Tag Archives: Mirai

Security Never Sleeps- U.S. Security, IoT Vaccines?

U.S. Government Cybersecurity Ranks 16th Out of 18 Industry Sectors

“Very small improvement over last year”

The U.S. government’s cybersecurity standing (both state and federal) is ranked 16th of 18 industry sectors in a new report published by SecurityScorecard, a firm that seeks to help business manage third- and fourth-party risk. This is a very small improvement on the nations position last year, which was 18th out of 18. This still presents a disappointing  and dangerous scenario of public sector readiness to defend systems against cybercrime and cyber espionage. The report was generated by collecting and analyzing subject data through its own data engine, ThreatMarket — which uses 10 categories such as web applications, network security, and DNS health.

Is Your Mobile Carrier Your Weakest Link?

“Mobile security more important than ever”

Now that more online services than ever now offer two-step authentication, i.e., requiring customers to complete a login using their phone or other mobile device after supplying a username and password, many services relying on your mobile devices for that second factor, there has never been more riding on the security of your mobile account. Click the link for a few tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the most vulnerable link in your security chain.

This Mirai malware vaccine could protect insecure IoT devices

“Poorly protected IoT devices are the source of many problems”

The hazard of unsophisticated and poorly secured Internet of Things devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat. Researchers have now posed an original solution to the problem: Use the vulnerability of these devices to inject a ‘white worm’ that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 195

New Bill Seeks Basic IoT Security Standards

“Baseline security standards for broad range of devices”

U.S. Senate legislators are working to create minimum regulations to ensure internet connected devices such as cameras,routers, and computers. The standards will also enforce holes in current cybercrime laws and was developed in direct response to the series of massive 2016 attacks using IoT devices, like the October and November Mirai attacks that put down many high profile websites for the better part of the day.

Study: Majority of retailers feel ‘vulnerable’ to a data breach

“Attacks decline, but business concern is up”

Security analyst firm 451 Research has recently released the “2017 Thales Data Threat Report, Retail Edition,” which has indicated a growing consensus among retailers that their payment systems are vulnerable to hackers. The study is based on survey answers from over 1100 senior executives globally. 52% of the companies have experienced a breach in the past, 88% fear they are vulnerable, and 19% feel ‘very’ or ‘extremely’ vulnerable.

One in three SMEs in Singapore hit by ransomware

“Nearly one fifth had to shut down businesses”

Over one third of SME’s in Singapore were attacked by ransomware attacks in 2016, and anout 20% of these had to close their doors as a result. 61% of the Singapore SME’s also had to shut down for over nine hours, about one business day, shutting down operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 190

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

“Swedish Transport Agency breached”

Virtually all Swedish citizens personal vehicle details may have been leaked due to a mishandling of an outsourcing  deal with IBM. Swedish media reports that this breach extends to private vehicles and even police and military transportation as well.

Wells Fargo Gets Regulatory Questions After Data Breach

“Release of client details prompts questions”

Wells Fargo, despite already being a target of regulatory scrutiny from last years fake account scandal, has drawn even more attention to itself after a new leak. A lawyer working for the firm has released sensitive client data for tens of thousands of accounts, mostly of wealthy clients in the brokerage unit.

Second Major Ethereum Hack In a Week Leads to $34 Million Theft

“Popularity met with skepticism of security”

Cryptocurrencies like Ethereum and BitCoin have been rising fast in popular use, however many investors remain cautious due to concerns over vulnerabilities. Ethereum is not doing much to ease doubters, being majorly hacked for the second time in a single week.

Cybercriminals Kept Botnet That Infected 500,000 Computers Hidden For Five Years

“Stantinko is new creeping botnet”

The Mirai botnet and ransomware programs like WannaCry and Petya have often caught our attention, but have you heard of Stantinko? It’s been able to stealthily execute its criminal mission for over five years without attracting much, or perhaps any, media attention.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 158

Mysterious Hajime Botnet Grows to 300,000 IoT Devices: Kaspersky

“About 300,000 devices already captured”

Kaspersky Labs security researchers has revealed that a new botnet malware emerging in October of last year, Hajime, has been busy ensnaring thousands of IoT devices. This new strain came on the scene around the same time we saw the Mirai attacks and targets devices in the same way without using them for DDoS processes.

