Tag Archives: trojan

Security Never Sleeps- HBO Social Hack, Security Spending

HBO social media hacked in latest cyber security breach

“Facebook and Twitter accounts breached”

HBO has had two of its social platforms hacked in the latest cyber attack against the entertainment firm. OurMine, a hacker group, seems to have taken control of the main account posting messages such as “OurMine are here. we are just testing your security”. This is just the latest in many attacks on HBO, with notable recent incidents resulting in the leak of popular show Game of Thrones scripts and other company data.

Gartner Predicts Information Security Spending To Reach $93 Billion In 2018

“Security concerns grow with malware rise”

It seems that anyone who has anything to do with tech has probably had an endless stream of malware scares hitting their news feed seemingly daily. Data breaches, ransomware, Trojan’s, and much more are on the rise, prompting a big increase in security spending. Gartner released a report this week that predicts over $86.4 billion in information security spending, a 7% increase over last year. Further, the following year it will likely grow to $93 billion by the next year given current trends.

70% of DevOps Pros Say They Didn’t Get Proper Security Training in College

“Mostly on the job security processes”

A new Veracode survey shows that most DevOps pros don’t get adequate security training in their academic institutions. The vast majority of the respondents, about 70% of the 400 total, feel that their college did not prepare them to be successful, and 65% learned most relevant skills while they were on the job.

The data breach blame game

“UK business cyber threat is growing steadily”

Ever since the National Cyber Security Centre opened in February the UK has been hit by 188 high level attacks, and there were many other low level attacks that are difficult to quantify. This was big enough to bring in the NCSC.

Public outcry searching for answers leads many to impromptu blame and quick answers, while the truth is often much too complicated for such solutions. Certainly security systems must improve for business, and regulation will accompany this.

‘Indefensible’ hack could leave modern cars vulnerable to critical cybersecurity attack

“Advances necessary for safe systems”

A connect car hack has recently revealed that the systems is currently “indefensible by modern car security technology.” These vulnerabilities can put large numbers of consumers at considerable risk. Traditionally these attacks focus on specific models or makes of cars, such as the Jeep hack in 2015, while this threat target the controller area network. Trend Micro’s Forward-looking Threat Research team discovered the hack, and first posted the information on Wednesday in their blog.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 197

Ransomware can cost firms over $700,000; cloud computing may provide the protection they need

“Cybercrime costs are increasing”

A single ransomware incident can, on average, run a tab of over $713,000. About 21% of 200 SME businesses in the U.S. said they are completely ready to manage IT security and protect against threats. This number is dangerously small, but cloud computing may provide the security against the threats that many firms need.

The GDPR Deadline is Fast Approaching; How Enterprises are Readying Themselves

“Compliance needed by May 25, 2018”

Many organizations have dedicated countless hours for preparation for the European Union General Data Protection Regulation, but too many have just started taking steps to ensure compliance. The new regulations will have international consequences that must be addressed by firms who deal across borders, as the legislation has dire consequences for those who don’t comply.

WannaCry ‘Kill Switch’ Creator Arrested in Vegas

“Marcus Hutchins indicted for Kronos malware”

Federal authorities have nabbed user MalwareTech, aka Marcus Hutchins, for the creation and distribution of the Kronos banking Trojan. In an unsuspected move, authorities arrested Hutchins after his role as the researcher who stopped the expansion of the WannaCry ransomware earlier this year. WannaCry was deemed an extremely high risk malware, spanning over 150 countries in just a matter of days.

How do you predict cyber attacks? Listen to your Cassandras

“Proprietary data collection and intellectual property need protection”

Bad actors targeting vital institutions that had previously been sacrosanct have become harder to detect. The damages inflicted in many cases have dealt virtually fatal blows to corporate finance and organizational operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 187

Undetected For Years, Stantinko Malware Infected Half a Million Systems

“Massive botnet remained under the radar for five years”

Half a millions devices have been infected by a rogue botnet, dubbed Stantinko. ESET researchers warn that affected systems can “execute anything on the infected host.” The malware has powered a huge adware campaign since at least 2012, largely targeting Russia and Ukraine, but remained hidden via code encryption until now.

