Detail of a calendar page with dates

A week in security (Jun 05 – Jun 11)

Last week, we interviewed our very own Pieter Arntz to get to know him a little better. We also touched on the importance of HTTPS and focused on a new social engineering scheme that triggers on mouse movement.

We also took a deeper look at LatentBot, a Trojan that is being distributed by the RIG exploit kit; profiled Fireball, a browser hijacker that is capable of downloading and executing other malware, advised blog readers to stop sharing photos of their X-rays to social media; and named the other groups and/or individuals who are also fighting the good fight against tech support scams.

Below are notable news stories and security-related happenings:

  • Apple Test Hints That iOS 11 Will Be The End-of-life For Outdated, 32-bit Applications. “Ahead of Apple’s Worldwide Developer Conference today, and the expected announcement of iOS 11, the company briefly removed older, 32-bit iOS applications from appearing in the App Store’s search results. The change, which appears to have been a short test on Sunday, could have impacted a sizable portion of the App Store’s long tail.” (Source: TechCrunch)
  • Tech Firms: We’re Trying To Make Our Sites Hostile To Terrorists. “In the aftermath of the London attack, Facebook, Google, and Twitter have insisted that they already work closely with the UK government to flush out the sharing of extremist content—as fresh calls to crack down on the Internet and end-to-end crypto once again surfaced following a terror atrocity.” (Source: Ars Technica)
  • Hack Back Law Would Create Cyber Vigilantes. “Tom Graves (R-GA) released an update to the initial Active Cyber Defense Certainty Act (ACDC) that intends to exempt victims of cyber attacks from being prosecuted for attempting to hack back at their attackers under the Computer Fraud and Abuse Act (CFAA). If enacted, the law allows organizations that are the victims of hacks to conduct their own hacks to identify the assailants, stop the attacks or retrieve stolen files. At a high level, it makes sense. In practice, it is ridiculous.” (Source: CSO)
  • Stealthy DDoS Attacks Distract From More Destructive Security Threats. “Despite several headline-dominating, high-volume DDoS attacks over the past year, the vast majority (98%) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 10 Gbps per second in volume. In addition, almost three-quarters (71%) of the attacks mitigated by Corero lasted 10 minutes or less.” (Source: Help Net Security)
  • WannaCry Exploit Could Infect Windows 10. “WannaCry targeted a Server Message Block (SMB) critical vulnerability that Microsoft patched with MS17-010 on March 14, 2017. While WannaCry damage was mostly limited to machines running Windows 7, a different version of EternalBlue could infect Windows 10.” (Source: Dark Reading)
  • Why Two Factors Are Better Than One. “In fact, a recent study conducted by the Pew Research Center illustrates why reliance on the single factor of ID and password may not provide sufficient protection. The study found that 39% of online adults have shared their password to one of their online accounts with a friend or family member. In addition, 25% admit that they often use passwords that are less secure because simpler passwords are easier to remember.” (Source: InfoSecurity Magazine)
  • Singapore, Australia Forge Cyber Security Ties. “In a two-year memorandum of understanding (MoU) inked by the two countries on 2 June 2017, the Cyber Security Agency of Singapore and the Australian government will conduct regular information exchanges on cyber threats, share best practices to promote innovation in cyber security and build cyber security capabilities.” (Source: Computer Weekly)
  • The End Of Net Neutrality Could Shackle The Internet Of Things. “Net Neutrality isn’t the simplest concept to grasp. Explaining it works best via example: Net neutrality means, say, that internet providers like AT&T, Comcast, and Verizon, which also have their own television and streaming video services, can’t create ‘slow lanes’ for competing services. They can’t gum up traffic from sites such as Netflix and Dish’s SlingTV in favor of their own.” (Source: Wired)
  • Russian Hackers Control Malware Via Britney Spears Instagram Posts. “A group of Russian-speaking hackers has been attacking multiple governments for years now. Not only that, but they also experimented with different methods of conducting those attacks with the help of the social media websites. Their approach was pretty clever, and they used those sites for concealment of the espionage malware.” (Source: HackRead)
