Detail of a calendar page with dates

A week in security (Oct 02 – Oct 08)

Last week, we welcomed National Cybersecurity Awareness Month (NCSAM). At the same time, our CEO made an announcement: Malwarebytes will get tough on PUPs.

Our researchers also explained to readers what WMI hijackers are, provided a brief profile on a piece of malware called “Eko” that was affecting French-speaking Facebook users, and highlighted the problem of ruined save game files once users start hopping into game sessions of cheaters playing Earth Defense Force (EDF), courtesy of Malware Intelligence Analyst Christopher Boyd.

For Mobile Menace Monday and PUP Friday, we pushed out the following content: /blog/cybercrime/2016/10/mobile-menace-monday-youve-been-infected-or-have-you/ /blog/threat-analysis/2016/10/pup-friday-lets-talk-generic/

Below are notable news stories and security-related happenings:

  • Watch Out Gamers: Hacked Steam Accounts Distributing Malware. “Previously we informed our readers about the hacking of Steam accounts. Now a Reddit user is claiming that some of these hacked accounts are distributing malware. The user on Reddit who goes by the alias Hayaddict can be seen alerting about the hacked Steam accounts being used to SPAM malicious URLs. Steam chat is the primary platform used for the distribution of this new malware. The chat messages contain a link to a video available at this address: videomeo[DOT]pw. As soon as the recipient of this message visits this page, another message window pops up requesting the visitor to download a Flash Player update to watch the video.” (Source: HackRead)
  • How Tweens Get Recruited  To Become Hackers. “He calls it ‘wasted talent’. Gifted 13-year-olds or children as young as 10 are getting involved in cybercrimes, thinking it is cool among peers, said Mr Steven Wilson, head of the European Cybercrime Centre at Europol. Their career path often begins with a simple hack. And then it escalates when teens realise they can make money out of it.” (Source: The New Paper Online)
  • Major Smartphones Are Vulnerable To Hacking Threat Called “Video Jacking”. “Aries Security, a cyber-security company, claims that every major smartphone such as the iPhones, Samsung Galaxy and Google’s Nexus when plugged into public charging stations are vulnerable to the hacking threat called ‘video jacking.’ According to security experts, many airports, convention centers and public places that offer free charging stations, complete with different cables to charge a variety of smartphones are vulnerable to hacking, as hackers could rig those stations to watch every move you make while connected to the charging station.” (Source: Plug In Europe)
  • Hacker Linked To MySpace, LinkedIn Dumps Hacks Competitor. “The digital underground is full of fragile alliances, backstabbing, and full-blown rivalries. On Sunday, Peace, a hacker linked to the MySpace and other large scale data breaches, compromised the site of another hacker, allegedly in response to scamming. The victim is w0rm, a hacker who has previously targeted news organisations, and who sells stolen data on his own black market site. The episode highlights the lengths cybercriminals are willing to go to police their own trade of stolen data, and punish supposed scammers.” (Source: Motherboard)
  • Hutton Hotel Removes Unwanted Malware Guest. “The long sorted list of companies that have had their payment systems has added a new victim to it’s ranks. This past Friday the upscale Hutton Hotel, a stones throw from Vanderbilt University in Nashville, disclosed that their payment processing systems in their hotel had been compromised by ne’er do wells. I think we have arrived at the point where companies that have payment systems that have not been reviewed should assume that they’re compromised until proven otherwise. A dour assessment of things. But, when you consider that companies like Hard Rock, Target and even Trump Hotels (twice) suffered similar compromises it really leads one to assume that this is an activity required for any information security team.” (Source: CSO)
  • AMAZON WARNING: Online Retailer Sparks Security Fears In Customer Password E-mail Alert. “ONLINE retailer Amazon has sparked a flurry of activity after sending out an e-mail to a number of customers telling them their data has been leaked. But the company says that the data breach which includes e-mail addresses and passwords was not due to a computer hack. Instead they claim that they discovered that their own customers details were possibly leaked online by unknown sources.” (Source: The Express UK)
  • Johnson & Johnson Says Insulin Pump ‘Could Be Hacked’. “Pharmaceutical firm Johnson & Johnson has warned that one of its insulin pumps for diabetics is at risk of being hacked, causing an overdose. The firm said the vulnerability concerned its OneTouch Ping pump which is only sold in the US and Canada. However, it told the BBC there had been no reported attacks and the risk was ‘extremely low’.” (Source: The BBC)
  • Why The Older Generation Is An Attractive Target For Cybercriminals. “People aged 55 and over are behaving insecurely online and often become the victim of fraud, according to Kaspersky Lab and B2B International. The survey questioned 12,546 Internet users across the globe and the results suggest that the older generation is actually a very attractive target for cybercriminals. When they are online, many over-55s shop, bank and communicate with loved ones without effectively protecting themselves, and the things that are most important to them, from cybercriminals.” (Source: Help Net Security)
  • Cultivating A Culture Of Information Security. “Data flows through every organisation and is used by everyone in some shape or form. So in the context of today’s sensitive security landscape, it is more important than ever to keep data protection a top consideration so that it can be tackled effectively. However, encryption technology, firewalls and other tactics can only go so far to protect an organisation’s data; an information security culture is just as important, if not more so.” (Source: Information Age)
  • Forget A Cyberwall, You’re Going To Get Hacked, Say Security Execs. “Etsy, the online crafts marketplace, now has 2 million sellers doing business on its platform, and nearly 30 million buyers. As for any company, cybersecurity is a high priority. Contrary to many companies, and the way many people think about cybersecurity, Etsy doesn’t focus primarily on building a bigger, impenetrable wall. Rather, they focus on monitoring and reacting to breaches quickly. The wall has its uses, of course, but they view it as an incomplete solution.” (Source: CNBC)
