Detail of a calendar page with dates

A week in security (October 9 – October 15)

Last week on the Labs blog, we talked about GDPR as part of our series in the National Cyber Security Awareness Month (NCSAM). We also discussed a new method for phishing Apple ID passwords and the possible ramifications. We analyzed the malvertising chain due to a script that was found on popular websites like those of Equifax (!) and TransUnion. And we explained how decoy Word documents are used to deliver malware using the hyperlink feature in the OpenXML format.

Malwarebytes news

It was a great week for Malwarebytes since we won three awards at the 2017 Computing Security Awards: Security Company of the Year, Editors Choice, and Malware Solution of the Year. And we were chosen as the winner in the “Rising Star: Cybersecurity Solution” category of NetworkWorld Asia 2017 Readers’ Choice Awards.

Our CEO, Marcin Kleczynski, was interviewed by the Huffington Post on the subject 5 things I wish someone told me before I became CEO. And the Malwarebytes Labs team presented you with the quarterly Cybercrime Tactics and Techniques looking back at an unprecedented season of breaches.

Other security news


Akamai presented their findings on a large-scale Fast Flux botnet at their annual customer conference. The botnet using Fast Flux techniques has over 14,000 IP addresses associated with it. Some of the associated IP addresses are in address spaces that are assigned to Fortune 100 companies. These addresses are most likely used by the Fast Flux network owner as spoofed entities and are not genuine members of the network. This allows the botnet to inherit the reputation of the Fortune 100 companies.

Pen Test Partners, a UK cybersecurity company, found appalling security lapses while investigating naval ships that had equipment exposed online. Ships nowadays are complex industrial machines: traditionally isolated, now always-on, connected through VSAT, GSM/LTE, and even Wi-Fi. Crew Internet access, mashed up with electronic navigation systems, ECDIS, propulsion, load management, and numerous other complex, custom systems is a recipe for disaster if not properly secured.

The Register discussed whether the law that would allow hacking victims to seek revenge and hack the hackers who hacked them is a good idea or not. The Active Cyber Defense Certainty Act amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber miscreants legal in America for the first time. The bill would allow hacked organizations to venture outside their networks to identify an intruder and infiltrate their systems, destroy any data that had been stolen, and deploy “beaconing technology” to trace the physical location of the attacker.

A series of distributed denial of service (DDoS) attacks aimed at Sweden’s transportation services caused train delays and disrupted over travel service. The DDoS bombardment reportedly crashed the IT system that monitors trains’ locations and tells operators when to go or stop. It also took down the federal agency’s email system, website, and road traffic maps.


Politifact was named as yet another site using cryptominers to have visitors pay for their visit to the site. We described the growing number of sites using drive-by mining some time ago.

Android users downloading a fake Adobe Flash Player from a malicious website may find themselves victimized by a unique strain of Android ransomware called DoubleLocker. “The most interesting thing here is that it uses a dangerous combination of three aspects we have not seen before: accessibility services, which perform a click on the user’s behalf; it encrypts data; and it can reset a PIN for a user’s device.”

Stay safe everyone!