Detail of a calendar page with dates

A week in security (Nov 06 – Nov 12)

Last week, we observed that fake pharma sites are getting obnoxious, homed in on Floki Bot and its stealthy dropper, and (hopefully) reassured our readers that, although they may be affected with ransomware, it’s not game over yet.

Senior threat researcher Jérôme Segura also pushed out a fall review on exploit kits, with the main premise that the “new” kits actively being used are not really new, per se, but variants or highly specialized versions of their predecessors.

For our Mobile Menace Monday post, you may visit this page:


Below are notable news stories and security-related happenings:

  • Watch Out! A New LinkedIn Phishing Campaign Is Spreading In The Wild. “Phishing attacks continue to be a serious threat, crooks exploit paradigms such as social media platforms and mobile in the attempt of stealing sensitive data. According to 2015 Verizon Data Breach Investigation Report, 23% of email recipients open phishing messages and 11% click on malicious attachments … and this is just the tip of the iceberg. Experts at Heimdal Security reported a recent LinkedIn scam aiming to collect confidential information from unsuspecting users.” (Source: Security Affairs)
  • AVG Wants Your Home Router to Fight Internet of Things Malware. “The internet of things is totally broken. Amateur hackers have managed to build huge botnets of compromised devices, and many of these machines are difficult or near-impossible for manufacturers to remotely keep up to date. But there’s another way to keep internet of things hackers at bay: by making your router, which typically handles all of your home’s incoming and outgoing internet traffic, stop malware from communicating with its owner. That’s what anti-virus and security company AVG wants to do with its Chime operating system, which comes bundled with certain routers.” (Source: Motherboard)
  • Human Skills Are Essential In Battle Against Cyber Crime. “In the digital world of cyber crime, it might seem odd to refer to a now old-fashioned figure such as Columbo, the bumbling and disheveled TV detective known for his crumpled raincoat and half-finished cigar who was always asking suspects ‘Just one more thing’. But as security experts battle the increasingly sophisticated methods of today’s hackers, experts say that the police lieutenant’s human investigative skills and insight are as important as software, data analysis and artificial intelligence in fighting crime.” (Source: The Financial Times)
  • FCC Ushers In A Troublesome New World For Online Privacy. “In late October, the Federal Communications Commission passed new rules that take the unprecedented step of imposing stricter privacy regulation on one specific set of actors in the Internet ecosystem. Along party lines, the FCC voted to impose onerous limitations on Internet service providers’ use of web browsing information without regard to whether the information is sensitive or not, which differs greatly from the guidelines governing all other online companies, like search engines and mobile apps.” (Source: TechCrunch)
  • Google To Patch Chrome Mobile Hole After Bank Trojan Hits 318k Users. “An Android Chrome bug that’s already under attack – with criminals pushing banking trojans to more than 300,000 devices – won’t get patched until the next release of the mobile browser. The flaw allows malware writers to quietly download Android app installation (.apk) files to devices without requiring approval. Users need to install the banking trojan apps and tweak settings to allow installation of apps from stores other than Google Playto be infected; however, attackers increased the likelihood of compromise by using the titles of popular Android apps such as Skype, MinecraftPE, and WhatsApp.” (Source: The Register)
  • Why A Reactive Security Strategy Costs Companies Millions Each Year. “The Internet is both a blessing and a curse for businesses. While it opens up new markets that would have simply been unavailable decades ago, it also brings threats that, if not countered, can cost those companies millions, or even billions, of dollars. As new threats arise, businesses scramble to identify them and put up defenses against those threats. From the Love Bug and Code Red worms in the early 2000s to 2010’s Stuxnet, each appears without warning and wreaks havoc upon unsuspecting businesses. With each new threat, digital security companies are learning to react more quickly and put out countermeasures for these malicious programs, but in the time between a piece of malware’s release into the wild and the release of the solution, it can cost companies a staggering amount of money.” (Source: CTO Vision)
  • Regulators Could Fine Tesco Bank Over Cyber Attack. “Tesco could be potentially be hit with a multi-million pound fine by City regulators in the wake of an unprecedented attack on its banking arm that saw money taken from about 20,000 current accounts. The lender was plunged into chaos and was forced to suspend all online transactions from current accounts after it detected online criminal activity over the weekend.” (Source: The Telegraph)
  • Securing Black Friday Sales: Is Your Business Ready? “Black Friday is the day following Thanksgiving Day in the US, well-known for a variety of promotional sales. These are dependent on Internet connections working, servers coping with demand, in-store bandwidth holding up for transaction processing, and more. Both in-store and online, Black Friday sales are dependent on technology. Industry leaders offer Help Net Security readers tips to secure their networks during the busy shopping season.” (Source: Help Net Security)
