March 2018

Philippine banks on alert after cyber attack at Malaysia central bank
https://uk.reuters.com/article/uk-philippines-cenbank-cybersecurity/philippine-banks-on-alert-after-cyber-attack-at-malaysia-central-bank-idUKKBN1H70GR
Excerpt:
“The Philippine central bank has sounded an alert to local financial institutions following a cyber attack at the Malaysian central bank, in which hackers sought to steal money using fraudulent wire transfers, its governor said on Saturday.”
Businesses suspect their mobile workers are being hacked
https://www.helpnetsecurity.com/2018/03/29/mobile-workers-hacked/
Excerpt:
“More than half (57%) of organisations suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months, according to the iPass Mobile Security Report 2018.”
20 hackers arrested in EUR 1 million banking phishing scam
https://www.helpnetsecurity.com/2018/03/29/arrest-banking-phishing-scam/
Excerpt:
“A two-year long cybercrime investigation between the Romanian National Police and the Italian National Police, with the support of Europol, its Joint Cybercrime Action Taskforce (J-CAT) and Eurojust, has led to the arrest of 20 suspects in a series of coordinated raids on 28 March.”
Macro-less word document attacks on the rise
https://www.helpnetsecurity.com/2018/03/30/macro-less-word-document-attacks/
Excerpt:
‘WatchGuard released its Internet Security Report for Q4 2017. Among the report’s most notable findings, threat intelligence showed that total malware attacks are up by 33 percent, and that cyber criminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads.”
Businesses suspect their mobile workers are being hacked
https://www.helpnetsecurity.com/2018/03/29/mobile-workers-hacked/
Excerpt:
“More than half (57%) of organisations suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months, according to the iPass Mobile Security Report 2018.”
Gang leader behind malware attacks targeting 100 financial institutions arrested in Spain
https://www.helpnetsecurity.com/2018/03/26/gang-leader-carbanak-cobalt-malware-arrested/
Excerpt:
“The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies.”
Third-party IoT risk management not a priority
https://www.helpnetsecurity.com/2018/03/27/third-party-iot-risk-management/
Excerpt:
“With the proliferation of IoT devices used in organizations to support business, technology and operations innovation, respondents to an Ponemon Institute study were asked to evaluate their perception of IoT risks, the state of current third party risk management programs, and governance practices being employed to defend against IoT-related cyber attacks.”
Phishing, malware, and cryptojacking continue to increase in sophistication
https://www.helpnetsecurity.com/2018/03/26/phishing-malware-cryptojacking/
Excerpt:
“Attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products.”
GhostMiner: Cryptomining Malware Goes Fileless
Asaf Aprozper and Gal Bitensky
https://blog.minerva-labs.com/ghostminer-cryptomining-malware-goes-fileless
Excerpt:
“Cybercriminals are increasingly relying on malicious cryptominers as a way of making money online, often shifting from using ransomware or diversifying revenue streams.”
Atlanta government systems hit by rasomware
https://www.helpnetsecurity.com/2018/03/23/atlanta-government-systems-ransomware/
Excerpt:
“The city of Atlanta has suffered a ransomware attack on Thursday, which resulted in outages of some of its customer facing applications, including some that customers may use to pay bills or access court-related information.”
Netflix, Dropbox promise not to sue security researchers, with caveats
Zeljka Zorz
https://www.helpnetsecurity.com/2018/03/23/netflix-dropbox-vulnerability-research/
Excerpt:
“Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines.”
Energy & Critical Infrastructure Alert: Industrial Control System Data Stolen
https://www.itsecuritynews.info/energy-critical-infrastructure-alert-industrial-control-system-data-stolen/
Excerpt:
“The latest technical alert from the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) warns the energy and critical infrastructure sectors about a multi-stage intrusion campaign, reportedly said to be conducted by Russian government threat actors.”
Davidson County (N.C.) back online following a ransomware attack
Doug Olenick
https://www.scmagazine.com/davidson-county-nc-back-online-following-a-ransomware-attack/article/752590/
Excerpt:
“Davidson County's computer network is once again fully operational one month after getting hit with a ransomware attack that affected the majority of the municipalities servers and computers.”
Top cybersecurity evasion and exfiltration techniques used by attackers
https://www.helpnetsecurity.com/2018/03/23/exfiltration-techniques/
Excerpt:
“SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders.”
