TweakTown NewsRefine News by Category:
Compromised web servers infected with Linux-based malware have been used to target visitors by spreading Windows malware, with up to 25,000 suspected cases in the past two years, researchers note.
Network operators and IT specialists have been informed to look out for select Linux malware, to ensure they haven't been caught up in the Operation Windigo cybercrime effort. The server takeover campaign still is running up to 10,000 hacked servers, which are used to distribute malware, send spam, and infect users with sophisticated rootkit exploits.
"There are two kinds of victims here: Windows end-users visiting legitimate websites hosted on compromised servers, and Linux/Unix server operators whose servers were compromised through that large server-side credential stealing network," researchers note.
Four European research groups helped compile the information, as the cybercriminals behind these threats are clever and don't leave behind a big electronic signature for investigators to follow.
At the request of Swiss authorities, Farid Essebar, working under the codename "Diabl0" was arrested in Thailand by the Department of Special Investigation (DSI), Office of the Attorney General, and the Immigration Bureau.
The Russian-born hacker from Morocco allegedly broke into bank computer networks and hacked bank websites in Switzerland, racking up more than $4 billion in damages to banks and customers in 2011.
"We arrested the suspect at a condominium on Rama IV Road," authorities said in a statement. "Next Thailand will send him to Switzerland within 90 days in accordance with the extradition agreement.
This isn't Diabl0's first run-in with law enforcement, after the hacker was arrested in 2005 for his role in helping create the Zotob computer worm - a nasty cyber effort that targeted Microsoft Windows 2000 and XP users across the world.
Convicted teenage hacker Jared James Abrahams has been sentenced to 18 months in federal prison following two years of compromising online accounts of women he later blackmailed. The 19 year old pleaded guilty last November to one count of unauthorized access of a computer and three counts of extortion, and reportedly broke into around 150 online accounts.
Abrahams grabbed headlines after he compromised Miss Teen USA 2013 winner Cassidy Wolf, in which he accessed her computer and used their webcams to photograph them.
"As digital devices, email accounts, and social media accounts now contain the most intimate details of the public's daily lives, the impact of this type of hacking and extortion becomes more pronounced, troubling, and far-reaching," the U.S. Department of Justice noted. "In some cases, this type of criminal behavior can be life-changing for the victims - especially for vulnerable victims who may feel it is impossible to rebuild their tarnished reputations."
Users need to be more diligent in the type of images, videos, and other personal information they share online - and ensure they keep accounts password-protected with hard-to-guess passwords - and have updated anti-virus and anti-malware software. As Abrahams showed, it's not a bad idea to keep webcams covered when not in use, as well.
Malware tormented users at record levels in 2013, with 20 percent of all malware ever created just last year alone, averaging 82,000 new threats per year, according to Panda Security.
Cybercriminals are targeting both PCs and mobile devices, and custom pieces of malware such as ransomware also are increasing in popularity. Seven of 10 new security threats were customized Trojans, with 21 million new variants created and released into the wild in 2013.
"It seems that cybercriminals managed to infect more computers with Trojans in 2013 than in previous years," according to Panda Labs. "In 2011, Trojans accounted for 66 percent of all computer infections, whereas this percentage rose to 76 percent in 2012. The growing trend was confirmed in 2013."
Although malware is a global problem, China, Turkey and Ecuador face the highest number of infections, according to Panda Labs, with nine of the 10 least infected countries found in Europe.
Network hardware and cloud company Barracuda Networks announced the Threatglass website, an online tool designed for security specialists to browse, share and analyze website malware.
The website is designed to help show visitors detailed information of activities on malicious websites, and also includeds screenshots of the browser, e-mails sent, and number of domains and objects requested.
"'Good sites gone bad' is a daily problem for popular websites targeted by attackers and used to serve malware to their unsuspecting visitors," said Dr. Paul Judge, Barracuda Networks chief research officer, in a press statement. "Threatglass was designed for both casual users and the research community to provide a way to document and better understand this ongoing problem."
In a time of continued cyber threats, the Barracuda Threatglass resource will prove to be an interesting place to view infection incident reports. Visitors have the ability to view the most recent group of compromised sites, and screenshots are hidden until users choose to view them - because quite a few compromised websites have pornography or other adult content.
Australian Foreign Minister Julie Bishop's official Twitter account was recently hacked, with Bishop confirming the breach. The fake tweets:
Bishop responded by saying ,"Yes my Twitter account has been hacked/compromised." Not surprisingly, the fake tweets were quickly deleted, passwords reset, and Bishop will be able to continue her job normally.
Typically just an annoyance when a high-profile figure is publicly hacked, though the fake links posted on Bishop's page led to a replicated Twitter login page. The links are no longer active, but it's unknown how many users mistakenly entered username and password information.
Creative cybercriminals use hacked accounts to try and phish followers, or steal personal information, which is easier to do when a Twitter user is high-profile - and has a large number of followers - which means users must always keep vigilant.
Cybercriminals plague regular consumers and businesses, impacting millions of users and costing companies billions, but even they aren't immune from attack.
One of the Rescator websites, which was one of two websites used to help sell bulk credit cards from the Target breach, had the following message to greet potential customers: "Hi subhumans and miscreants, your fraud site is gone now. Go away."
The websites are now back online.
Rescator has been responsible as a clearinghouse to sell stolen credit and debit card information from Target, Sally Beauty Supply, Neiman Marcus, and other compromised retailers. The website domains point towards websites based in the former Soviet Union, Colombia, and Cocos Islands.
Sally Beauty said less than 25,000 customer records were compromised during a data breach the store recently confirmed.
The company is still waiting for Verizon to continue its forensic investigation before releasing full details of the breach, though the company said customers are its top priority and will continue to provide updates following the breach.
"We take this criminal activity very seriously,"the company said in a press statement. "We continue to work diligently with Verizon on this investigation and are taking necessary actions and precautions to mitigate and remediate the issues caused by this security incident.
The retailer also is working with the U.S. Secret Service to investigate the data breach - as the FBI and Secret Service have been frequently tasked with helping to investigate security breaches.
Security researchers see a large volume of daily phishing attacks each day, but a recent phishing attempt to compromise Google Docs users has sent up red flags, according to a blog recently published by Symantec.
The e-mail has a title of "Documents" and tricks users to view "an important document" via Google Docs by clicking an included link. Instead of going to the traditional Google Docs login page, a convincing fake Google Docs login page is where users end up. Even worse, the phishers are running the fake page on Google servers with SSL support, and when a user enters information, a compromised server receives the PHP script.
Following a compromised user logging in, a redirected page takes users to an authentic Google Docs file - a very convincing phishing effort.
Cybercriminals created the phony page using a folder inside a Google Drive account, which was set to public, then uploaded a file. Compromised Google credentials provide access to Gmail, Google Play, and other Google accounts, so this is a major security issue that users need to be aware of.
The battle against fake and malicious mobile apps is a global effort, with the United States, Japan, South Korea, and a few other nations dealing with advanced fake apps.
Researchers from RiskIQ found that malicious apps in the Android Google Play store increased by almost 400 percent from 2011 to 2013.
In Japan, fake business apps are unknowingly installed, then are updated so they are able to steal personal information and user credentials. Drugstore chain Matsumotokiyoshi has had to deal with a fake app, dubbed e! Matsumotokiyoshi, used the company's logo sending users to the company's official website - but the malicious app accepts user payments to place orders, with financial data stolen.
South Korea, where smartphone penetration has reached 70 percent of the population, researchers are finding increasingly advanced fraud tactics used to steal information and frustrate users.