Network Spreading Capabilities Added to Emotet Trojan

“Emotet Trojan spreads malware on internal networks”

Fidelis Cybersecurity researchers have identified a new variant of the Emotet Trojan that can distribute malicious programs on internal systems. Recent WannaCry and NotPetya incidents have shown us just how efficient and costly these attacks can be if they spread, increasing concerns among security researchers on greater prevalence in the future.

US Banks Targeted with Trickbot Trojan

“Necurs spreads to financial institutions”

New Emotet banking Trojan signals increasingly complex attacks on the finance industry. An official blog post had subsequently confirmed that a ‘security alert is ongoing related to the discovery, the effects of which are continuing.

Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

“Three quarters of IT decision makers report that they are ‘confident’ they’re secure”

Healthcare networks are filled with IoT devices, but a study has found that the majority of IT experts claim that security systems for many of these are not adequately protected despite many believing that they are.

Kansas data breach compromised millions of Social Security numbers In 10 States

“Over 5.5 million potentially compromised”

A breach of the Kansas Department of Commerce may have given hackers access to millions of social security numbers, putting the department on the hook for credit monitoring services for all victims. The SSN’s had not been previously reported. The Kansas News Services obtained the information through an open records request.

Enjoy your read? Check out our other content here.

10Fold-Security Never Sleeps- 185

Dow Jones is the latest company to expose customer records on a cloud server

“2.2 million records left unsecured”

DowJones & Co. are the latest in a sequence of large firms to leave massive amounts of private customer data on unsecured cloud servers. Similar to the Verizon error recently, Dow Jones consumer data was found publicly in an Amazon Web Service S3 bucket discovered by Chris Guard of UpGuard Inc.

GhostCtrl malware silently haunts Android users, hijacking functionality

“Versatile remote access Trojan growing in infection”

Researchers have found GhostCtrl, a highly adaptable trojan malware that steals sensitive information and is capable of performing ransomware attacks. The backdoor is part of a massive campaign that involves RETADUP.A, according to Trend Micro.

A Single Extreme Cyberattack Could Cost the U.S. More than Hurricane Katrina

“U.S. Economy incredibly vulnerable”

An increase in global ransomware attacks has prompted Lloyds of London to publish a report on the state of danger that the U.S. faces in regards to cybersecurity. Published with Cyence, the report speculates that the U.S. stands to lose as much as $121.4 billion.

The best of Black Hat: The consequential, the controversial, the canceled

“Review of the acclaimed conference”

Black Hat has gained a reputation over two decades as a conference that demonstrates much of the cutting-edge research in information security and industry trends that began in Las Vegas and has extended to annual events globally. This year, the event also had its share of controversy stemming from last minute cancellations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 160

And Now a Ransomware Tool That Charges Based On Where You Live

“Fatboy making rounds on Crimeware forums”

Recorded Future has been monitoring malware and its effects in less developed nations, reporting the discrepancies between charges made on victims living in wealthier countries.

Software Download Mirror Distributes Mac Malware

“Distributes a RAT for Mac devices”

The download mirror server for HandBrake, a video converting tool, was recenty compromised to distribute a RAT to Mac computers. Security alerts were posted on the firms website, announcing that between Tuesday and Saturday of last week Mac users may have downloaded compromised software. HandBrake suggests all users verify any downloads before running them.  

Google Researchers Say They Found A ‘Crazy Bad’ Windows Bug

“Weaknesses observed in Edge and Internet Explorer browsers”

Many popular browsers and antivirus programs have weaknesses, recently reported by Project Zero. Natalie Silvanovich, former security researcher at BlackBerry, leaked the story via Twitter over the weekend.