  • Slack, Telegram, Other Chat Apps Being Used As Malware Control Channels. “Researchers at Trend Micro took a closer look at platforms including chat programs, self-hosted chat clients, and social networks to see whether their application programming interfaces (APIs) could be turned into C&C infrastructure. API refers to definitions, protocols, and tools that a program uses to interact and perform specific tasks.” (Source: Dark Reading)
  • Google Ads For Tech Support Scams – Would You Spot One? “According to Bleeping Computer, the dodgy campaign was spotted on Friday by a US user who posted his observations to a StackExchange thread. The user said that a coworker had searched for ‘Target’, clicked the top result – which was an ad – and was redirected to a phishing page that was rigged up to look like a Microsoft tech support page that wanted him to call a ‘tech support number’.” (Source: Sophos’s Naked Security Blog)
  • This Russian Vending Machine Will Sell You Fake Instagram Likes. “For years, those hungry for online validation have bought fake likes, faves, or followers for every social media site imaginable. In exchange for a small sum, dozens of sketchy websites promise anywhere from a couple dozen likes on a single Instagram photo, to a million Twitter followers.” (Source: Motherboard)
  • Worried About Election Hacking? There’s A Fix For That. “Revelations regarding top-level inquiries into a cyberattack launched by Russian military intelligence agents on an American voting-systems manufacturer, and of an apparently related attempt to hack the e-mail accounts of local election officials around the United States shortly before the 2016 presidential election, should turn the attention of Congress toward the need to secure this country’s extraordinarily vulnerable electoral processes.” (Source: The Nation)
  • 14-year-old Japanese Student Caught For Creating Ransomware. “The cyber criminal community is quite active is developing nasty ransomware to infect unsuspecting users and demand a large amount of money in return. But who could expect a 14-year-old to develop a ransomware malware on his own?” (Source: HackRead)
  • Al-Jazeera Reportedly Hit By Systematic Hacking Attempts. “Al-Jazeera, the Doha-based broadcaster owned by the ruling family of Qatar, says the websites and digital platforms of Al-Jazeera Media Network, its parent company, ‘are undergoing systematic and continual hacking attempts.'” (Source: Help Net Security)
  • Sleeping Giant, Botnets Pose Threat As Ransomware Attacks Decline. “Botnet operators are capable of using their malicious networks to execute virtually any task with a success rate of close to 100 percent, according to a June 7 ESET security blog post. These task could be anything from sending spam, distributing ransomware, carrying out DDoS attacks, or cheating advertising networks, or mining Bitcoin, all of which could change on a whim.” (Source: SC Magazine)
  • Internet Cameras Have Hard-coded Password That Can’t Be Changed. “Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network. That’s according to a 12-page report released Wednesday by security firm F-Secure.” (Source: Ars Technica)
  • Malicious Android App Installs ‘Impossible To remove’ Adware. “The IT Security researchers have discovered a new malware that is essentially an Android Package or APK masked as a cleaner app called Ks cleaner and tricks the users into downloading a security update. Once the update is installed, the malware cannot be removed.” (Source: HackRead)
  • I Admit It, I’m A Cyber Security Professional And I Fell For A Phishing Email. “Both emails lacked any attachments that could have aroused suspicions. On both emails there was a call to action – a ‘Renew your Business Name’ link was in the ASIC email, and a ‘View Your Bill’ link was in the Origin email.” (Source: CRN)
  • Don’t Like Mondays? Neither Do Attackers. “Monday may be our least favorite day of the week, but Thursday is when security professionals should watch out for cybercriminals, researchers say. Timing is everything. Attackers pay as close attention to when they send out their booby-trapped emails as they do in crafting how these emails look.” (Source: CSO)
  • Keeping Threat Intelligence Ahead Of The Bad Guys. “Over the course of my recent series on establishing a cybersecurity portfolio, I’ve recommended five steps for businesses to engage in as they determine the security investments that are right for them: 1) Determine Needs; 2) Allocate Spending According to Risk; 3) Design Your Portfolio; 4) Choose the Right Products; and 5) Rebalance as Needed. These steps are akin to the process you would go through with your broker when creating a strong financial portfolio, with a diversified spread of investments and an adaptable strategy that can change along with your needs at a given time.” (Source: Forbes)

Safe surfing, everyone!

The Malwarebytes Labs Team

ABOUT THE AUTHOR