Detail of a calendar page with dates

A week in security (Jul 10 – Jul 16)

Last week, we talked about bug poaching, revealed a novelty Pokemon GO scam bait, profiled a new Mac malware called Keydnap, and observed that the Neutrino EK just picked up momentum.

We also looked into several Pokemon GO survey scams and other potential physical dangers one may encounter when playing the augmented reality game with their mobile phones. We also discussed the persistence methods employed by Kovter, an infamous click-fraud malware, which also does its best to avoid detection and make analysis difficult.

Notable news stories and security related happenings:

  • Cerber Developers Release Alfa Ransomware. “According to security researcher BloodDolly, so far, there is not much known about this new file encrypter, for example, how this ransomware is distributed still remains unclear. Yet unfortunately, one thing is for sure – this ransomware shares one concrete feature with its counterpart Cerber Ransomware – the encryption cannot be broken at this time.” (Source: 360 Total Security Blog)
  • Covert Voice Commands Can Hack A Smartphone. “Watching kitten videos on YouTube mostly was a harmless activity until now:  computer scientists from Georgetown University and the University of California, Berkeley, have discovered that it’s possible to control a smartphone via covert voice commands hidden in something as seemingly benign as a viral video of tabbies playing in a cardboard box.” (Source: Dark Reading)
  • Playing Pokémon GO Can Lead To Unexpected Dangers. “But aside from these risks to the security of one’s device and the information on it, players are also risking their limbs and their lives. Gamers have been posting pictures online of hands and legs scratched, cut and bruised – engrossed in the game, they stopped caring about their physical surroundings and hit or tripped over things that they would otherwise easily avoid.” (Source: Help Net Security)
  • New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes. “Ransomware variants are multiplying like rabbits: while some are more sophisticated and tougher to combat, others are more about scamming than kidnapping. Take the new Ranscam malware discovered by Cisco’s Talos team, a low-tech but highly destructive attack that demands ransom from its victims but never returns them their files because it actually deleted them.” (Source: Dark Reading)
  • Attackers Steal 600K Records From Health Care Firms: Report. “A group of attackers infiltrated American health care institutions and stole at least 600,000 patient records and attempted to sell more than 3 terabytes of associated data, according to a report set to be released later this week from security firm InfoArmor. Andrew Komarov, chief intelligence officer at InfoArmor, told eWEEK that he informed the National Healthcare and Public Health Information Sharing and Analysis Center (NH-ISAC) about the attacks in May.” (Source: eWeek)
  • Big ‘Carding Gang’ Bust Announced By Europol: 105 Arrests Across 15 Countries. “Cybercrime gangs in the carding scene often have fingers in all of the abovementioned pies, so that they can co-ordinate all of the steps needed to cash out. That means they can organise the criminal process all the way from making realistic-looking card blanks, through acquiring stolen account details to encode onto the cards, to the final step of cashing out: turning stolen ‘cyberstuff’ into the cold, hard proceeds of crime.” (Source: Sophos’ Naked Security Blog)
  • Security Vs. Privacy: Is There Still A Conflict? “At a time of the global information security crisis, we often hear that in order to achieve stronger security against emerging threats, including terrorism and cyber attacks, we must accept less privacy. This should apply to our communications, financial transactions, and all other internet-powered activities. Many simply assume that more visibility and state control automatically translate into more safety.” (Source: The Hill)
  • Nation-backed Malware That Infected Energy Firm Is 1 Of 2016’s Sneakiest. “The malware contains about 280 kilobytes of densely packed code that, like a ninja warrior, cleverly and stealthily evades a large number of security defenses. It looks for and avoids a long list of computer names belonging to sandboxes and honeypots. It painstakingly dismantles antiviruses one process at a time until it’s finally safe to uninstall them. It takes special care when running inside organizations that use facial recognition, fingerprint scanners, and other advanced access control systems. And it locks away key parts of its code in encrypted vaults to prevent it from being discovered and analyzed.” (Source: Ars Technica)
  • Killing The Password: FIDO Says Long Journey Will Be Worth It. “The FIDO (formerly Fast Identity Online) Alliance is out to kill the password. It wouldn’t seem to be a tough sales job. There is little debate among security experts that passwords are a lousy, obsolete form of authentication. The evidence is overwhelming. Most people in spite of exhortations to use long, complicated passwords, to change them at least monthly and to avoid using the same one for multiple sites, don’t.” (Source: CSO Online)
