The British government will now allow immigration officials to hack refugees phones. A botnet took control of 4,000 Linux computers and forced them to blast spam for over a year before the whole operation was shut down.  An analysis of Dridex infrastructure shows dangerous changes, potentially new operators.

Immigration officials allowed to hack phones of refugees and asylum seekers – Publication: BetaNews – Reporter name: Mark Wilson

The British government secretly rolled out powers that permitted the immigration officials to hack the mobile phones of asylum seekers and refugees, the Observer reveals. The Home Office has confirmed the hacking powers which have sparked outrage from privacy and human rights groups. In a statement about the powers afforded immigration officials, immigration minister James Brokenshire said: “They may only use the power to investigate and prevent serious crime which relates to an immigration or nationality offence, and have done so since 2013”.


Researchers help shut down spam botnet that enslaved 4,000 Linux machines – Publication: Ars Technica – Reporter name: Dan Goodin

A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom “packer” to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines’ operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service.


FBI Cyber Warning: Ignore Your CEO’s E-Mail And Phone Her Back — Or Your Company May Pay For It – Publication: Forbes – Reporter name: Steve Morgan

The FBI is warning people about a business email scheme which has resulted in huge losses to companies in Phoenix and other U.S. cities. A CEO seemingly emails an employee — typically in a finance or administrative role — instructing them to perform a wire transfer. The employee follows directions and executes the wire. Money is successfully transferred from the CEO’s company to another party. Turns out the CEO didn’t send the email. The CEO’s email identity was spoofed by a cybercriminal who sent the email. E-Mail spoofing is a widespread hacker practice involving the forgery of an e-mail header.


Dridex Malware Now Used For Stealing Payment Card Data– Publication: Dark Reading – Reporter name: Jai Vijayan

New analysis of the command and control panel and attack mechanisms of the Dridex banking Trojan shows the malware is being used in a wider range of malicious campaigns — and likely by a different set of threat actors than before. Spain-based security vendor buguroo says it recently was able to leverage a surprisingly easy-to-exploit weakness in the C&C infrastructure of Dridex to gain unprecedented visibility into how exactly the malware is being used. The analysis shows that Dridex is no longer being used just to hijack online banking sessions in order to transfer money from a victim’s account to fraudulent accounts, says Pablo de la Riva Ferrezuelo, chief technology officer and co-founder of buguroo.