Industry Intel

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Wireless Keyboards Found To Be Vulnerable To Radio Hack

In a recent study, it was shown that a large number of wireless keyboards use no encryption when sending data to a corresponding computer, leaving the keystrokes of users accessible to anyone with the right equipment. Among the offenders, the biggest vulnerability was a lack of Bluetooth functionality for connecting to the computer. Instead, the keyboards are using more generic methods, which don’t offer the same security measures.

https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/

Researchers Net $22,000 From Pornhub’s Bug Bounty Program

The adult site, which averages over 60 million daily views and nearly 4 million registered accounts, is a lucrative target for cyber criminals. With the offer of a large monetary reward, two researchers set out to break into Pornhub’s main site with the goal of performing remote code execution. By exploiting several vulnerabilities in PHP, they gained the capability to dump the entire Pornhub database to a remote server, which earned them the bounties offered by Hackerone and Pornhub itself.

http://www.infosecurity-magazine.com/news/pornhub-hacked-to-access-billions/

CryptXXX Thriving With Neutrino Exploit Kit

After the widely-used Angler exploit kit died off back in June, many believed that CryptXXX would also see a decline in use (as it utilized Angler), though the opposite has come to be true instead. By making the switch to the Neutrino exploit kit, CryptXXX has been able to extend it’s reach even further to allow WordPress exploitation as well as the typical Flash Player and Java vulnerabilities. After clicking the infected link, the ransomware payload is dropped and a ransom note with instructions for payment are displayed to the users, along with a warning that the ransom amount will double after 5 days.

https://www.webroot.com/blog/2016/07/22/cryptxxx-utilizes-new-exploit-kit/

Windows 10 Vulnerability Allows for Bypass of User Account Control

Recently, researchers have discovered a method for allowing malicious DLLs on a Windows 10 machine, while bypassing the User Account Control pop-up warning about the heightened privilege access. By replacing one of the DLLs that is launched by the ‘diskcleanup’ application with a malicious version of the same name, the malicious code was executed with administrator privileges and no user input or verification was needed.

https://www.helpnetsecurity.com/2016/07/26/user-account-control-bypass/

Turkish Gas Provider Targetted by Anonymous

In their latest hacktivist attack, OpTurkey, Anonymous has taken aim at a Turkish gas company’s website in protest of local government officials activities as well as their relationship with the company’s top executives. The attackers were able to access the personal and financial records of nearly 500 individuals, the contents of which were subsequently posted online.

http://www.scmagazineuk.com/anonymous-breaches-turkish-natural-gas-company/article/512101/

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Rio Olympics: A Cyberthreat Goldmine

With the 2016 Olympic games right around the corner, it’s already being anticipated as a highly targeted event for cyber criminals. With lax cyber-crime laws in Brazil coupled with hackers that are well versed in banking data theft, visitors to Rio should be cautious of any suspicious emails they might receive and of the many ATMs and card-reading machines that could contain malware. Additionally, mobile users should be wary of accessing unsecured WiFi networks as there is no way to tell who else may be monitoring the traffic being sent through.

http://www.csoonline.com/article/3098305/security/hackers-are-targeting-the-rio-olympics-so-watch-out-for-these-cyberthreats.html

Pokémon Go Spawn Locations Revealed

In the weeks since Pokémon Go’s release, the game has brought a sweeping wave of change over the world, providing players the incentive to explore the world around them and to interact with others also playing the game. However, some users have taken the hunt for Pokémon a step further – by monitoring the data traffic being sent to and from the Pokémon Go servers and producing a Google Maps layout showing all local Pokémon that are currently spawned. While this does breach Niatic’s terms of service, the users in question believe it to be more of a service to other players, rather than for personal gain.

http://arstechnica.com/gaming/2016/07/how-hackers-are-revealing-the-hidden-pokemon-go-monsters-all-around-you/

Two-Factor Authenticated Calls Exploited for Major Profits

Many service providers offer VoIP calls, but one researcher found a method to make hundreds of calls to a premium-rate number that he owned at a profit nearing $750,000 before the process would be terminated. By exploiting this bug from Google, Microsoft, and Instagram, the researcher could have turned an annual profit well into the millions. Fortunately, he was able to contact the bug bounty programs for each company and ensure the vulnerabilities were patched before any hacker exploited them.

http://www.theregister.co.uk/2016/07/18/researcher_hacks_twofactor_flaws/?utm_content=bufferc6697&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Ransomware ‘Customer Service’ Willing to Haggle

Thousands of users become the victims of ransomware annually, and while law enforcement agencies argue both for and against paying the ransom, the fact is that customer support for these criminals has improved immensely. This increase likely stems from the malware authors knowing they can still make money, although the amount may be less than their initial ransom, if they are willing to work with their victims to pay it. In a recent study, 3 out of 5 ransomware variants’ ‘customer support’ agents (aka employed cybercriminals) were willing to negotiate a lower ransom if the victim remained firm against paying a high amount in order to get something rather than nothing.

http://www.darkreading.com/attacks-breaches/ransomware-victims-rarely-pay-the-full-ransom-price/d/d-id/1326304?