Chipotle Investigating Payment Card Breach

“Unauthorized activity recently detected on network”

Popular restaraunt chain Chipotle Mexican Grill informed its recent customers on Tuesday that the company’s payment archives from its over 2,000 locations may have been breached. With an investigation ongoing, the information being made to the public is still limited.

Game guide malware ‘targeted more than 500,000 users’

“Popular mobile games affected”

App based game guides that include some of the most popular programs have been used to attack over half a million Android users. Google Play harbors the applications responsible for the malware, with researchers at Checkpoint reporting that the apps project unwanted ads and other issues to users.

Web Attacks Decline, Ransomware Attacks Surge

“More efficient and lucrative attacks developed”

New ransomware attacks on end users have been detailed by Symantec’s annual Internet Security Threat Report. The report shows the effects of cyberattacks on intended victims as well as the growing trend in ransomware attacks, up 36% last year.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 156

CradleCore Ransomware Sold as Source Code

“Malicious software making the rounds on underground forums”

Forcepoint security researchers have found a new ransomware, CradleCore, circulating in cybercriminal markets online. CradleCore has a customizable source code, breaking from the usual RaaS ‘business model’ that is common to similar programs.

Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure

“Constantly evolving malware causes increasing concern”

Phishing attacks have long been a tool of cybercriminals online, and they’re getting worse than ever before. A recent example of this is a new exploit allows what would otherwise be recognized as untrustworthy sites to a safe URL, bypassing many security systems that would otherwise block malicious actor.

IoT malware clashes in a botnet territory battle

“Rival malware emerges to notorious Mirai”

Security researchers have identified a competitor to the Mirai botnet malware responsible for the crippling of several high profile websites. The up-and-comer is capable of commandeering low security IoT devices with greater effectiveness than its counterpart, a worrying fact to researchers as well as users.

 

10Fold- Security Never Sleeps- 148

“Financially motivated actors as dangerous as nation states”
The 2017 M-Trends report published Tuesday by Mandiant addresses growing concerns of private threat actors. The data, based on investigations of incidents by Mandiant, establishes that non-governmental cyber hackers have become incredibly more complex in their activities over the last several years.
“Embarrassing security breach for Canada”
While the recent hack of the Canadian government did not result in the loss of sensitive data, it gave a massive blow to Canadian cybersecurity. After an unknown entity hacked the statistics of the state tax collection agency (CRASC).
 
“Efforts to stop Mirai have amounted to a game of ‘whack-a-mole'”
Differing opinions on efforts to stop the Mirai botnet, a notorious program that affects thousands of IoT devices, have shown recently as the malware has made its debut last September. Many of the massive DDoS attacks seen recently have been due to Mirai, as it is able to commandeer and use common household devices like DVR’s and internet cameras.
Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 124

Personal email is becoming less personal as hackers, government eye access

“Stakes are higher than ever for data security”

Privacy expert Claire Gartland has been warning of increased risks towards user data of electronic messaging services, most recently with her appearance on CNBC’s ‘On The Money.’ Under the context of the recent United States Presidential Election season, Gartland emphasized the exponential increase in the hacking of public figure hacks and leaks of sensitive information.

Millions exposed to malvertising that hid attack code in banner pixels

“Millions exposed to potential danger”

Malicious ads attacking embed codes in banner pixels have left many mainstream website users at risk of fraud and security concerns. The script remains concealed in the alpha channel that defines the transparency of the pixels. This makes it very difficult for even experienced ad networks to detect. After the malware assesses that adequate security measures are not in use that can detect its presence, the script can redirect the browser to sites that host exploitation in the users security.

Security News This Week: A Botnet Takes Down Nearly a Million German Routers

“New variant detected”

The same botnet malware that temporarily took down several popular websites just a few weeks ago, dubbed Mirai, has returned this week with devastating results. Over 900,000 routers from customers of German ISP Deutsche Telekom were affected and cut off from access to the web. This fuels growing concerns over a new reality of cyber-attacks that may not be preventable.

