This Week In Security #3
Security is looking past what you know. With new threats and vulnerabilities found every day we’ll try to give you an organized weekly dose of security news. This is Koda Ops TWIS#3
Swift still under attack
Symantec claims to have uncovered a second group of hackers targeting SWIFT and member banks, since January of this year. At least 100 organizations have been impacted. Again, malware was used to cover up fraudulent transfers. And hold on to your hats – the suspect may be the guys running Carbanak. Over $1 billion dollars in theft went undetected until 2015, mostly in Russia, as criminals fully utilized the bank system, including SWIFT, to fund themselves. The hackers, in this case, used MS Word docs and RAR archives, through email phishes, to load a Trojan onto a computer. From that, they could load other tools to find and harvest passwords and remotely execute programs. Now we wait for a SWIFT response (sorry – had to)
Mac-attack all your webcams belong to hackers or at least the NSA
If you were around the past few years then you already know that hackers have been targeting your webcam and microphone for ages. Even the NSA developed code to remotely access your computer’s webcam and microphone. But the one exception to this attack was macs. Because each apple laptop has a hard-wired light indicator that tells a user when their camera is in use. But that might change with a new attack, this new attack piggybacks on the user’s camera when in use, examples of this would be during video chats or video conference calls. Hackers and nation states will have a field day with this new malware, after all, it’s the phone and video calls that they want to hear, not the regular ramblings of a person sitting at their desk throughout the day.
Lizard squad and PoodleCorp
Two members of Lizard squad and PoodleCorp have recently been arrested. If you remember both groups gained notoriety for targeting online gaming services such as Blizzard’s World of Warcraft, League of legends and many other gaming services. The two teenagers, one from the US and the other from the Netherlands have been accused by the US department of justice for computer crimes associated with a series of distributed denial of service attacks and for selling DDoS services and stolen credit cards.
Nothing is safe from hackers it seems
Security researcher Jay Radcliffe who also is a type 1 diabetic, discovered flaws and wrote about his findings when it comes to Johnson & Johnson insulin pumps. He discovered security flaws in how the medical device communicated wirelessly. Specifically a lack of encryption meaning that all communication to the device was done in plain-text. Combine this with a weak pairing between the remote and pump, new opportunities arise for remote attackers to spoof the controller and trigger an unauthorized insulin injection, causing an overdose and potentially kill the users. While the widespread exploitation of this flaw is considered to be low, Johnson & Johnson issued an advisory to users of the insulin infusion pump.
IOT trending but not for good reasons
One of the new trends to worry about with the ever-growing IoT is how cybercrime will utilize it as an attack vector. Given the proliferation of devices and an insatiable desire by consumers for things that connect, IoT is a crime spree just waiting to happen. Each new things creates a new threat. And as we know, these devices come with barely passable security, if any security. The security strategies we are used to employing no longer apply. The expectation is that 90 million attacks will happen in 2016, with 70% going unnoticed. And with the blurred line between home and office tech, and devices freely exchanging data between both points, corporate risk takes on a whole new level.
Malware is the new business
The first quarter of 2016 saw an increase of 35 fold for new ransomware domains. According to Infoblox threat index, exploit kits are enjoying steady growth as a major threat, and make up 50% of the current index. Angler still counts as the most popular exploit kit, though it took a hit early in 2016. RIG, a rejuvenated older kit, has taken over that status. Neutrino got revitalized with IO exploits for Flash and Explorer so that it grew by 300% in Q1 2016. Malware increased by 290%. And a new group of countries has emerged among the top hosts of infected systems. These include Portugal, Netherlands, UK, and Iceland. Ransomware is expected to continue to increase, as criminal see their opportunity for big ROI.
This is this week in security I hope you enjoyed reading, please comment below and stay tuned for more TWIS.