Tag Archives: malware

Security Never Sleeps- Equifax Hack, Google Play Malware

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers

“More details on the major hack”

In an update posted to its security breach website, Equifax announced that hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. At the time it was discovered, in March 2017, the Apache Struts CVE-2017-5638 vulnerability was a zero-day — a term used to describe security bugs exploited by attackers but which vendors are not aware of or have a patch released. Equifax did not reveal the exact date when the security breach occurred, but only when it became aware of it — July 29, 2017. It is unclear if Equifax was breached before the Struts zero-day became public, or months after Apache made a patch available.

Attackers Can Bypass SKEL Protection in macOS High Sierra

“Malicious kernel extensions allow security evasion”

A new security feature added in macOS High Sierra (10.13) named “Secure Kernel Extension Loading” can be bypassed to allow the loading of malicious kernel extensions. Just like Linux and Windows, macOS allows applications to load third-party kernel extensions whenever they need to perform actions that require access to lower levels of the operating system.

Backdoored Plugin Impacts 200,000 WordPress Sites

“Malware updated in plugin”

Wordfence reports that around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code. Dubbed Display Widgets, the plugin was sold by its original author to a third-party developer on May 19, 2017, for $15,000. Roughly one month after that, the plugin was updated by its new owner and started displaying malicious behavior.

Google Is Fighting One Of The Biggest Ever Android Malware Outbreaks — Up To 21 Million Victims

“More malware!”

Surprising almost no one, another batch of Android malware has found its way onto Google Play. Researchers from Check Point have claimed to have found the second-biggest outbreak to ever hit Google’s platform, with as many as 21.1 million infections from one malware family.

Enjoy your read? Check out our other content here.

Security Never Sleeps- HBO Social Hack, Security Spending

HBO social media hacked in latest cyber security breach

“Facebook and Twitter accounts breached”

HBO has had two of its social platforms hacked in the latest cyber attack against the entertainment firm. OurMine, a hacker group, seems to have taken control of the main account posting messages such as “OurMine are here. we are just testing your security”. This is just the latest in many attacks on HBO, with notable recent incidents resulting in the leak of popular show Game of Thrones scripts and other company data.

Gartner Predicts Information Security Spending To Reach $93 Billion In 2018

“Security concerns grow with malware rise”

It seems that anyone who has anything to do with tech has probably had an endless stream of malware scares hitting their news feed seemingly daily. Data breaches, ransomware, Trojan’s, and much more are on the rise, prompting a big increase in security spending. Gartner released a report this week that predicts over $86.4 billion in information security spending, a 7% increase over last year. Further, the following year it will likely grow to $93 billion by the next year given current trends.

70% of DevOps Pros Say They Didn’t Get Proper Security Training in College

“Mostly on the job security processes”

A new Veracode survey shows that most DevOps pros don’t get adequate security training in their academic institutions. The vast majority of the respondents, about 70% of the 400 total, feel that their college did not prepare them to be successful, and 65% learned most relevant skills while they were on the job.

The data breach blame game

“UK business cyber threat is growing steadily”

Ever since the National Cyber Security Centre opened in February the UK has been hit by 188 high level attacks, and there were many other low level attacks that are difficult to quantify. This was big enough to bring in the NCSC.

Public outcry searching for answers leads many to impromptu blame and quick answers, while the truth is often much too complicated for such solutions. Certainly security systems must improve for business, and regulation will accompany this.

‘Indefensible’ hack could leave modern cars vulnerable to critical cybersecurity attack

“Advances necessary for safe systems”

A connect car hack has recently revealed that the systems is currently “indefensible by modern car security technology.” These vulnerabilities can put large numbers of consumers at considerable risk. Traditionally these attacks focus on specific models or makes of cars, such as the Jeep hack in 2015, while this threat target the controller area network. Trend Micro’s Forward-looking Threat Research team discovered the hack, and first posted the information on Wednesday in their blog.

Enjoy your read? Check out our other content here.

10Fold Security Never Sleeps- Financial Malware, TalkTalk Breach

When it comes to cybersecurity, companies need force fields, not walls

“Dire threats seem almost imperceptible”

The public often views recent headlines like the DNC or HBO data breaches and don’t work up too much anxiety over their own personal information security or insidious malware programs lurking online. However, these occurences are growing increasingly common, and nearly everyone’s sensitive information could be at risk.

