Internet threat news

This blog recently reported on the massive data breach at Anthem Inc., the second largest provider of health insurance in the country. The data breach, which forensic investigators are now reporting could have begun as early as April of last year, has the potential to affect over 50 million people currently insured through Anthem or one its subsidiaries. In response to this breach, Anthem has sent out many emails to customers explaining the breach, the nature of the information obtained by the hackers responsible for the attack, and what these customers can do to protect themselves from additional exposure. In an official statement issued once the breach was made public, Anthem insists that it will notify all affected customers by mail to describe exactly what protections are being offered.

TurboTax, an Intuit product used by millions each year to file income taxes at home, recently announced that state e-filed returns will not be transmitted while the company investigates a surge in customer complaints indicating that tax returns have already been filed in their name. Tax fraud this time of year is hardly news, however, if a breach occurred at one of the largest e-file companies in the country, the recent complaints could only be the tip of the proverbial iceberg. Intuit also reported that it has noticed an increase in suspicious filing this year which indicates that criminals are using stolen financial information to file fraudulent returns and claim the associated tax refunds.

Anthem Inc., the second largest health insurer in the country, recently announced that it was the victim of a massive data theft of sensitive customer information including Social Security numbers. This is by far the biggest breach of customer information to occur recently as nearly 69 million people are currently served by Anthem and its affiliate companies. In the statement issued by Anthem, the company acknowledges that all business units were compromised during the breach, but refrained from reporting how many customers are affected. Anthem also stated that all affected customers will be notified in writing pending an extensive IT forensic investigation. All that’s known as this time is that a “very sophisticated cyberattack” was able to expose the names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, and employment information of customers in every unit of the Anthem infrastructure, according to the official company statement.

There was no shortage of verified Zeus malware campaigns reported by this blog in early 2014, but by the end of the year, it seemed like Zeus may have become a thing of this past. Apparently, however, that is not the case at all. An improved version of the notorious banking Trojan has been spotted in the wild that is just different enough from the original malware so as to avoid detection by popular antivirus products. This new version of Zeus targets Canadian banks including the Bank of Montreal, Royal Bank of Canada, and National Bank of Canada (the largest banks in the country).

It’s no secret that the NSA has been spying on the American populous for years – facts that were proven when Edward Snowden began sharing secret government files proving as much. From phone tapping to elaborate malware deployments created to spy on other countries (and American citizens), the NSA seems to have no shortage of tricks up its sleeve. But what happens when even the NSA doesn’t have the resources available to commit its next great act of treason? Simple… It simply leverages the power of existing botnets. Botnets, which by many accounts, are the very thing organizations like the NSA should be protecting us from.

Researchers from Dell SecureWorks recently discovered a sophisticated malware variant which allows hackers to authenticate themselves as any user on a Windows Active Directory server using any password once the network has been infiltrated using stolen login credentials. Based on the malware analysis offered by Dell, it appears that Skeleton Key – as named by the Dell researchers responsible for discovering the malware – was carefully designed to do a specific job. This malware is deployed using an in-memory process ‘patch’ that uses the compromised admin account used to access the system in the first place.

Adobe Flash has been a favorite target for hackers for years because there are many ways to exploit the platform whereby hackers can install malicious code on the PC including banking Trojans, key loggers and other dangerous malware. Using various drive-by download techniques, hackers are able to bypass security measures within Adobe Flash and patching these vulnerabilities has become a drawn out game of cat and mouse. Adobe patches while hackers find new vulnerabilities and the cycle continues. This is exactly what happened after Adobe released a patch last week.

A cybersecurity security firm (Cyphort) recently reported that the AOL Ad Network was responsible for spreading malware in the form of malicious advertisements found along the sidebars of popular websites including the Huffington Post, Game Zone, Weather Bug and others. The AOL Ad Network, which supports ad platforms in both the United States and Germany, reports serving nearly 200 million user impressions every month. In fact, 90% of U.S. Internet users are exposed to the AOL Ad Network every day.

Asustek Computer produces a wide range of technology products ranging from PCs and associated peripherals to routers used by consumers and businesses around the world. A vulnerability was recently discovered in Asuswrt, the firmware used on many Asus branded routers. Once exploited, this vulnerability gives the hacker complete control of the router and ultimately, the entire network. The flaw is actually located within a service called infosvr. Infosvr runs on Asuswrt-powered routers by default and is leveraged by the Asus Wireless Router Device Discovery Utility.

Security analysts from Trend Micro Lab discovered a banking Trojan last month that was specifically targeting South Korean banks. While this may not appear to be especially newsworthy at first glance, a recent discovery about this class of banking Trojans is of much greater concern. Rather than communicate with C&C servers using conventional encryption protocols to avoid detection, TPSY_Banker.YYSI (as it has been dubbed by Trend Micro) uses Pinterest to communicate with C&C servers.

Security Researchers recently discovered yet another threat to websites running a popular content management system (CMS), WordPress. This threat, which has been dubbed SoakSoak, is the latest malware threat specifically designed to target websites operating the CMS and has already resulted in over 11,000 domains being blacklisted by Google. WordPress has become extremely popular and can be found on the backend of nearly 60 million websites worldwide (meaning approximately 1 in every 6 websites run the CMS) so it’s no wonder hackers have started targeted the infrastructure more regularly in the last few months.