Phishing Scams Cost American Businesses Half A Billion Dollars A Year

“Over 22,000 incidents in the last three years”

Since October of 2013 more than $1.6 billion has been scammed from American firms. All states have been affected, and there does not see to be any obserable trend in the specific type of firms targeted.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 122

Hospital info thief malware puts itself into a coma to avoid IT bods

“Healthcare specifically targeted by new Trojan software”

US healthcare organizations have growing concerns over a new malware that can avoid detection by activating a sleep mode for long periods of time. Security researchers project that several thousand groups since 2012 have been hit by what has been termed the ‘Gatak Trojan’ by Symantec, with over 40% of evets occurring within the healthcare sector. Once reactivated, the malware is capable of spreading extensively through the targets network.

Hackers Are Using MailChimp to Spread Malware

“Hackers upping malware distribution techniques”

Email newsletter service MailChimp has been co-opted by many spam and malware distributors to spread various malicious softwares. This is indicative of the ingenuity of those seeking to spread malware who take any opportunity to profit, and validate growing concerns of internet privacy.

Cyberspies Target Taiwan Government, Energy Sector

“’Tropic Trooper’ continues assault on national government”

Palo Alto Networks has reported on a largescale cyber espionage campaign directed towards the Taiwanese government and affiliated organizations. Trend Micro first observed the cybercriminal group in 2012, when Taiwanese officials and military institutions were attacked by the group. In accordance with the 2012 attacks, Trend Micro found that the malware Yahoyah was used to exploit the CVE 2012-0158 Microsoft Office vulnerabilities.

New Malware Lets Hackers Listen To Your Conversations Via Your Headphones

“New malware is capable of ultra-snooping on conversations”

Ben-Gurion University researchers have created “Speake(a)r,” a proof-of-concept code designed to display targeted computer audio and video systems regardless of accessory accessibility. The malware can activate alternative channels to turn on speakers and headphones, picking up vibrations and converting them into electromagnetic signals.

10Fold – Security Never Sleeps – 77

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Ransomware has become such a major threat to both consumers and enterprises that the United States and Canada recently issued a joint alert on this type of malware.  Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that’s used in many products. According to a new survey out by Osterman Research of some 200 enterprises, most organizations still don’t assess database activity continuously and lack the capability to identify database breaches in a timely fashion. Malicious actors have abused PowerShell and Google Docs to deliver a Trojan known as Laziok, FireEye reported on Thursday.

Ransomware: A Formidable Enterprise Threat – Publication: SecurityWeek- Reporter name: STAFF

Ransomware’s extortion-based business model, currently the latest major trend in the cybercrime industry, is marking a major change in the purpose and outcome of malware attacks and has become a major threat to consumers and enterprises alike. Almost unheard of a few years ago, ransomware attacks are making the headlines almost daily, with new malware families emerging nearly every week. This should not be surprising, as the underlining business model for cybercriminals it to hit as many victims as possible and monetize attacks before security researchers react and block their malicious activities.

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products – Publication: PCWorld- Reporter name: Lucian Constantin

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device. The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload. A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company’s Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device’s management interface.

 Databases Remain Soft Underbelly Of Cybersecurity  – Publication: DarkReading – Reporter name: Ericka Chickowski

The study, commissioned by DB Networks, found the top three database security issues among enterprises were tracking compromised credentials; the potential for the organization to experience a major data breach; and the inability of the organization to identify data breaches until it was too late to mitigate damage. At the most basic level, 59% of organizations admit they lack a high degree of certainty about which applications, users, and clients are accessing their databases. And 43% of organizations don’t even have a high degree of certainty about the number and types of databases residing in their IT infrastructure.

Attackers Use PowerShell, Google Docs to Deliver “Laziok” Trojan – Publication: SecurityWeek – Reporter name: Eduard Kovacs

Laziok, a reconnaissance tool and information stealer, was first spotted last year when a threat group leveraged the malware in a sophisticated multi-stage attack campaign targeting energy companies in the Middle East. Attackers exploited an old Windows vulnerability tracked as CVE-2012-0158 to drop the Trojan onto users’ systems. According to FireEye, attackers found a way to bypass Google’s security checks and uploaded the malicious payload to Google Docs. The malware was uploaded in March and remained there until Google was notified by the security firm.