  • New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices. “Imperva is the latest security company to offer a free scanner to detect Internet of Things devices infected with or vulnerable to Mirai malware, the malicious code behind the massive distributed denial-of-service (DDoS) attacks on DNS provider Dyn. The Mirai botnet army of IoT devices quickly gained notoriety earlier this year following major DDoS attacks on KrebsOnSecurity in September. The perpetrator released the Mira code publicly, and the malware was later used in the assault on Dyn, which led to the shutdown of prominent websites including Okta, CNN, Twitter, and Pinterest.” (Source: Dark Reading)
  • Carnegie Mellon Researchers Visualize Way To Fend Off DDoS Attacks. “Following the massive DDoS attack that last month that targeted DNS provider Dyn and temporarily knocked Twitter, Netflix and other big names off the Internet, we were bombarded with pitches from vendors begging to offer their expert opinions on the matter while extolling the virtues of their solutions that naturally would have safeguarded organizations. Now, a couple of weeks later, Carnegie Mellon’s CyLab Security and Privacy Institute too is touting research that it says shows that the tools really needed to stymie such attacks are on the way. Somehow, this seems more believable than some of the all-to-eager vendor claims, though it doesn’t appear the tools will quite be ready to fly for imminent DDoS attack candidates, such as 2016 U.S. Presidential Election-related sites and Black Friday 2016 websites.” (Source: Network World)
  • Why Senior Managers Are The Most Dangerous Negligent Insiders. “Hardly a day goes by that there isn’t news of another vulnerability, another attack, another patch — and often the biggest, baddest of its kind. You’d think we’d all be on hyper alert, but that is far from the case. Instead, pleas for compliance with data security basics fall on deaf ears. Here’s why: employees, including senior managers and business owners, don’t assume personal responsibility for security.” (Source: CSO)
  • Stay Vigilant To The Evolving Threat Of Social Engineering. “Little did you know, but your great-great-great-grandparents owned a lucrative mining operation in Nigeria and a law firm in Lagos has been trying to track you down for the past five years to appropriate your inheritance. You probably haven’t seen an email like this for the past few years, but a quick look in your spam folder will still reveal endless 419 scams. Spam filtering technology has made huge improvements, but just because your inbox isn’t flooded with promises of lost lottery gains doesn’t mean you’re no longer at risk from a social engineering attack. If anything, these threats are evolving with twists and turns designed to take advantage of the main cause of data breaches — you. As IT systems gain more sophisticated defenses, it’s difficult to defend against layer-eight threats.” (Source: Dark Reading)
  • IoT Worm Can Hack Philips Hue Lightbulbs, Spread Across Cities. “Researchers have developed a proof-of-concept worm they say can rip through Philips Hue lightbulbs across entire cities – causing the insecure web-connected globes to flick on and off. The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction, exploits hardcoded symmetric encryption keys to control devices over Zigbee wireless networks. This allows the malware to compromise a single light globe from up to 400 metres away. The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction, exploits hardcoded symmetric encryption keys to control devices over Zigbee wireless networks. This allows the malware to compromise a single light globe from up to 400 metres away.” (Source: The Register)
  • Google Safe Browsing Goes After Repeat Offenders. “Once Safe Browsing determines that a site is a ‘Repeat Offender,’ its webmaster will have to endure the classification and alert for 30 days at least, as he or she won’t be able to request a review of it via the Search Console. They will be notified about it, though, via the email address they registered on the Search Console.” (Source: Help Net Security)
  • Why Are Skype Accounts Getting Hacked So Easily? “If you’ve received a weird message on Skype with a link to Baidu or LinkedIn recently, you’re not alone. In the past couple of weeks, I’ve received spam links to Baidu from six of my Skype contacts, one of whom works for Microsoft’s PR agency and another is a former Microsoft employee. All were surprised to see their accounts breached, and some believed they were protected by Microsoft’s two-factor authentication. That wasn’t the case, though. A thread on Microsoft’s Skype support forums reveals this has been occurring to hundreds of Skype users since at least August. Breached Skype accounts are used to send thousands of spam messages before they’re locked and the owners have to regain access. Skype has fallen victim to similar attacks before, and hackers were able to spoof messages on the system last year after using lists of stolen usernames and passwords to gain access to accounts.” (Source: The Verge)
  • OPM-themed Ransomware Targets U.S. Government Workers. “A ransomware campaign designed to target U.S. government workers and employees of federal contractors flooded thousands of email inboxes. Each email contained a malware-laden attachment and was written to appear like it came from the Office of Personnel Management. The messages warned receivers that their respective banks had notified OPM of suspicious account activity that could be reviewed via a malicious attachment. A group of security researchers from Leesburg, Va.-based firm PhishMe first spotted the Locky ransomware campaign Tuesday.” (Source: CyberScoop)
  • Cyber Attacks ‘More Sophisticated, More Targeted’, Warns Central Bank. “Speaking as UK lender Tesco Money this week scrambled to cope with an attack that saw hackers steal funds from 20,000 of its customers’ accounts, Dame Street’s director of Policy & Risk, Gerry Cross, warned that financial institutions here are not doing enough to minimise the potential impact of an IT failure on their business, reputations and the wider financial system. The risk of consumers being hit due to IT and cyber security incidents is a particular concern, he said.” (Source: The Independent)

Safe surfing, everyone!

The Malwarebytes Labs Team