TalkTalk fined £100,000 for long-forgotten 2014 data breach

“Reputation has been revived as well as legal fees”

The TalkTalk data breach of 2014 has long since faded from public view, but the associated government proceedings certainly have not. The incident saw hackers accessing the personal details of over 150,000 customers, earning the firm over £400,000 in relevant fines.

‘Hack the Air Force’ challenge most successful military bug bounty yet

“Over 200 public facing bugs found”

 The Air Force has continued its “Hack the Air Force” program which crowdsources cybersecurity testing on its public systems. This uncovered 207 patchable security flaws in about one month that could be exploited y hackers and malware, prompting Marten Mickos, chief contractor of HackerOne, to comment “It was the most successful [Department of Defense] bug bounty so far.”

Uptick in Malware Targets the Banking Community

“Incredible amount of money stolen in recent months”

New and even relatively archaic tactics have allowed cybercriminals to make off with vast sums of cash from many financial institutions of late, with both traditional banks and cryptocurrency funds being looted. Banking and financial malware has been a growing concern among researchers, and recent trends do not ease those fears.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 197

Ransomware can cost firms over $700,000; cloud computing may provide the protection they need

“Cybercrime costs are increasing”

A single ransomware incident can, on average, run a tab of over $713,000. About 21% of 200 SME businesses in the U.S. said they are completely ready to manage IT security and protect against threats. This number is dangerously small, but cloud computing may provide the security against the threats that many firms need.

The GDPR Deadline is Fast Approaching; How Enterprises are Readying Themselves

“Compliance needed by May 25, 2018”

Many organizations have dedicated countless hours for preparation for the European Union General Data Protection Regulation, but too many have just started taking steps to ensure compliance. The new regulations will have international consequences that must be addressed by firms who deal across borders, as the legislation has dire consequences for those who don’t comply.

WannaCry ‘Kill Switch’ Creator Arrested in Vegas

“Marcus Hutchins indicted for Kronos malware”

Federal authorities have nabbed user MalwareTech, aka Marcus Hutchins, for the creation and distribution of the Kronos banking Trojan. In an unsuspected move, authorities arrested Hutchins after his role as the researcher who stopped the expansion of the WannaCry ransomware earlier this year. WannaCry was deemed an extremely high risk malware, spanning over 150 countries in just a matter of days.

How do you predict cyber attacks? Listen to your Cassandras

“Proprietary data collection and intellectual property need protection”

Bad actors targeting vital institutions that had previously been sacrosanct have become harder to detect. The damages inflicted in many cases have dealt virtually fatal blows to corporate finance and organizational operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 196

WILL THE REAL SECURITY COMMUNITY PLEASE STAND UP

“Black Hat 2017 a vocab lesson”

Black Hat 2017 emphasized the importance of vocabulary, and it turns out that yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because current advances matter so much.

Android users: beware ‘Invisible Man’ malware disguised as Flash

“Keylogging steals financial records”

Android users have yet another malware program to watch for. A keylogging malicious software that disguises itself as a Flash update and targets financial data. Needless to say, criminals in possession of your credentials will happily suck your bank accounts dry.

Be on the lookout for fileless malware, warns Trend Micro

“Infosec pros warn of illusive malware”

Security experts have been dealing with many new incoming malware programs, but cybercriminals continue to find new issues that pop up on networks every day in an effort to avoid better detection programs. Fileless malware is the latest in this campaign, which is designed to evade sandbox defenses looking for signatures. TendMicro has detected many examples of this.

Hackers have cashed out on $143,000 of bitcoin from the massive WannaCry ransomware attack

“Online wallets breached”

During the WannaCry ransomware attackshackers were able to withdraw about 52.2 bitcoins, or about $143,000, from online cryptowallets. The withdrawals were concerned by Elliptic, and highlights general security concerns over online currencies.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 192

GOOGLE FINDS AND BLOCKS SPYWARE LINKED TO CYBERARMS GROUP

“Android spyware blocked”

Google has discovered a new strain of Android malware, Lipizzan, that is able to surveil users text message, emails, calls, and much more. It has yet to appear on many devices, but experts say that it has all the telltale signs signs of a professional, targeted malware intending to attack users in wealthier nations.

Four-Star Kentucky Hotel: Data Breach Could Affect Guests

“Breach threatens customer information”

The Galt House hotel in Louisville, Kentucky has stated that an internal investigation revealed malware has been feeding off the payment processing systems. Any guests staying at the hotel between December 21, 2016 and April 11 are said to have possibly been affected.

