A Week in Security (Apr 05 - 11)

A Week in Security (May 03 – May 09)

Last week, our researchers talked about exploit kits, malvertising, PUPsRombertik, and then some.

We took a look at the Fiesta EK, highlighting its new format, and how it has been wreaking havoc within SubTorrents, a notably popular torrent download site in Spain and Latin America, and affecting its users. We’ve also noted a dozen or so adult-related sites serving malicious ads that lead to exploits taking advantage of vulnerabilities in the Adobe Flash Player.

We spotted a fake GOG Galaxy client being downloaded and installed from a shady source. Gamers were advised to be wary immediately after GOG announced that their gaming client was now in open beta.

Recently, we also reached out to the admins behind Celine Dion’s official website to report of an attempt to lead other visitors to a supposed “free streaming sports site” that may be suspicious at best and phishing for info at worse. It wasn’t an issue of site compromise; rather, it was about a user registered to the site only to post spam.

Speaking of compromise, a government site based in Vietnam was broken into to serve a phishing page after Apple IDs.

Lastly, for those new in information security terminologies, we discussed what “malware” is and how it was defined against “virus”.

Notable news stories and security related happenings:

  • Lack of Patching Leaves Maritime Sites Open to Remote Control Risk. “CyberKeel, which focuses on cyber security in the maritime sector, has warned a number of important shipping websites could be taken over easily by hackers.” (Source: Splash 24/7)
  • CyberGirlz: Middle-School Girls Learn the Art of Cybersecurity. “The event at San Jose State was a chance for 50 South Bay middle school girls to show off what they’ve learned the past few months from a program designed to train and inspire them to eventually make a living nabbing cyberthieves.” (Source: Mercury News)
  • Increased Encryption a Double-Edged Sword. “While there isn’t much the DHS and the NSA can do to stem the spread of encryption, enterprises can take steps to ensure that encryption is benefiting the organization and not their enemies.” (Source: CSO Online)
  • Social Media Giants are Not the Privacy Monsters You Think They are: Deloitte. “Australians distrust the social media industry – spearheaded by multi-billion dollar brands Facebook, Twitter and YouTube – more than any other, when it comes to the handling of their private data, research shows. But against popular opinion, Deloitte’s inaugural Australian Privacy Index ranked social media as the third best performing industry when it came to transparency, regulatory change and governance around privacy, beating the insurance, energy and telecommunications industries.” (Source: The Sydney Morning Herald)
  • Microsoft Bangs the Cybersecurity Drum with Advanced Threat Analytics. “Microsoft announced a raft of security and data protection software on the first day of its Ignite conference. The company said that attacks on companies were increasingly using legitimate tools: organizations are being compromised through access made with valid (albeit stolen or otherwise compromised) user credentials, rather than malware, with a Verizon report saying that more than 75 percent of breaches occur this way.” (Source: Ars Technica)
  • Crimeware Infects One-Third of Computers Worldwide. “The APWG reports that during the 4th quarter of 2014, a record number of crimeware variants were detected, a strategy of overwhelming proliferation of variations designed to defeat antivirus software. Meanwhile, phishers increasingly targeted retail and service sites, hoping to take advantage of the burgeoning numbers of online shoppers.” (Source: Help Net Security)
  • Cybercriminals Borrow from APT Playbook in Attack Against PoS Vendors. “This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market. A recent example of such behavior was seen in a cybercriminal attack against vendors of point-of-sale systems that researchers from RSA documented last week.” (Source: CSO Online)
  • Spearphishing: A New Weapon in Cyber Terrorism. “Spear phishing and its evolutions like the watering hole attack represent one of the most insidious attack techniques adopted by the majority of threat actors in cyber space. According to the experts at Trend Micro security firm, spear phishing is the attack method used in some 91 percent of cyber attacks.” (Source: InfoSec Institute)
  • Lenovo Patches Vulnerabilities in System Update Service. “Researchers at IOActive yesterday disclosed details on a trio of security issues related to the mechanism by which Lenovo machines are sent security and feature updates; Lenovo is the world PC leader, according to Gartner, with almost 20 percent of market share.” (Source: ThreatPost)
  • Why Would The Chinese Hack Your Health Care Account? Why Would Anybody? “Not to commit fraud, but to steal information as they build their own healthcare system. But not all healthcare hacks are acts of cyber-espionage. Indeed, good old-fashioned fraud does still drive a lot of it. And these days, on the Internet black market, your medical records are worth way more than your credit card.” (Source: WGBH News)
  • Apple Users Hit With KYC Validation/ICloud ID Review Phishing Scam. “A fake email supposedly sent by ‘Apple Genius Assistance’ informs that users need to review their Apple ID information within 2 days because Apple wants to perform account verification as per “KYC legislation.” Don’t fall for it — It’s a phishing scam.” (Source: HackRead)
  • Actively Exploited WordPress Bug Puts Millions of Sites at Risk. “Millions of websites running WordPress are at risk of hijacking attacks thanks to a vulnerability that is actively being exploited in the wild and is present in the default installation of the widely used content management system, security researchers warned Wednesday.” (Source: Ars Technica)
  • More Evidence that Employee Negligence is Security Risk No. 1. “The BakerHostetler Data Security Incident Response Report. This survey shows that “companies cannot eradicate security risk solely through the use of better technology,” the report authors said.  Technical security solutions do not stop employees from being phished, nor prevent IT staff from failing to review logs or improperly configuring servers.” (Source: GCN)
  • Ad Network Compromised, Users Victimized by Nuclear Exploit Kit. “MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, and Australia.” (Source: Trend Micro Security Intelligence Blog)

Safe surfing, everyone!

The Malwarebytes Labs Team