1 in 10 targeted attack groups use malware designed to disrupt
https://www.helpnetsecurity.com/2018/03/23/malware-disrupt/
Excerpt:
“Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec’s Internet Security Threat Report (ISTR), Volume 23.”
FBI raids home of spy sat techie over leak of secret comms source code on Facebook
Iain Thomson
https://www.theregister.co.uk/2018/03/20/fbi_nro_contractor_raided/
Excerpt:
“The FBI has raided the home of US intelligence contractor John Weed who is suspected of leaking classified blueprints online via a fake Facebook account.”
15-Year-old Finds Flaw in Ledger Crypto Wallet
Brian Krebs
https://krebsonsecurity.com/2018/03/15-year-old-finds-flaw-in-ledger-crypto-wallet/
Excerpt:
“A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies.”
Worldwide IoT security spending to reach $1.5 billion in 2018
https://www.helpnetsecurity.com/2018/03/22/worldwide-iot-security-spending-2018/
Excerpt:
“IoT-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years. To protect against those threats Gartner forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion.”
This Android malware redirects calls you make to your bank to go to scammers instead
Graham Cluley
https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-to-your-bank-to-go-to-scammers-instead/
Excerpt:
“Researchers at Symantec are warning of a new variant of the Fakebank Android malware family that has an unusual twist.”
Fortnite players warned over hack attacks
http://www.ehackingnews.com/2018/03/fortnite-players-warned-over-hack.html
Excerpt:
“Fortnite video game is becoming one of the biggest online games in the world, however, the more it seems to grow and expand, the more hackers are attracted to the platform”
Hackers target more than 400 schools with bomb hoax
Camilla Turner
https://www.telegraph.co.uk/education/2018/03/19/hackers-target-400-schools-bomb-hoax/
Excerpt:
“American hackers targeted more than 400 schools with a bomb hoax, as more than a dozen police forces across the country launch investigations.
A look inside the big business of cybercrime
https://www.helpnetsecurity.com/2018/03/20/big-business-of-cybercrime/
Excerpt:
“For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analyzed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry.”
Middle East oil and gas companies are unprepared to address OT cyber risk
https://www.helpnetsecurity.com/2018/03/21/middle-east-ot-cyber-risk/
Excerpt:
“Cyber security breaches in the Middle East are widespread and frequently undetected, with 30 percent of the region’s attacks targeting operational technology (OT), finds a new study by Siemens and Ponemon Institute.”
Understanding email fraud: Do you have visibility into email threats?
https://www.helpnetsecurity.com/2018/03/21/understanding-email-fraud/
Excerpt:
“82% of boards are concerned with email fraud, and 59% consider it a top security risk – no longer just an IT issue. Yet 30% of respondents to a survey conducted by Censuswide cited a lack of executive support as a key challenge to email fraud protection deployment, according to Proofpoint.”
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.
Nicole Perlroth and Clifford Krauss
https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
Excerpt:
“In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.”
Author of Polski, Vortex, and Flotera Ransomware Families Arrested in Poland
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/
Excerpt:
“Polish law enforcement announced on Friday the arrest of Tomasz T., a well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains.The arrest took place on Wednesday, March 14, in the Polish town of Opole, while Tomasz —a Polish national living in Belgium— was visiting his native country.”
Hackers Target PostgreSQL DBs With Coinminer Hidden in Scarlett Johannsson Image
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/hackers-target-postgresql-dbs-with-coinminer-hidden-in-scarlett-johannsson-image/
Excerpt:
“A new type of attack has been discovered targeting PostgreSQL databases, in which malware authors are using an image of Hollywood actress Scarlett Johansson to hide a cryptocurrency miner they intend to run on the DB's underlying server.”
RottenSys: Not a Secure Wi-Fi Service At All
Feixiang He, Bohdan Melnykov, Elena Root
https://research.checkpoint.com/rottensys-not-secure-wi-fi-service/
Excerpt:
“The Check Point Mobile Security Team has discovered a new widespread malware family targeting nearly 5 million users for fraudulent ad-revenues. They have named it ‘RottenSys’ for in the sample we encountered it was initially disguised as a System Wi-Fi service.”