Hackers are winning the war as companies worldwide fail on cyber security

“Too many firms are falling short in security”

A new report from Thycotic has shown that most companies worldwide are failing to accurately assess cyber security effectiveness. Survey criteria based on internationally accepted standards in ISO 27001 and best practices from industry experts provides a comprehensive way to define and measure IT security.

Gas Pump Skimmer Sends Card Data Via Text

“Can be detected with mobile devices”

Gas pump card skimming devices most often rely on Bluetooth connectivity to collect the stolen credit card data wirelessly. While often very effective, there is a very apparent downside. Bluetooth-based skimmers can be detected by any user with a bluetooth connected device, and investigators are starting to see these devices send stolen data via text message.

Cyber security not a priority for most sectors, study finds

“Little concern despite huge losses”

A recent study from Savoy Stewart has shown that although data breaches cost UK firms almost £30bn last year, cyber security is still not a big concern for industry sectors. Just 60% of directors or senior managers in finance and insurance consider it a high priority, with data taken from 1,500 firms.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 191

Hack on Italy’s largest bank affects 400,000 customers

“400,000 customers put at risk”

Two security breaches have put hundreds of thousands of sensitive consumer data in jeopardy. Unicredit has stated that personal data and account numbers may have been leaked, also adding that passwords were not leaked, indicating that no unauthorized transactions took place.

Using AI to spot malware patterns

“Protecting organizations has never been more difficult and necessary”

The number of entry points and connected endpoints has only increased, showing that the bad guys are only getting smarter. A new security startup, Cylance, is using artifical intelligence to change the game and counter these criminals.

Majority of Consumers Believe IoT Needs Security Built In

“Global survey say IoT is a ‘shared responsibility'”

Many respondents to a global survey believe that consumers and manufacturers share responsibility to secure networks. Irdeto’s report shows that 90% of respondents think that security should be built in to IoT devices, but are more divided on who is responsible for implementing the systems.

Cloud-Based Email Security Systems From Microsoft And Symantec Miss Thousands Of Unsafe Emails

“Risk assessment on more than 45 million emails”

Email and data security company Mimecast has run an extensive experiment on corporate email vulnerabilities over more than a year. About 24% of the emails were marked as unsafe, with most being spam while some contained dangerous malware. That may seem like a relatively small amount, but given that all of the emails were originally classified as ‘safe’ we see a bigger problem emerge.

Shoddy data-stripping exposes firms to hack attacks

“Research suggests much vulnerability”

Many large firms have made themselves open to attacks because of inadequate data stripping on their websites. Researchers have found that as employees create documents, images, and other files, the data is uploaded to the companies website and not properly maintained.

Enjoy your read? Check out our other content here.

 

10Fold- Security Never Sleeps- 187

Undetected For Years, Stantinko Malware Infected Half a Million Systems

“Massive botnet remained under the radar for five years”

Half a millions devices have been infected by a rogue botnet, dubbed Stantinko. ESET researchers warn that affected systems can “execute anything on the infected host.” The malware has powered a huge adware campaign since at least 2012, largely targeting Russia and Ukraine, but remained hidden via code encryption until now.

Network Spreading Capabilities Added to Emotet Trojan

“Emotet Trojan spreads malware on internal networks”

Fidelis Cybersecurity researchers have identified a new variant of the Emotet Trojan that can distribute malicious programs on internal systems. Recent WannaCry and NotPetya incidents have shown us just how efficient and costly these attacks can be if they spread, increasing concerns among security researchers on greater prevalence in the future.

US Banks Targeted with Trickbot Trojan

“Necurs spreads to financial institutions”

New Emotet banking Trojan signals increasingly complex attacks on the finance industry. An official blog post had subsequently confirmed that a ‘security alert is ongoing related to the discovery, the effects of which are continuing.

Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

“Three quarters of IT decision makers report that they are ‘confident’ they’re secure”

Healthcare networks are filled with IoT devices, but a study has found that the majority of IT experts claim that security systems for many of these are not adequately protected despite many believing that they are.

