10Fold – Security Never Sleeps – 78

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Bangladesh Bank attackers used custom malware that hijacked SWIFT software – the malware deleted transaction records from the database and printed out altered SWIFT confirmation messages. Director of National Intelligence James Clapper said Monday his office was looking at “several options” to publicly disclose an estimate of the number of U.S. persons caught incidentally in Internet surveillance intended for foreign targets. Citing a recent and large increase in credit card fraud, Washington, DC-area grocer Giant Food says it will no longer allow customers to use credit cards when purchasing gift cards and reloadable or prepaid debit cards. Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an “exploit kit” Web service that deployed malware onto victims’ computers through malicious websites

Bangladesh Bank attackers used custom malware that hijacked SWIFT software – Publication: NetworkWorld – Reporter name: Lucian Constantin

The hackers who stole US $81 million from Bangladesh’s central bank likely used custom malware designed to interfere with the SWIFT transaction software used by many financial institutions. The attackers attempted to transfer $951 million out of Bangladesh Bank’s account at the Federal Reserve Bank of New York in February, but most of the transfers were blocked before completion. The attackers did manage to send $81 million to accounts in the Philippines, and that money is still missing. Researchers from BAE Systems have recently come across several malware components that they believe are part of a custom attack toolkit that was likely used in the heist.


U.S. exploring ways to disclose number of Americans caught in data grabs: spy chief – Publication: Reuters- Reporter name: STAFF

Director of National Intelligence James Clapper said Monday his office was looking at “several options” to publicly disclose an estimate of the number of U.S. persons caught incidentally in Internet surveillance intended for foreign targets. Clapper’s comments came in response to a letter sent last week by 14 bipartisan lawmakers in the U.S. House of Representatives, pressing the country’s top spy to provide a public estimate of the number of Americans ensnared in data grabs of foreign Internet communications traffic. They said the information was needed to gauge possible reforms to the controversial program.


 Giant Food Sees Giant Card Fraud Spike – Publication: Krebs on Security – Reporter name: Brian Krebs

One of the easiest ways thieves can cash out? Walk into a grocery or retail store and buy prepaid gift cards using stolen credit cards. Such transactions — if successful — effectively launder money by converting the stolen item (counterfeit/stolen card) into a good that is equivalent to cash or can be easily resold for cash (gift cards). “Giant has recently made a change in procedures for purchasing gift cards because of a large increase of fraudulent gift card purchasing,” the company said. “Giant will now accept only a Bank PIN-based debit card or cash for all VISA, MasterCard, and American Express gift cards, as well as re-loadable and prepaid gift cards. This change has been made in order to mitigate potential fraud risk.”


“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings – Publication: Ars Technica – Reporter name: Sean Gallagher

While a significant percentage of Nuclear’s infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic. Introduced in 2010, Nuclear has been used to target millions of victims worldwide, giving attackers the ability to tailor their attacks to specific locations and computer configurations. Though not as widely used as the well-known Angler exploit kit, it has been responsible for dropping Locky and other crypto-ransomware onto more than 140,000 computers in more than 200 countries, according to statistics collected by Check Point (PDF). The Locky campaign appeared to be placing the greatest demand on the Nuclear pay-to-exploit service.