  • Why Do We Have A National Cyber Security Awareness Month? “National Cyber Security Awareness Month (NCSAM) was first observed in 2004 after the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS) created it. This event has now been active since 2004 and through its initiatives, it is designed to help all Americans be safe and secure online. The need for improved cyber security among both children and adults is very great. Even President Obama stated in a 2014 presidential proclamation: ‘Cyber threats pose one of the gravest national security dangers the United States faces.'” (Source: In Homeland Security)
  • Apple To ‘Do A Windows 10’ By Pushing Out Mac OS Automatically. “According to all-things-Apple commentator Jim Dalrymple, the Cupertino company is about to follow in Microsoft’s footsteps…by ‘pre-downloading’ the latest version of the company’s Mac operating system, Mac OS 10.12 Sierra, in the background. The idea is to make it more appealing to upgrade, because you won’t have a 5GB download to wait for first before you can kick off the installation.” (Source: Sophos’s Naked Security Blog)
  • Multi-Purpose ‘Floki Bot’ Emerges As New Malware Kit. “Floki Bot involves an interesting dropper method – the method in which the malware accomplishes process injection. In order to frustrate anti-virus detection measures, Floki Bot injects its decompressed payload leveraging the portable executable (PE) loader API call known as ‘NtReadVirtualMemory,’ then decrypts it into a parent process. Based on the Floki developer’s testimony, this technique allows the malware to bypass anti-virus detection – so much so that Floki bot claims this dropper has a 70 percent execution success rate. By contrast, Floki bot asserts that ZeuS’s execution rate was only 30 percent.” (Source: Flashpoint Blog)
  • Warning! Just Opening A JPEG 2000 Image File Can Get You Hacked. “A zero-day flaw in the JPEG 2000 image file format has been discovered by the security experts at Cisco Talos group. The JPEG 2000 is often used to embed images in the PDF documents. This vulnerability affects the image file format parser implemented in OpenJPEG library. OpenJPEG is an open-source JPEG 2000 codec written in C language. This revelation has been made in a security advisory published by Talcos.” (Source: FossBytes)
  • Homeland Security Warns Certain Huawei Devices Vulnerable To DDoS. “If there is a reason to stay up to date with the latest software updates and patches, it would be for security. Granted not every patch is exciting as sometimes there are no new features, but security is important and generally speaking they should be installed as soon as possible, otherwise you could leave your devices open to attack.” (Source: Ubergizmo)
  • Exploit Kits Take Cyberattacks To The Masses. But They’re Preventable. “Exploit kits are a popular method for criminal groups to compromise victims’ systems, as they provide a stealthy way to infect hosts, they’re automated (making them easy to use), and they can be rented or sold to other malicious actors for thousands of dollars a day. In fact, an entire ecosystem has come into being around exploit kits, creating a booming black market for renting the malicious tools, as well as for freelance groups who use exploit kits to provide an “Infection as a Service” model to less-technical customers.” (Source: Security Week)
  • A Closer Look At Data Breach Preparedness. “While most organizations have a data breach preparedness plan in place, executives are not updating or practicing the plan regularly and lack confidence in its effectiveness, according to a study by the Ponemon Institute. The fourth annual study shows that data breach preparedness certainly is on companies’ radar, and having a response plan in place is par for the course. The number of organizations with a plan increased from 61 percent in 2013 to 86 percent in 2016.” (Source: Help Net Security)
  • US NIST Warns Security ‘Fatigue’ is Putting Users at Risk. “A reluctance to deal with computer security is putting users in danger online as they take unnecessary risks due to general fatigue with things like passwords, according to a new NIST study. The US standards body uncovered feelings of resignation, loss of control, fatalism, risk minimization, and decision avoidance in its interviews with a range of ordinary computer users aged between 20 and 60-years-old.” (Source: InfoSecurity Magazine)
  • Passwords Are The Weakest Link In Cybersecurity Today. “Last month’s news of the devastating breach at Yahoo stunned even the most seasoned security experts, given its impact on more than 500 million individuals. Somewhat lost in the news of this attack and others including the U.S. Office of Personnel Management, Anthem, and the Democratic National Committee is that the impact of each of these breaches cannot be viewed in isolation. Rather, each is one node in a much bigger effort.” (Source: CNBC)
  • Attackers Can Use Legit Webcam Sessions To Spy On Mac Users, Researcher Warns. “The little LED light on Mac laptops that switches on when the webcam is in use makes it hard for attackers to spy on Mac users without alerting them to the fact. But that doesn’t mean it is impossible for someone to use the camera to secretly record video and audio anyway. Patrick Wardle, director of research at Synack and a former NSA analyst this week described a method that attackers could use to secretly watch Mac users by piggybacking on legitimate user-initiated Skype, FaceTime or other webcam sessions.” (Source: Dark Reading)
  • New FastPoS PoS Malware Implements A ‘Quickly And Dirty’ Approach To Steal Card Data. “Christmas is approaching, and the experts are already at work, including the authors of PoS malware that at that time maximize their profits. The criminal group behind the FastPoS PoS malware have updated its malicious code to improve the efficiency of stealing credit card data from infected systems ahead of the festive season.” (Source: Security Affairs)
  • Ransomware Becomes Main Threat On Android In Several Countries. “Android users, beware. Ransomware for your smartphone is picking up – it’s now the main threat in the US, UK, Germany, Denmark and Australia, in the first half of 2016. These are the figures from security organisation BitDefender, whose report claims the Android SLocker ransomware family accounts for almost half of all mobile malware reported by infected devices in the first half of 2016 in Denmark.” (Source: IT Pro Portal)

Safe surfing, everyone!

The Malwarebytes Labs Team