Detail of a calendar page with dates

A week in security (Jan 01 – Jan 07)

Last week, we pushed out an in-depth analysis of a Sundown exploit kit campaign dropping a miner for the cryptocurrency, Monero. Our researchers, hasherezade and Jérôme Segura, analyzed the kit and its payload during their investigation.

We also pushed out a report on a technical support page we found that performed a DoS attack against Mac systems. The said page did this by creating a multitude of email drafts, upon users visiting the fake site, that inundated the desktop, which in turn caused the entire system to freeze and run out of memory, rendering it unusable.

Below are notable news stories and security-related happenings:

  • Pokemon, Go? Augmented Reality Technology Faces Legal Reckonings In 2017. “While not a new technology, augmented reality (AR) became mainstream worldwide phenomena in 2016. But like any untested consumer technology, it faces fine-tuning to adopt to the laws and society around which it seeks to transform. One of the best examples is Niantic’s Pokémon Go AR game, a seminal platform launched in 2016 which uses AR technology to superimpose interactive Pokémon characters onto what a user’s mobile phone’s video camera captures. In addition to wide fame and success, the game has also run into an array of unique lawsuits.” (Source: LegalTech News)
  • Smart Devices May Soon Provide UK Police With Evidence Of Crime – Report. “Smart home devices, including fridges, washing machines, light bulbs and coffee-makers may soon provide police forces across the UK with critical data, linked to criminal investigations. Authorities believe that the internet-of-things (IoT) devices could potentially be used by detectives to gather digital crime scene evidence. According to Scotland Yard’s digital forensics chief Mark Stokes, IoT devices are likely to revolutionise crime-scene investigation. Detectives are being trained to identify digital footprints, which may help track events, in turn allowing authorities to establish the validity of alibis or root out inconsistencies in witnesses’ statements.” (Source: The International Business Times)
  • Data Breach Exposes US Army Doctor Details. “Sensitive details of health workers employed by the US military’s Special Operations Command (Socom) have been exposed in a data breach. The 11GB of data included social security numbers, names, addresses and salaries of some Socom staff.” (Source: The BBC)
  • Ransomware On Smart TVs Is Here And Removing It Can Be A Pain. “It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult. Ransomware for Android phones has already been around for several years and security experts have warned in the past that it’s only a matter of time until such malicious programs start affecting smart TVs, especially since some of them also run Android.” (Source: PC World)
  • Hackers Could Turn Your Smart Meter Into A Bomb And Blow Your Family To Smithereens – New Claim. “Smart meters are “dangerously insecure,” according to researcher Netanel Rubin – who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode. The software vulnerability hunter derided global efforts to roll out the meters as reckless, saying the ‘dangerous’ devices are a risk to all connected smart home devices.” (Source: The Register)
  • Mind How You Grumble On Social Media: Crooks On Twitter Stealing Bank Details Of Customers Complaining About Glitches Online. “Savers who use social media to complain to their banks about technical glitches are having their details snatched by crooks. Criminals are lurking online waiting for banks to suffer technical problems so they can dupe unwitting customers into handing over information.” (Source: This is Money)
  • Ransomware Crime Bill Goes Into Effect In California. “Beware perpetrators of ransomware in California: Under a new bill that went into effect on Jan.1, you will now face four years in a state prison. Senate Bill 1137, which was signed in September, took effect on the first of the year. It updates the state’s penal code to differentiate the crime of ransomware from existing extortion statutes. Ransomware is generally malware downloaded into a computer or network that enables cyberthieves to lock systems up until a ransom is paid, usually via Bitcoin.” (Source: SC Magazine)
  • 54% Of Organizations Have Not Advanced Their GDPR Compliance Readiness. “More than half of organizations have failed to begin any work on meeting minimum General Data Protection Regulation (GDPR) compliance, according to a study conducted by Vanson Bourne. Intended to harmonize data security, retention and governance legislation across European Union (EU) member states, GDPR requires greater oversight of where and how sensitive data—including personal, credit card, banking and health information—is stored and transferred, and how access to it is policed and audited by organizations. GDPR will not only affect companies within the EU, but extend globally to the U.S. and other countries, impacting any company that conducts business in the region or with an EU organization.” (Source: Help Net Security)
  • Thai Army To Recruit Civilian ‘Cyber Warriors’ Following Anonymous’ Onslaught On Government Sites. “The Thai army is reportedly planning to recruit civilian “cyber warriors” in efforts to boost the government’s ability to respond to cyber threats. Civilian experts are slated to be employed to assist the government in combating cybercrime, as well as help the government improve its systems, according to reports. Thai army commander-in-chief Chalermchai Sittisat said: ‘We don’t have enough personnel with expertise in cyber security. Therefore, we need to recruit civilians for our centre, who can manage it properly and earn a reasonable salary,’ the Bangkok Post reported.” (Source: The International Business Times)
  • New Android Malware Attacks Your Wireless Router Through Your Phone. “There’s a new kind of Android malware that uses Android devices to attack wireless routers and control victims’ networks. The malware, which has been dubbed ;Switcher Trojan,; can leave victims vulnerable to a wide range of cyber attacks, phishing, data theft, and fraud. According to researchers at Kaspersky Lab, Switcher Trojan can redirect all traffic from devices connected to the WiFi network into the hands of cybercriminals. The Android malware infiltrates the wireless router’s admin interface with a predefined list of login and password combinations.” (Source: Mobile N Apps)
