A Week in Security (Apr 05 - 11)

A Week in Security (Sep 13 – Sep 19)

Last week, we brought you another exciting news! V3.co.uk shortlisted Malwarebytes for their annual V3 Technology Awards. You can read more about it on this feature post.

We also touched on tax credit refund fraud, a roundup of fake system infection sites, DNS hijacking, a creative fake Disney spam on Facebook, and WhatsApp stickers. We even gave our blog readers an overview of what Malware Intelligence Analyst Christopher Boyd will be presenting at IRISSCON 2015 this coming November.

Researchers from Malwarebytes Labs discovered and profiled some interesting finds. Malware Intelligence Analyst Jovi Umawing documented a fake Amazon phish campaign targeting UK clients. We also saw back-to-back instances of malvertising operations that are both interesting and conniving, thanks to Senior Security Researcher Jérôme Segura. According to our telemetry data, one campaign almost went unnoticed due to the bad guys being forced to come up with sneakier tactics to lure Internet users to exploit kits (EKs), particularly Angler. The second campaign involved a multi-stage delivery of an Adobe Flash EK via a “seemingly benign” XML file.

Notable news stories and security related happenings:

  • Smartwatch Sensors can be Used to Eavesdrop on the Keys You’re Typing. “Researchers have shown that a smartwatch’s motion sensors can be used to detect what keys you’re pressing with your left hand (or whatever hand the watch is on) and thus guess at the words you’re typing. Their findings suggest that it’s possible for cybercrooks to come up with an app that camouflages itself – for example, as a pedometer – and use it to track what someone types.” (Source: Sophos’s Naked Security Blog)
  • Most DDoS Attacks Hiding Something More Sinister, Neustar Warns. “Most distributed denial of service (DDoS) attacks now appear to be aimed at distracting IT and security teams, a survey by communications and analysis firm Neustar has revealed.” (Source: Computer Weekly)
  • Heartbleed is Far from Dead. 200,000+ Vulnerable Devices on the Internet. “After all the hullabaloo about Heartbleed, and the action taken by many IT professionals in the wake of the Heartbleed announcement, you would like to think that almost 18 months later the problem has gone away. (Source: Graham Cluley’s Blog)
  • Online Extortionists Reset Android PINs, Take Data on Virtual Drives Hostage. “The attack has been spread in typical fashion – disguised as an Android app called “Porn Droid” that claims to be an X-rated video streaming utility. With Porn Droid installed, the malware then attempts to seize admin privileges by displaying a bogus “Update Patch Installation” dialog.” (Source: Lumension Blog)
  • Windows XP Still Running on a Third of Business, Public Sector PCs in Some Eastern European Countries. “Ukraine leads the nostalgic group. Windows XP runs on 41.2 percent of business and public computers that use Bitdefender’s antivirus software. Hungary follows with 37.5 percent, while Romania ranks third with 34 percent.” (Source: ZDNet)
  • Cisco Routers Vulnerable to New Attack, Cyber Firm FireEye Says. “Security researchers say they have uncovered previously unknown attacks on the core devices used to route traffic around the Internet, allowing hackers to harvest vast amounts of data while going undetected by existing cybersecurity defences.” (Source: Reuters)
  • Cyberinsurance: Protective or Perilous? “While it’s not a replacement for IT security, cyber-insurance creates a second line of defense to mitigate cyber incidents. But it can also pose new problems.” (Source: Legal Tech News)
  • New Android Lockscreen Hack Gives Attackers Full Access to Locked Devices. “The hack involves dumping an extremely long string into the password field after swiping open the camera from a locked phone. Unless updated in the past few days, devices running 5.0 to 5.1.1 will choke on the unwieldy number of characters and unlock, even though the password is incorrect. From there, the attacker can do anything with the phone the rightful owner can do.” (Source: Ars Technica)
  • 230,000 New Malware Samples Detected Each Day. “PandaLabs has confirmed a record increase in the creation of new malware samples. In the second quarter of 2015 alone there were an average of 230,000 new malware samples detected each day, which means a total of 21 million new types in these three months.” (Source: Help Net Security)
  • Users Want Data Leakers Hit by Fines and Compensation Claims. “The channel should be at the forefront of leading efforts to encourage users to get on top of data breaches as users express frustration with current situation.” (Source: MicroScope)
  • Bug in iOS and OS X Allows Writing of Arbitrary Files Via AirDrop. “There is a major vulnerability in a library in iOS that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog.” (Kaspersky’s ThreatPost)
  • Hackers Target Google Webmaster Tools to Prolong Website Infections. “Hackers who compromise websites are using additional measures to prevent legitimate owners from detecting the presence of malicious or spam content that is inserted into their sites, according to a report by security vendor Securi.” (Source: Fierce IT Security)
  • Backdoored Business Routers An Emerging Threat. “The implant is basically a clandestine modification of the router’s lOS image and allows attackers to maintain persistence on a compromised system even through reboots, FireEye said. The vendor described the implant as fully modular and customizable in design and capable of being remotely updated after installation.” (Source: Dark Reading)
  • Significant Threats to Data Security Lurk Within, Professionals Say. “According to a recent investigative report on data breaches1, an estimated $400 million has been lost from a predicted 700 million compromised records in 2015. So which security controls are the most important in thwarting cyber crime against businesses? Anti-malware? Physical security? Believe it or not, according to a recent survey, PEOPLE are a main concern.” (Source: Business Wire)
  • What Happens When the Hackers Get Hacked: Inside the Hackers-for-Hire Business. “Evaluating data from the Hacking Team breach does, however, provide a fascinating glimpse into the world of professional hackers. From the nuts and bolts of attack vectors to the technical infrastructure of the RCS spying tool itself, there are some key learning points enterprise security professionals should take away from the Hacking Team incident.” (Source: Information Age)
  • China will Work with U.S. on Hacking, Defend Its Interests: Official. “Obama told executives on Wednesday the United States had emphasized to China that industrial espionage in cyberspace would be considered an “act of aggression”, and called for an international framework to prevent the Internet from being “weaponized”.” (Source: Reuters)
  • Error Exposes 1.5 Million People’s Private Medical Records on Amazon Web Services. “Police injury reports, drug tests, detailed doctor visit notes, social security numbers—all were inexplicably unveiled on a public subdomain of Amazon Web Services. Welcome to the next big data breach horror show. Instead of hackers, it’s old-fashioned neglect from companies managing data that exposed your most sensitive information.” (Source: Gizmodo)
  • Active Malware Campaign Uses Thousands of WordPress Sites to Infect Visitors. “The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post. The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit, which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor.” (Source: Ars Technica)
  • Australia a Top-10 Attacker as Cybercrime Target Mobile-Commerce Growth. “The latest ThreatMetrix Cybercrime Report, which reflects the flow of more than 1 billion global transactions transiting the company’s ThreatMetrix Digital Identity Network per month, painted a sobering picture of the changing threat facing CSOs as they try to ensure that increasingly flexible methods of data and systems access don’t compromise underlying security controls.” (Source: CSO – Australia)
  • The New Art of War: How Trolls, Hackers and Spies are Rewriting the Rules of Conflict. “Cyberwar isn’t going to be about hacking power stations. It’s going to be far more subtle, and more dangerous.” (Source: TechRepublic)

Safe surfing, everyone!

The Malwarebytes Labs Team