TweakTown NewsRefine News by Category:
A new advanced persistent threat (APT), known as DarkHotel, is now targeting C-level executives of major businesses. Instead of trying to compromise governments to steal state secrets, Dark Hotel is cleverly engineered to conduct corporate espionage, likely for a foreign state-sponsored group, utilizing poor wireless hotel security - a rather clever technique for when business leaders are staying in hotels.
Utilizing Flash zero-day exploits and using spear-phishing to compromise users, DarkHotel has been found to steal and re-use digital certificates that inject malicious code. The attacks have taken aim at business visitors in the United States, Japan, South Korea, India, mainland China, Russia, Germany, Hong Kong and Ireland.
"Just think about the playing field IT security professionals have to deal with, and why they need all the help they can get," said Joe Caruso, Global Digital Forensics (GDC) CEO and CTO. "There are mobile devices like smartphones and tablets being used more than ever before, all with seemingly endless choices of software and applications, and all providing a potential threat vector for cross-platform intrusions and attacks."
The recent launch of World of Warcraft: Warlords of Draenor, the fifth expansion for the popular MMORPG game series, received a large amount of attention. The game launched in Europe and the number of players trying to enter Draenor caused problems, and Blizzard added multiple entrance points to the game - and while this initially helped - North American users were met by a distributed denial of service (DDoS) attack.
"While that solution helped a ton for our North American launch, we ran into a few other issues, including a distributed denial of service attack, that resulted in increased latency," the company confirmed.
Blizzard was able to recover from the DDoS attack, which no group has claimed responsibility for, though there are still problems related to server load. The game company will continue to work on server time outs and other improvements to help ease server load - and make sure gamers are able to log in and play with minimal interruptions.
The US State Department is now the fourth US federal government agency to be attacked by organized hackers, with hackers targeting unclassified computer systems. The "activity of concern" did not impact any classified systems, and shows foreign state-sponsored cybercriminals are having success attacking the US federal government.
"This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system," according to a senior State Department official. The State Department tried to avoid saying it was compromised, and said routine "maintenance" would be carried out, but the Associated Press was able to verify it was a cyberattack.
In previous weeks, the National Weather Service, US Postal Service and White House have all been targeted - and likely originated from Russian-sponsored cyberattackers.
The adoption of virtual currencies, mainly bitcoin, has continued to expand in 2014 - with a growing number of businesses accepting bitcoin payments - but legitimate securities offerings showing greater interest in virtual currencies face cybersecurity problems.
In addition to currency volatility, which has scared some investors away, associated anonymity and growing risk of cyber theft from hackers is increasing.
"We are living in an age where traditional financial and investing relationships are being transformed rapidly and sometimes in confusing fashion by technology and innovation," said Glenn Moyer, Secretary of Banking and Securities. "It is especially important that investors fully understand where they are putting their money, and with whom they are investing it."
The Anonymous hacker collective has taken over control of the Ku Klux Klan, after the KKK and Anonymous engaged in a public war of words. The group began to release documents related to the names, dates of birth, addresses, phone numbers, and email addresses of KKK members in the Ferguson and St. Louis area of Missouri - as the region prepares for possibly violent protests related to the case against Ferguson officer Darren Wilson.
16 NOV 2014 09:11:47November 16, 2014
Before Anonymous gained control of the account, tweets included the following statements: "Why are you trying to kill my freedom of speech @YourAnonCentral? I thought you Anons were all about free speech. Cowards!" and "We are continuing to read Anonymous threats with much amusement. Still no action taken. #Cowards #HoodsON"
The Dickson County Sheriff's Office was compromised by the Cryptowall ransomware, with IT staff forced into paying a $500 ransom to have files unlocked. A streaming radio station was being played by a staff member, when he or she accidentally clicked on an ad that had malicious code - and Cryptowall was installed.
"Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files," said Detective Jeff McCliss, Dickson County Sheriff's Office IT director. "Is it better to take a stand and lose all that information? Or make the payment grit your teeth and just do it? It made me sick to have to do that."
Ransomware continues to plague companies - especially if they don't have recently backed up data - as infection typically begins with a social engineering phishing email. Employees are the first line of defense, and are all too quick to begin clicking file attachments and suspicious links in emails.
A hacker accused of spreading malicious code in the Tor network likely is a state-sponsored hacker being funded by the Russian government, according to security companies. Leviathan Security indicated the hacker had control over a Tor exit node located in Russia, and was able to inject the OnionDuke malware.
Not surprisingly, MiniDuke appears to have traces back to the Russian government - one of the largest state sponsors of organized cyberattacks - typically looking to compromise governments and private companies in the United States, Eastern and Western Europe.
"We have also uncovered strong evidence suggesting that OnionDuke has been used in targeted attacks against European government agencies, although we have so far been unable to identify the infection vector(s)," according to F-Secure.
Police authorities in Beijing have detained three suspects accused of creating the "WireLurker" malware targeting Apple iOS and OS X computers and mobile devices in China. The Chinese security firm Qihoo 360 Technology provided a tip that led to the arrest of three suspects, Chen, Wang and Li, and all three have been charged with the creation and distribution of WireLurker. It appears WireLurker was created to generate monetary profits for the organizers, which wouldn't be a surprising confirmation that cybercriminals are racking up large amounts of profits from cybercrimes.
Apple moved quickly to block the WireLurker malware from spreading any further, and recommended users only download apps from trusted sources.
It's ironic that China, believed to be one of the largest state sponsors of organized cyberattacks against the Western world, moved so quickly to arrest the creators of WireLurker - the malware victimized Chinese users only, and didn't have a widespread presence outside of the country.
A member of the Carder.su cybercrime ring, Cameron Harrison, 28, working under the name "Kilobit," was sentenced to 115 months in prison for his role in the international fraud ring. Harrison previously pleaded guilty to racketeering and trafficking of false identification documents, and must also pay $50.8 million in restitution to victims.
Harrison was found in possession of more than 260 compromised payment cards, and purchased personal data - while also processing credit cards - which he purchased from other Carder.su members. The ring leader of the cybercrime group was sentenced to more than 20 years in prison earlier this year, showing the government wants to hand out stiffer prison sentences to cybercriminals.
"This significant sentence is entirely fitting given that this defendant's actions and those of the larger criminal organization harmed countless innocent Americans and seriously compromised our financial system," said Peter Edge, executive associate director of the Homeland Security Investigations (HSI). "Criminals like this defendant who believe they can elude detection by hiding behind their computer screens here and overseas are discovering that cyberspace affords no refuge from American justice."
Security threats continue to give IT professionals headaches, but hardware failure, lost data, and other potential problems are often overlooked. Even though almost nine out of 10 IT professionals have lost data, half of respondents don't back up data because they forgot to do it, according to a new survey published by the CloudBerry Lab backup and management solutions company.
Furthermore 88 percent of IT professionals suffered lost data due to hardware failure, data corruption, malware or accidental deletion. In a rather surprising finding, 38 percent have never bothered to test recoverability of backed up data, while 47 percent end up waiting up to one month before backing up data.
Depending on the type of business, IT professionals recommend at least weekly data backups - though some industries should have critical information backed up on a daily basis. CloudBerry Lab found 32 percent of IT professionals understood they weren't protected or were unsure if their backups were secured with encryption, password protection, or some other type of security protocol.