Turkish, Egyptian ISPs help local government conduct massive spyware operation
Luana Pascu
https://hotforsecurity.bitdefender.com/blog/turkish-egyptian-isps-help-local-government-conduct-massive-spyware-operation-19669.html
Excerpt:
“Canadian researchers from human rights organization Citizen Lab uncovered a major computer espionage operation spreading across Turkey, Egypt and, indirectly, Syria. The operation, which started in 2017, is a nation-state-level network injection to deliver spyware.”
The South America connection and the leadership on ATM Malware development
Pierluigi Paganini
http://securityaffairs.co/wordpress/70151/cyber-crime/latam-paradise-atm-malware.html
Excerpt:
“Besides being known about corruption scandals, South America is a reference to the development of ATM malware spreading globally with Brazil, Colombia, and Mexico leading the way.”
Binance offers $250,000 for info about hackers who targeted its users
Zeljka Zorz
https://www.helpnetsecurity.com/2018/03/12/binance-reward/
Excerpt:
“Binance, the popular Chinese cryptocurrency exchange with a focus on crypto-to-crypto trading, has put a $250,000 bounty on the heads of the hackers who tried to pull off a heist earlier this month by compromising user accounts.”
Robots hijacked by ransomware may soon become a reality
Zeljka Zorz
https://www.helpnetsecurity.com/2018/03/09/robots-ransomware/
Excerpt:
“How soon will we see our home, office or industrial robots being hijacked and held ransom by attackers? If they dedicate their efforts to research, that day may come sooner rather than later.”
Memcached DDoS: This 'kill switch' can stop attacks dead in their tracks
Liam Tung
https://www.zdnet.com/article/memcached-ddos-this-kill-switch-can-stop-attacks-dead-in-their-tracks/
Excerpt:
“The 1Tbps-plus memcached amplification attacks that hammered GitHub and other networks over the past week can be disarmed with a "practical kill switch", according to DDoS protection firm Corero.”
Intelligence sharing is crucial in the fight against cybercrime
https://www.helpnetsecurity.com/2018/03/08/intelligence-sharing-fight-cybercrime/
Excerpt:
“Malware variants previously focused on the financial sector are now successfully attacking non-banking targets, according to Blueliv. A higher level of collaboration and intelligence-sharing between industries is ever-more crucial in the fight against cybercrime.”
UK govt wants IoT manufacturers to take responsability for security
Zeljka Zorz
https://www.helpnetsecurity.com/2018/03/08/uk-securing-iot-devices/
Excerpt:
“The UK government aims to shift the burden of securing IoT devices away from consumers and put the onus of securing them squarely on the manufacturers.”
Not all who pay a ransom successfully recover their compromised data
https://www.helpnetsecurity.com/2018/03/09/ransomware-data-recovery/
Excerpt:
"A new report by the CyberEdge Group found that 55 percent of responding organizations were compromised by ransomware in 2017, down from 61 percent in 2016.’
U.K. police use DDoS-style attacks on suspected drug dealer's phones
Robert Abel
https://www.scmagazine.com/uk-police-launch-ddos-style-attacks-to-disrupt-the-drug-trade/article/749084/
Excerpt:
“U.K. police tried DDoS style attacks to disrupt service on suspected drug dealer's phones in cases where they couldn't prosecute but were looking to interfere with the drug trade.”
Cyber attacks becoming No. 1 business risk
https://www.helpnetsecurity.com/2018/03/07/cyber-attacks-business-risk/
Excerpt:
“SonicWall recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year.”
New attacks on 4G LTE networks can allow to spy on users and spoof emergency alerts 
Pierluigi Paganini
http://securityaffairs.co/wordpress/69852/hacking/4g-lte-networks-flaws.html
Excerpt:
“A group of researchers from Purdue and the University of Iowa have discovered a number of vulnerabilities affecting the 4G LTE networks that could be exploited by attackers to eavesdrop on phone calls and text messages, knock devices offline, track location, and spoof emergency alerts.”
Most healthcare breaches still come from hacking
https://www.helpnetsecurity.com/2018/03/05/bitglass-2018-healthcare-breach-report/
Excerpt:
“In 2017 the number of individuals affected by breaches within the healthcare sector reached a four-year low. However, 71 percentof breaches in 2017 were due to hacking and IT incidents, and a growing proportion growth trend that has continued since 2014, according to the Bitglass 2018 Healthcare Breach Report.”
Read full article