Tag Archives: hijack

10Fold – Security Never Sleeps – 78

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Bangladesh Bank attackers used custom malware that hijacked SWIFT software – the malware deleted transaction records from the database and printed out altered SWIFT confirmation messages. Director of National Intelligence James Clapper said Monday his office was looking at “several options” to publicly disclose an estimate of the number of U.S. persons caught incidentally in Internet surveillance intended for foreign targets. Citing a recent and large increase in credit card fraud, Washington, DC-area grocer Giant Food says it will no longer allow customers to use credit cards when purchasing gift cards and reloadable or prepaid debit cards. Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an “exploit kit” Web service that deployed malware onto victims’ computers through malicious websites

Bangladesh Bank attackers used custom malware that hijacked SWIFT software – Publication: NetworkWorld – Reporter name: Lucian Constantin

The hackers who stole US $81 million from Bangladesh’s central bank likely used custom malware designed to interfere with the SWIFT transaction software used by many financial institutions. The attackers attempted to transfer $951 million out of Bangladesh Bank’s account at the Federal Reserve Bank of New York in February, but most of the transfers were blocked before completion. The attackers did manage to send $81 million to accounts in the Philippines, and that money is still missing. Researchers from BAE Systems have recently come across several malware components that they believe are part of a custom attack toolkit that was likely used in the heist.


U.S. exploring ways to disclose number of Americans caught in data grabs: spy chief – Publication: Reuters- Reporter name: STAFF

Director of National Intelligence James Clapper said Monday his office was looking at “several options” to publicly disclose an estimate of the number of U.S. persons caught incidentally in Internet surveillance intended for foreign targets. Clapper’s comments came in response to a letter sent last week by 14 bipartisan lawmakers in the U.S. House of Representatives, pressing the country’s top spy to provide a public estimate of the number of Americans ensnared in data grabs of foreign Internet communications traffic. They said the information was needed to gauge possible reforms to the controversial program.


 Giant Food Sees Giant Card Fraud Spike – Publication: Krebs on Security – Reporter name: Brian Krebs

One of the easiest ways thieves can cash out? Walk into a grocery or retail store and buy prepaid gift cards using stolen credit cards. Such transactions — if successful — effectively launder money by converting the stolen item (counterfeit/stolen card) into a good that is equivalent to cash or can be easily resold for cash (gift cards). “Giant has recently made a change in procedures for purchasing gift cards because of a large increase of fraudulent gift card purchasing,” the company said. “Giant will now accept only a Bank PIN-based debit card or cash for all VISA, MasterCard, and American Express gift cards, as well as re-loadable and prepaid gift cards. This change has been made in order to mitigate potential fraud risk.”


“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings – Publication: Ars Technica – Reporter name: Sean Gallagher

While a significant percentage of Nuclear’s infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic. Introduced in 2010, Nuclear has been used to target millions of victims worldwide, giving attackers the ability to tailor their attacks to specific locations and computer configurations. Though not as widely used as the well-known Angler exploit kit, it has been responsible for dropping Locky and other crypto-ransomware onto more than 140,000 computers in more than 200 countries, according to statistics collected by Check Point (PDF). The Locky campaign appeared to be placing the greatest demand on the Nuclear pay-to-exploit service.

10Fold – Security Never Sleeps – 76

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: New information surfaces around the Bangladesh Bank heist that lead police to believe that the bank had no firewall. Australia has pumped $230m into their cyber security efforts and claims to be able to hack their enemies “if necessary.” New research into the “Rowhammer” bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers. IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday..  

Bangladesh Bank exposed to hackers by cheap switches, no firewall: police – Publication: Reuters- Reporter name: Serajul Quadir

Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said. The shortcomings made it easier for hackers to break into the system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.


Australia says it can hack enemies as it invests $230 million in cyber security – Publication: Mashable- Reporter name: Jenni Ryall

The Australian government is watching and has the means to launch a cyber attack. On Thursday, Prime Minister Malcolm Turnbull introduced a massive A$230 million cash injection to arm the country for cyber security issues and deal with online threats it is facing, including cyber war and internal whistleblowers. Within the new Internet strategy, pushed down to page 28, the government also makes clear it has the capabilities to launch a cyber attack if necessary. “Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack,” the report reads. “Any measure used by Australia in deterring and responding to malicious cyber activities would be consistent with our support for the international rules based order and our obligations under international law.”


 DRAM bitflipping exploits that hijack computers just got easier – Publication: Ars Technica – Reporter name: Dan Goodin

The scenario is based on a finding that the Rowhammer vulnerability can be triggered by what’s known as non-temporal code instructions. That opens vulnerable machines to several types of exploits that haven’t been discussed in previous research papers. For instance, malicious Web applications could use non-temporal code to cause code to break out of browser security sandboxes and access sensitive parts of an operating system. Another example: attackers could take advantage of media players, file readers, file compression utilities, or other apps already installed on Rowhammer-susceptible machines and cause the apps to trigger the attacks


Huge data breaches have been good for security stocks – Publication: CNBC – Reporter name: Harriet Taylor

IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday. The BVP Cyber Index tracked the capital-weighted performance since Jan. 1, 2011, of 29 public companies whose primary business is cybersecurity. Almost half of those companies are valued at more than a billion dollars. The public IT security sector outperformed the stock market by more than two times during that time, and outperformed the market by about five times the month after those breaches were made public.