Kansas data breach compromised millions of Social Security numbers In 10 States

“Over 5.5 million potentially compromised”

A breach of the Kansas Department of Commerce may have given hackers access to millions of social security numbers, putting the department on the hook for credit monitoring services for all victims. The SSN’s had not been previously reported. The Kansas News Services obtained the information through an open records request.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 186

SambaCry Vulnerability Used to Deploy Backdoors on NAS Devices

“Running on older versions of the Samba file-sharing server”

An unknown entity is using the SambaCry security vulnerability to install a backdoor Trojan on Linux devices. According to TrendMicro, most of the attacks are tied to NAS devices which ship with the Samba server that provides file-sharing interoperability between different operating systems.

Millions of IoT Devices Possibly Affected by ‘Devil’s Ivy’ Flaw

“Could affect millions of IoT devices”

Researchers have dubbed a new security flaw that could affect many devices as “Devils Ivy.” The stack-based overflow was discovered by IoT security startup Senrio in a camera from Axis Communications.

These 10 US states have the highest rate of malware infections in the country

“Does location have a correlation to malware attacks?”

A new look at over 1 million malware infections from Enigma Software Group has found significant across all states in the U.S. New Hampshire seems to be the most at risk, with infection rates around 200% higher than than the national average.

Enjoy your read? Check out our other content here.

My First Trendjack Experience at 10Fold

As a new addition to the 10Fold team, as well as being new to the cybersecurity practice in general, it has been important for me to monitor the news on a daily basis in order to get familiar with trending topics and identify what it is my clients can speak to with authority. Although many stories have caught my eye in the last two months since I started these daily news sweeps, the NotPetya cyber attack stood out to me above all others.  

Peyta/NotPetya/ExPetr/GoldenEye is an ongoing cyberattack that started Tuesday, June 26. It began with a cyberattack in Kiev, Ukraine, where this malware went on to hit around 2,000 computer systems, specifically targeting computers running the Microsoft Windows Operating system. While many people originally believed it to be a form of ransomware similar to the recent ‘Petya’ attacks, this malicious software has been categorized as a  “wiper.” It’s designed to cause mayhem and wipe computers – and is not actually ransomware – which is why this ongoing attack has adopted so many names. It’s similar, but also different in a lot of ways.

Although there were corporations and public sector agencies affected in more than 65 countries all over the world, Ukraine and Russia were hit the hardest, including Ukraine government ministries, banks, utilities, telecom operators, an airport and other major companies. Also attacked were Russian oil giant Rosneft and Russian web security firm group-IB. Computers at the Chernobyl nuclear plant were compromised as well, forcing workers to manually monitor radiation levels, which have their own inherent security and safety challenges. Others hit include companies in the UK, Germany, China and U.S., British advertising giant WWp, French Industrial group Saint-Gobain, Shipping giant A.P. Moller-Maersk, Cadbury, pharmaceutical companies, hospitals and many more.

What was interesting about Petya was that after encrypting files on the PC, it demanded $300 worth of Bitcoin Cryptocurrency in order to supposedly unlock them. It turned out that as the story evolved, the ransomware was later categorized as a wiper, as previously stated, and the computer’s’ files were completely destroyed. Some security experts claim that this attack is more harmful than WannaCry, because rather than spreading only via a weakness in Windows’ SMB, the NotPetya malware can also spread by finding passwords on the infected computer to move from system to system. It extracts passwords from memory and local filesystem. Once inside a corporate network, it works its way from computer to computer, destroying the infected machines’ filesystems.

There has yet to be a solid explanation on the attackers’ motive and what they were after. Researching the attack, NATO said it was likely launched by a state actor or by a non-state actor with support and approval from a nation state since the operation was extremely complex and likely very expensive. The Russian government has been suspected as a possible origin for NotPetya. The latest rumors suggested that it spread by accident by a Ukrainian tax software company, named MeDoc.

NotPetya is continually evolving and more information is exposed every day. As one of the more significant organized attacks in 2017, it should bring awareness to the fact that many are unprotected. Even though large-scale attacks like this are not new, they are important to watch because each time around they are getting stronger and more sophisticated.   

It will be fun keeping an eye on more of these trends as they pop up. The next one I’ll dive into is the recent disclosures of public cloud leaks from organizations using the popular AWS services!

By Kory Buckley

Enjoy your read? Read our other blog content here.

 

Sources:

http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future

https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P

http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231

https://www.theverge.com/2017/7/2/15910826/nato-response-petya-attack-state-actor-russia-ukraine

http://www.csoonline.com/article/3204547/security/petya-wannacry-and-mirai-is-this-the-new-normal.html

https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5f709ac86cf9