  • Fiat Chrysler Launches Detroit’s First Bug Bounty Program For Car Hackers. “A year ago, car-security researchers Charlie Miller and Chris Valasek must have driven Fiat Chrysler into fits: they wirelessly took control of a Jeep Cherokee from 10 miles away, including its brakes, accelerator, radio, horn and windshield wipers. Fiat Chrysler went on to say that 10 of its vehicles were vulnerable to the hack, which had been carried out via a cellular network that leveraged the vehicles’ UConnect entertainment system.” (Source: Sophos’ Naked Security Blog)
  • The Value Of A Hacked Company. “Most organizations only grow in security maturity the hard way — that is, from the intense learning that takes place in the wake of a costly data breach. That may be because so few company leaders really grasp the centrality of computer and network security to the organization’s overall goals and productivity, and fewer still have taken an honest inventory of what may be at stake in the event that these assets are compromised.” (Source: KrebsOnSecurity)
  • Nearly 1 In 3 Consumers Victimized By Card Fraud. “The global fraud study of more than 6,000 consumers across 20 countries revealed that, compared to ACI’s 2014 benchmark study, card fraud rates—unauthorized activity on three types of payment cards (debit, credit and prepaid)—is on the rise worldwide. 14 out of the 17 countries surveyed both years reported an increase in card fraud between 2014 and 2016.” (Source: Help Net Security)
  • Congresswoman Introduces Revenge Porn Bill, Setting Max Penalty At 5 Years. “Representatives from Twitter and Facebook have also publicly supported the bill, which has been co-sponsored by Republican lawmakers from Florida and Pennsylvania. If the bill passes, it would exceed a similar law in the United Kingdom, which maxes out the punishment at two years.” (Source: Ars Technica)
  • Clever Tool Shields Your Car From Hacks by Watching Its Internal Clocks. “Car-hacking demonstrations tend to get all the glory in the security research community—remotely paralyzing a Jeep on the highway or cutting a Corvette’s brakes through its Internet-connected insurance dongle. But as the nascent automotive security field evolves, defensive tricks are getting cleverer, too. Now there’s a new prototype gadget that stops those vehicular attacks with an ingenious hack of its own.” (Source: Wired)
  • Rise In Brand Impersonation Exploits User Trust. “Bad actors are exploiting this kind of behaviour by impersonating retail brand profiles and taking advantage of URL shorteners by using these to mask malicious sites. URL shorteners deter users from scrutinizing URLs before clicking and the absence of URL transparency allows threat actors to take a user through a series of redirects before arriving at the intended destination potentially hosting malware or other unknown malicious content.” (Source: Help Net Security)
  • Hackers Steal Millions From ATMs Without Using A Card. “Police said several people wearing masks attacked dozens of ATMs operated by Taiwan’s First Bank on Sunday. They spent a few minutes at each of the machines before making off with the equivalent of $2 million stashed in a backpack. They didn’t use bank cards but rather appeared to gain control of the machines with a ‘connected device,’ possibly a smartphone, the police said in a statement Thursday. Authorities are now hunting the thieves, who they say came from Russia and eastern Europe.” (Source: CNN Money)
  • Fake Apps On Google Play Tricked Users Into Paying Instead Of Delivering Promised Followers. “Many malicious developers try to trick users into downloading their apps by creating the illusion of a useful application. They accomplish it by creating a very interesting app name and adding a bogus description that does not match the functionality of the application. ESET has discovered eight fake applications on Google Play that (falsely) promise to boost the number of followers on users’ social network profiles. Our security software is detecting these as Android/Fasurke.” (Source: ESET’s We Live Security Blog)
  • Locky Ransomware Gets Offline Encryption Capabilities. “The new development in Locky’s evolution, however, makes detection far more difficult, as it enters an offline encryption mode if all attempts to connect to the C&C fail. The change was observed on July 12 and ensures that the ransomware can still perform its nefarious operations even if its Internet connectivity was blocked, Avira researchers say. This behavior is similar to that of Bart ransomware, a piece of malware that emerged in late June and which was associated with the group behind Dridex and Locky.” (Source: Security Week)

Safe surfing, everyone!

The Malwarebytes Labs Team