Latest Android security update fixes Dirty COW, GPS vulnerabilities

“Provides attack mitigation”

Per the monthly updates Android releases, serious security concerns have been addressed for customers. The most recent of these is a privilege escalation vulnerabilities that has been exploitable for over nine years (The Dirty COW, or copy-on-write), since the creation of Linux.

10fold- Security Never Sleeps- 123

San Francisco Muni Says Server Data Not Accessed in Ransomware Hit

“Ransom never paid”

San Francisco Municipal authorities have released a statement on Monday indicating that its servers had not been breached by a hacking attempt. The potential cyber criminal responsible claimed 30GB of stolen data would be dumped from the agency if roughly $73,000 worth of Bitcoin was not paid, a sum the SFMTA never even considered paying when no indications of a breach had been found.

Researchers Exploit App Flaw and Steal a Tesla Model S

“Remote hacking and driving now possible”

Chinese researchers working in Keen Security Lab were able to access and execute commands on a Tesla S vehicle, adding to concerns existing as driverless cars become less prevalent in science fiction and more in reality. Lack of security in the Tesla smartphone apps allows cybercriminals to remotely access and drive away with a car in just a few seconds without a key fob being physically present.

Upgraded Mirai Botnet Disrupts Deutsche Telekom by Infecting Routers

“Vulnerable routers being targeted”

IoT malware menace Mirai has been plaguing the German state firm Deutsche Telekom, causing connection issues for nearly a million customers. Blame for the disruptions was placed on a new strain of the Mirai malware, found to have infected over 500,000 IoT devices ranging from surveillance cameras to DVR’s.

Feds Provide Legal Loophole to Hacking IoT Devices

“Changes release researchers from select legal liabilities”

What many consider long overdue exemptions from legal action are currently being celebrated by technology security researchers in the United States. The Digital Millenium Copyright Act has been amended to provide a two year ‘good-faith’ window, allowing security analysts to break into softwares that involve IoT devices and more without violating copyright laws under section 1201.

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits £1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over £1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.

10Fold- Security Never Sleeps- 112

Chinese firm admits hacked products were behind Friday’s Internet Abnormalities

“Hangzhou Xiongmai Technology vulnerabilities led to attack”

Electronic component manufacturer based in China Hangzhou Xiongmai Technologies has conceded that hackers used its technologies to conduct a massive cyberattack on several substantial United States headquartered internet sites. Mostly known for its production on DVR’s and cameras connected to the internet, weak default passwords of users is noted as a major contributing factor to their vulnerabilities. Security researchers have claimed that the notorious malware Mirai has been infiltrating and using them as a jump off point for Friday’s DDoS attack.

DDoS Attack Shows Vulnerable Underbelly Cloud Technologies

“Can a DDoS attack break the internet?”

Friday saw a massive DDoS attack, which commentators have said led to the internet ‘breaking’ for several hours over the course of the early day. Vital corporate applications, business functions and inability to use big name sites, causing public outrage and firm loss. Dyn going offline brought the shutdown of the DNS server, the component that allows users to find sites without directly inputting the IP address.

Beware of Fraudulent BSOD Scammers’ Malware

“Microsoft notifies public of fake installer for Security Essentials”

Tech support scammers have added a new weapon in the cybercriminal bag of tools, now utilizing fake ‘Severe Warning’ notifications and blue screens of death in Windows devices. Hicurdismos, the nickname given to this new malware, disables Task Manager and hides the cursor to deceive the user and suggests the user to call a bogus call center and hoaxes users to give up sensitive information the scammer will exploit for profit.

$7,500 IoT Cannon Sold, Capable of Bringing Down The Web Again

“Worse DDoS attacks expected in the future”

The attacks we got a taste of Friday was bad, but experts are saying these disruptions will get worse in intensity and probably more frequent. This is due to hackers selling access to hacked IoT devices which give their customers the ability to launch cyber events comparable or potentially bigger than what the world had witnessed. Early October also saw the advertisement of a botnet cybercriminals had put up for sale on an underground market forum, a trend that before recently had been quite uncommon. To see a malware program for sale of that caliber has researchers predicting a growth in its usage and security concerns in the future.