Oracle Patches Record Number of Bugs

In what might be their biggest patch update ever, Oracle has pushed a critical patch that covers 276 different bugs found across hundreds of their products. Many of the vulnerabilities were remotely exploitable and could have been extremely damaging had they been discovered in the wild. While some of the updates are based around non-network connected applications, Oracle still advises to push the updates quickly to ensure against any unauthorized access.

https://www.helpnetsecurity.com/2016/07/20/oracle-squashes-276-bugs/

HSBC Sites Downed Briefly After Cyber Attack

Earlier this week, it was reported that HSBC had been the victim of a cyber attack and both it’s US and UK sites had been taken offline. The messages remaining on both sites announced that an organization called OurMine had found a vulnerability and would only stop the attack once an HSBC employee contacted them. Seemingly as promised, the attack ceased and the sites were brought back online early Wednesday morning.

http://www.dailystar.co.uk/news/latest-news/529814/HSBC-suffers-major-security-breach-as-hackers-launch-cyber-attack-on-bank-s-servers

Malicious Pokemon Go Look-alike Apps On the Rise

With the recent popularity of the Pokemon Go app, it comes as no surprise that a massive influx of third-party apps claiming to be related have hit the appstore. While many of these are seemingly harmless, some offer cheats and other Pokemon-related info to attract users and then require permission to view personal information stored on the phones. With nearly 200 unofficial apps found so far, it is likely that more will replace the ones that are being removed.

http://www.csoonline.com/article/3095706/security/a-surge-of-pokemon-go-related-apps-is-out-to-steal-your-data.html

Ransomware’s Latest Scam Skips Encryption

Recently, researchers have discovered a new variant of ransomware that operates with significantly less sophistication than normally seen. Ranscam, the variant in question, lives up to it’s name by simply deleting the files once the ransom message is displayed, while stating the usual encryption and bitcoin payment instructions. Regardless of the victims payment status, the files are completely removed, leaving nothing to decrypt if/when a payment is made.

https://threatpost.com/ranscam-ransomware-deletes-victims-files-outright/119197/

Omni Hotels Face Data Breach

This week, Omni Hotels & Resorts made a statement that they had suffered a security breach over the past 6 months on it’s point-of-sale systems. The attack follows the long string of hotel security infractions that have occurred in the last year, as they make for highly profitable targets in an industry with out-of-date cyber protection. Fortunately for Omni, their recently appointed CIO has already begun implementing new solutions to protect against similar attacks in the future.

http://www.csoonline.com/article/3094997/data-breach/omni-hotels-new-cio-shores-up-cybersecurity-amid-data-breach.html

Stampado Ransomware Available On Dark Web For Low Price

In an unusual move by malware authors, the creators of the Stampado ransomware variant have released a lifetime license for a measly $39 USD. The variant itself is similar to Cryptolocker, but with the additional function of not requiring administrator privileges when launching. While it’s currently not widespread, the price point removes a major barrier for cyber criminals who may be deterred by a high upfront cost.

http://www.infosecurity-magazine.com/news/brand-new-stampado-ransomware/

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Hard Rock Las Vegas Confirms Credit Card Breach

Recently, the Hard Rock Cafe in Las Vegas issued a statement regarding the unauthorized access to its card processing systems, confirming that a breach had occurred and that affected customers from the last 9 months. The resort has since been in contact with customers that may have been affected by any fraudulent activity and are working to determine how the breach was carried out.

https://threatpost.com/hard-rock-las-vegas-noodle-and-co-confirm-hacks/118966/

Auto-rooting Malware? There’s An App For That!

