10Fold – Security Never Sleeps – 79

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Netcraft researchers have discovered an extremely convincing Facebook phishing attack – the fraudsters made it look like the fake “Facebook Page Verification” form they’ve asked the victims to fill and submit is legitimate, as the page serving it is on a Facebook subdomain. One cyber underground group saw a golden opportunity and created Ran$umBin, a Dark Web service that acts as a one-stop shop for monetizing ransomware. As the Republican presidential contenders, Sen. Ted Cruz and Gov. John Kasich, battle over who can best protect America, at least two candidates are having trouble protecting potential voters’ personal information on their campaign apps. Hacking group “PLATINUM” used Windows’ own patching system against it, the unknown group has been attacking targets in South East Asia since at least 2009, with Malaysia being its biggest victim, with just over half the attacks, and Indonesia in second place.

Facebook made to serve phishing forms to users – Publication: Help Net Security – Reporter name: Zeljka Zorz

The phishers have registered Facebook apps, and have managed to load the form inside it via iframes. The form is hosted on the crooks’ own servers, which also uses HTTPS, so no warnings about unsecure connections will pop up. Another trick up the fraudsters’ sleeve is that they made the form return an “incorrect credentials” notification the first time the user submits them (whether they are correct or not). This trick is used to convince the most suspicious users, who might have inserted incorrect credentials on purpose, that the form works as it should and is legitimate.


Crowdsourcing The Dark Web: A One-Stop Ran$om Shop – Publication: Dark Reading- Reporter name: STAFF

The website is dedicated to criminals and victims alike: it lets criminals upload stolen data (embarrassing information, user credentials, credit data, stolen identities, and any other kind of cyber-loot), and lets victims pay for the removal of said stolen data from the Dark Web, where it could be bought by any cybercriminal who’s willing to pay. Ran$umBin has been active for under two months; it is very user-friendly and its business model is simple: hackers can upload stolen data and either sell it to other criminals or extort the data’s owner – while the site takes commission. The site’s cut is based on who the data owner is: criminals who want to buy data belonging to a pedophile would pay $100 and the site would take a 30% commission; if a criminal is looking for data belonging to a celebrity or a law enforcement representative, the price could be double and the commission would climb to 40%. Alternatively, the hacker who uploads the data can choose their own ransom demand and simply send their victim instructions on how to log in to Ran$umBin and pay. I’ve seen several Dox markets, but this one truly stands out: it’s a platform where any criminal can use what other criminals have stolen, like a cyber-ransom Uber or AirBnB.


 Cruz, Kasich campaign apps under scrutiny over security issues – Publication: Fox News – Reporter name: STAFF

The official apps for GOP candidates Sen. Ted Cruz and Gov. John Kasich have come under scrutiny after a Monday report from cybersecurity firm Symantec found users’ data was improperly secured and vulnerable to hackers. Symantec’s analysis used a test that collects unencrypted personal data being transmitted from phones running the campaigns’ apps. “The data may be going to a legitimate destination, but it could be intercepted by someone intercepting the traffic,” Symantec engineer Shaun Aimoto said. Cruz data director Chris Wilson on Monday denied the campaign’s app leaks data.


Hacking group “PLATINUM” used Windows’ own patching system against it – Publication: Ars Technica – Reporter name: Peter Bright

Microsoft’s Windows Defender Advanced Threat Hunting team works to track down and identify hacking groups that perpetrate attacks. The focus is on the groups that are the most selective about their targets and that work the hardest to stay undetected. Almost half of the attacks were aimed at government organizations of some kind, including intelligence and defense agencies, and a further quarter of the attacks were aimed at ISPs. The goal of these attacks does not appear to have been immediate financial gain—these hackers weren’t after credit cards and banking details—but rather broader economic espionage using stolen information.