  • Fiat Chrysler And Google Team On Android In-car Tech. “Fiat Chrysler and Alphabet are already working together via Waymo, the former Google self-driving car project, and now Google is also teaming with the automaker for in-car system tech, using Android as the base for a new infotainment and connect car platform. The new FCA in-car system is called Uconnect, and uses Android 7.0 to deliver a range of features, including Android app compatibility alongside more traditional in-car controls like AC and heat, also with terrestrial radio.” (Source: TechCrunch)
  • Data Breaches Through Wearables Put Target Squarely On IoT In 2017. “Forrester predicts that more than 500,000 internet of things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed. Drop the mic — enough said. With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such as DVR players, makes this sector scary from a security standpoint.” (Source: CSO)
  • Latest WhatsApp Scam Infects Users With Banking Malware. “Hackers have started a new campaign in which they have chosen WhatsApp as the primary malware-distributing platform. In this campaign, hackers are distributing the malware through 2 files namely ‘NDA-ranked-8th-toughest-College-in-the-world-to-get-into.xls’ and ‘NIA-selection-order-.xls’ respectively. These files are being circulated via WhatsApp in the form of authentic word files obtaining sensitive information from users which include online banking credentials, PIN codes and similar details.” (Source: HackRead)
  • Ransomware Has Evolved, And Its Name Is Doxware. “In recent years, ransomware has become a growing concern for companies in every industry. Between April 2015 and March 2016, the number of individuals affected by ransomware surpassed 2 million — a 17.7% increase from the previous year. Ransomware attacks function by breaching systems, usually through infected email, and locking important files or networks until the user pays a specified amount of money.” (Source: Dark Reading)
  • Schools Warned About Cold-calling Ransomware Attacks. “Schools and colleges are being warned to be on the lookout for ransomware attacks, after a wave of incidents where fraudsters attempted to trick educational establishments into opening dangerous email attachments. In itself that doesn’t sound that unusual. What makes the attacks unusual, however, is just how the attackers tricked users into clicking on the malware-infected attachments. They phoned up their victims.” (Source: BitDefender’s Hot For Security Blog)
  • Experts Warn Of Novel PDF-Based Phishing Scam. “The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims. According to the SANS bulletin, the email has the subject line ‘Assessment document’ and the body contains a single PDF attachment that claims to be locked. A message reads: ‘PDF Secure File UNLOCK to Access File Content.'” (Source: Kaspersky’s Threatpost)
  • $247,000 KillDisk Ransomware Demands A Fortune, Forgets To Unlock Files. “The cost of ransomware reached close to $1 billion in 2016, and it’s not hard to see why. The malware family, which targets everything from Windows to Mac machines, executes procedures to encrypt files and disks before demanding a ransom payment in return for keys to decrypt and unlock compromised machines. However, it is not only the general public which is being targeted with everything from hospitals to schools and businesses now in the firing line.” (Source: ZDNet)
  • Koovla Ransomware Urges Users To Read Up On Security. “Security researchers have discovered an unusual ransomware variant which offers a decryption key not if victims pay up, but if they read two articles on how to stay safe from malware. Discovered by self-styled ‘ransomware hunter’ Michael Gillespie, the ‘Koovla’ variant is still in development, according to Bleeping Computer’s Lawrence Abrams.” (Source: InfoSecurity Magazine)
  • Stolen Passwords Fuel Cardless ATM Fraud. “Some financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime.” (Source: KrebsOnSecurity)
  • Japan Sees a Spike In Smart TVs Held Hostage. “Looks like cybercriminals are starting to hit people where it really hurts: Blocking their bingeing on Netflix, and watching sports and an array of niche TV shows from the dark recesses of the cable network world. Smart TVs, in other words. Japan alone has reported more than 300 ransomware attacks on smart TVs this year, marking a sharp increase in cyberattacks targeting internet of things (IoT) appliances, according to Trend Micro. Typically, the affected TVs will be locked, and a ransom message pops up asking for 10,000 yen (around $100) to be paid within 72 hours.” (Source: InfoSecurity Magazine)
  • Social Media Security Is Not Just For Kids – How Safe Are Your Profiles? “The news is full of the risks children face on the internet, not just in terms of predators but also in terms of the rights they might be signing away. Their details and the rights to any images they post may be compromised, says a report from the UK’s Children’s Commissioner, entitled Growing Up Digital. The commissioner calls for clearer terms and conditions so that kids are aware of what they’re getting into. No reasonable person would disagree with that, but you can’t help wondering whether adults could do with some education in the area as well.” (Source: Sophos’s Naked Security Blog)
  • Unsecure Routers, Webcams Prompt Feds To Sue D-Link. “The Federal Trade Commission on Thursday sued Taiwan-based D-link in federal court. The FTC alleges that D-link routers and webcams left ‘thousands of consumers at risk’ to hacking attacks. ‘Defendants have failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access, including by failing to protect against flaws which the Open Web Application Security Project has ranked among the most critical and widespread web application vulnerabilities since at least 2007,’ the FTC said in a complaint (PDF) filed in San Francisco federal court.” (Source: Ars Technica)

Safe surfing, everyone, and welcome, 2017!

The Malwarebytes Labs Team