In the past week, researchers have identified a new app on the Google Play marketplace that, once installed, will give itself root access to the device and begin installing new apps without any user interaction. The app, called ‘LevelDropper’, appears to be a simple horizontal leveling app, but once it’s active on the device with elevated permissions, it allows for attackers to install numerous other apps in order to increase ad revenue per installation.

https://threatpost.com/google-play-hit-with-rash-of-auto-rooting-malware/118938/

CCTV Botnet Used to DDoS Jewerly Shop

While stories of DDoS attacks targeting banks and other financial institutions are quite common these day, using a botnet comprised solely of hacked CCTV security cameras to attack a jewelry store website seems a bit out of place. The botnet in question is currently in control of over 25,000 cameras across at least 100 different countries. At this strength, it was capable of sending over 50,000 requests per second, rendering the jewelry site completely inaccessible.

http://arstechnica.com/security/2016/06/large-botnet-of-cctv-devices-knock-the-snot-out-of-jewelry-website/

Microsoft Loses Lawsuit Over Windows 10

With the deadline for the free Windows 10 upgrade only a few weeks away, some users who have been automatically updated to the latest Microsoft OS are less-than-pleased with it. One such case is a travel agent in California who went to court seeking restitution for her lost revenue and the cost of a new computer after the automatic Windows 10 upgrade failed and caused her computer to become unusable. Microsoft declined to appeal the case and the resulting judgement cost them $10,000.

http://www.seattletimes.com/business/microsoft/microsoft-draws-flak-for-pushing-windows-10-on-pc-users/?utm_source=twitter&utm_medium=social&utm_campaign=article_left_1.1

NASCAR Team Hit With Ransomware Prior to Race

In a time where ransomware is running rampant, it comes as no surprise that one of the highest grossing entertainment events in the world would enter the crosshairs of cybercriminals. Shortly before the race at Texas Motor Speedway in April, the Circle-Sport Leavine Family Racing team was hit with the TeslaCrypt ransomware variant that effectively shut down their 3-computer system, and almost cost them years of time and money spent on racing technology. The team paid the $500 ransom in bitcoins and was able to successfully decrypt their computers in time for race start.

https://www.helpnetsecurity.com/2016/06/27/nascar-team-victim-ransomware/

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

First ‘Hack the Pentagon’ Event a Major Success

Several months ago, the Department of Defense launched a program designed to bring in registered hackers and have them attempt to breach several public-facing websites, for cash prizes. With over 1,400 hackers participating, the DoD was able to confirm 138 discovered vulnerabilities and paid out amounts up to $15,000. Furthermore, in the 3-week period, not a single malicious attack was attempted on DoD sites.

http://www.darkreading.com/vulnerabilities—threats/hack-the-pentagon-paid-117-hackers-who-found-bugs-in-dod-websites/d/d-id/1325999?

Apple Customers Targeted With Phishing Campaign

In the last week, many Apple users had received an email warning them of a virus in the iTunes Database that required all users to re-validate all of their user information, and threatened to delete accounts if the user delayed inputting the information. However, with a redirected splash page riddled with misspelling, this phishing attempt was quickly thwarted and the associated pages were taken down, though Apple still warns users to be vigilant for similar emails in the future.

https://www.helpnetsecurity.com/2016/06/21/itunes-database-phish/

Ded Cryptor, Latest Bilingual Ransomware Variant

Researchers have uncovered another ransomware variant, this time with a less-than-jolly Santa figure appearing alongside the ransom instructions, written in both English and Russian. The so-called Ded Cryptor replaces the user’s wallpaper with the ransom note and gives an email address to contact for further steps towards payment and decryption of their files, which are appended with a .ded extension upon encryption.

http://www.bleepingcomputer.com/news/security/the-ded-cryptor-ransomware-thinks-you-have-been-naughty-this-year/

Court Rules FBI No Longer Needs Warrant to Hack Computers

In a recent court ruling surrounding a child pornography case, the FBI had granted a warrant to hack into certain computers and retrieve information that lead to multiple offenders being arrested. The presiding judge had determined that while the offenders had used Tor to anonymize their browsing, having a publicly accessible IP address removed the need for law enforcement to obtain a warrant when gaining unauthorized access to any computer, regardless of probable cause or any real suspicion.

http://www.csoonline.com/article/3088270/security/us-court-rules-that-fbi-can-hack-into-a-computer-without-a-warrant.html

Acer Security Breach

Recently, Acer has come forward and admitted to a breach in their systems that allowed hackers to access the sensitive information of over 34,000 customers, which ranges over a course of a year and contains a full year’s worth of transactions. This information includes names, addresses, and credit card information (that may or may not have been encrypted prior to the breach), and other private information that criminals could use to commit fraud.

http://www.csoonline.com/article/3085503/data-breach/massive-acer-security-breach-exposes-highly-sensitive-data-of-34500-online-shoppers.html

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Compromised RDP Servers Offer Cheap Attack Platform

