A Week in Security (Apr 05 - 11)

A Week in Security (Dec 06 – Dec 12)

Last week, we touched on Tunecore’s breach, a phishing attempt at Lloyd’s bank, and a deeper look at the Chimera ransomware.

We also took a dive at several malvertising campaigns spotted in real-time in-the-wild: one had hit the popular video streaming site, DailyMotion to serve up the Angler exploit kit (EK); the other involved a campaign that senior security researcher Jérôme Segura had observed involving a certain domain that directs to a Nuclear EK pushing out ransomware.

Lastly, we discussed a couple of pieces of malware that were targeting Steam traders, particularly those dealing with gun skins within the CS:GO community.

Notable news stories and security related happenings:

  • The Enterprise Strikes Back: Finding a New Hope in the Fight against Data Breaches. “In ‘Offense Informs Defense: Minimizing the Risk of a Targeted Attack,’ an upcoming session at ALM’s cyberSecure event, security experts Eduardo Cabrera and Pamela Passman will shed light on the people and motivations behind hacks, how attacks work, and the information that hackers want to steal.” (Source: Legal Tech News)
  • A Search Engine for the Internet’s Dirty Secrets. “Those behind Censys and Shodan can agree that making it easier to ferret out flaws in the Internet should make it more secure. Matherly says his tool has led to over 100,000 industrial control systems being properly secured and helped with the shutdown of numerous servers used by criminals to control malware.” (Source: MIT Technology Review)
  • “Backstabbing” Malware Steals Mobile Backups Via Infected Computers. “In this day and age, our mobile devices carry more personal and business information than any other electronic device. Is it any wonder, then, that attackers want to have access to them? But sometimes they can’t find a way in, and opt for the second-best option: stealing mobile backup files from the victims’ computer.” (Source: Help Net Security)
  • Windows’ Nemesis: Pre-boot Malware Pwns Payment Processors. “Cybercrooks targeting payment card data have developed a sophisticated malware that executes before the operating system boots. Security researchers at FireEye / Mandiant came across the rarely seen so-called bootkit technique during a recent investigation at an organisation in the financial transaction processing industry.” (Source: The Register)
  • Average Age of Cyber-attack Suspects Drops to 17. “The average age of suspected cyber-attackers has dropped dramatically to just 17, the National Crime Agency has said. Experts believe the “kudos” of committing crime lures teenagers on to the wrong side of the law, and pranks used in online gaming can spiral out of control.” (Source: The Guardian)
  • Attackers are Building Big Data Warehouses of Stolen Credentials and PII. “According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.” (Source: CSO Online)
  • Facebook hoax alert! No, Mark Zuckerberg is not giving $4.5m to people like YOU and ME. “Here are some clues that this is one is bogus: First, it might remind you of a hoax about Facebook donating money for a boy’s life-saving surgery after he got shot while saving his sister from a rapist… … Money to be donated based on the number of times the message was shared, that is.” (Source: Sophos’s Naked Security Blog)
  • 100,000 Laptops and Phones Left in UK Bars Each Year. “UK bars guzzle up a staggering 138,000 mobile phones and laptops each year, and alarmingly 64 percent of the devices do not have any security protection installed, which means anyone can gain access to the contents they hold.” (Source: Help Net Security)
  • The Problem with Email: The Security and Challenges of Corporate’s Favorite Communication Method. “Email practices are one of the most vexing and pressing concerns for companies. Even though other media are now being adopted, email is still the primary method of business communication. Unfortunately, it also creates inefficiencies and presents tremendous cybersecurity risks.” (Source: Legal Tech News)
  • Airline Customers’ Data Exposed by HTTPS Hole – Report. “Serious security holes have been found in the mobile sites and apps of several big name airline and rail companies, exposing payment data and sensitive personally identifiable information (PII). Security vendor Wandera notified 16 companies including easyJet, Chiltern Railways, Aer Lingus, AirAsia and Air Canada—although its investigation is still ongoing.” (Source: InfoSecurity Magazine)

Safe surfing, everyone!

The Malwarebytes Labs Team