Recently, researchers discovered an online marketplace that allowed for the purchase of hacked remote desktop servers for a minimal fee. The Russian-based site, known as the xDedic Marketplace, has listings for over 70,000 servers located in 173 different countries, which range from government institutions to universities.

http://www.theregister.co.uk/2016/06/15/hacked_server_market/

Chat Support: The Latest Ransomware Feature

Ransomware has become an all-too-common occurrence in the cyber world, and a new variant named ‘Jigsaw’ has a curious surprise for its victims: live phone support. An option on the lock screen offers the victim a chance to speak with someone about paying the ransom by using ‘onWebChat’, a free-to-use chat program. This feature is just another step towards professionalizing the ransomware industry and instilling trust in their worldwide “customer” base that they will decrypt the user’s files once a payment has been made.

http://www.darkreading.com/attacks-breaches/ransomware-now-comes-with-live-chat-support/d/d-id/1325879

Lone Hacker Claims Responsibility for DNC Breach

Earlier this week, it was reported that the DNC’s (Democratic National Committee’s) official servers had been compromised and sensitive information regarding opponent Donald Trump had been stolen by the Russian Government. Shortly after Kremlin officials stated their innocence in the matter, a hacker going by Guccifer 2.0 posted a blog on WordPress where he took full credit for the hack and included several (supposedly) related documents. Security officials are working to determine the authenticity of the documents, while further research has turned up additional information about other intrusions into the DNC network.

http://www.reuters.com/article/us-usa-election-hack-idUSKCN0Z209Q

Japanese Travel Agency Hacked

In the past week, the Japanese travel agency JTB announced a data breach encompassing nearly 8 million customers. The leak is said to contain not only the names and addresses of users, but passport information as well. It is believed that the attack stemmed from a phishing email attachment, which was downloaded by an unsuspecting employee. Fortunately, after further investigation, it seems only 4,300 of the passport numbers are actually valid.

http://www.zdnet.com/article/japans-largest-travel-agency-fears-data-leak-impacting-8-million-users/

Android TV Ransomware Spotted

A variant of ransomware that’s been around since 2015, known as ‘Frantic Locker’, has started to appear on Android Smart TVs with a demand for ransom in the form of iTunes gift cards. The infection initiates via a downloaded file from an infected site, then determines its geolocation and, based on its region, either launches a lock screen or shuts down. While users in Eastern Europe seem unaffected by the infection, victims in other regions are already discovering various methods to simply remove the infection, rather than paying the ransom.

http://www.theregister.co.uk/2016/06/13/android_ransomware_infects_tvs/

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Human Error Remains Top Security Threat

In a study conducted over the course of 3 years by the Information Commissioner’s Office, it was found that security breaches due to human error were the number one issue, with the number of reported issues growing steadily year-over-year. While many companies have been increasing the amount of security precautions in regards to cyber attacks, most of them do not see human error as the real problem and thus provide no additional cybersecurity training for their employees.

University of Calgary Pays High-Dollar Ransom

In the past week, the University of Calgary was hit with a ransomware attack that left them with few options. In the end, they ended up paying the nearly $20,000 ransom in hopes of regaining their important files and keeping their systems functional. Fortunately for students and faculty, the decryption keys have been successful, but there still remains much left to do to protect against future attacks.

Social Media Hacks On The Rise

Recently, many high-profile Twitter and other social media accounts have been hacked, including the official NFL Twitter account and Mark Zuckerberg’s seemingly unused account. The hacker behind the NFL breach claims to have had access to an NFL Social Media Staffer’s email that contained the login information for the @NFL  account, although it’s unclear exactly how that access was gained.

Game Torrents Redirecting to PUA Downloads

Many people who download pirated copies of games are aware of the risks involved, as some of these downloads have the possibility to contain malicious software. However, a current trend across torrent sites is instead to bundle potential unwanted applications (PUAs) with legitimate game titles and have the file launch an executable rather than the zipped game files. Once the user allows the download, some variants are capable of silently downloading additional PUAs onto the machine without further notifications to the user.

Microsoft’s Anti-Macro Efforts Missing Target

With macro-based infections continuously on the rise, Microsoft has made an attempt to secure its users through the use of more messaging, which warns of macros launching out of Word or Excel documents. Unfortunately, the wording of these warnings has changed for the worse since early iterations of the Office Suite. Where once the messages warned users of possible malicious content and aimed them away from enabling the macro, they now show an almost cheerful dialog box with options only to enable the macro or ignore the bright yellow bar atop the screen.