TweakTown NewsRefine News by Category:
The "Machete" cyberattack targeted Spanish speaking residents of Colombia, Ecuador and Venezuela, and the malware was recently noted by security firm Kaspersky Lab. The targeted attack campaign likely launched in 2010 and was improved in 2012, with the Machete operation still potentially active. The malware is sent as a RAR file attachment that includes a PowerPoint presentation, researchers noted.
The malware can log keystrokes, capture geolocation data, capture screenshots, record audio from PC microphone, take photos via Web camera, and copy files to a remote server, among other similar cybercriminal activities.
There were 85 victims in Colombia, 282 victims in Ecuador, and 372 victims in Venezuela, though also found 45 victims in Russia and small numbers of victims in the United States and Europe. Much like other malware distribution, the criminals rely on social engineering to trick users to unknowingly install it on their machines.
Social media service Diaspora, an open source, decentralized service consisting of individual nodes, utilizes thousands of private servers. Unfortunately, there isn't a way for the Diaspora project team to edit or remove content from a network node, and that's likely why IS chose it.
After being booted from Twitter and other social networking sites, the Islamic State is looking for new alternatives. In an attempt to spread images, videos and published propaganda to shock the west and appeal to new recruits, IS wants to have a collection of social media accounts to use.
"As many of the members of the core team are pod administrators ourselves, we know it can be hard to detect such users," the Diaspora blog reads. "We rely on our community members to use the report function to alert their podmin to any post or comment they believe to be a cause for concern. However, because this is such a crucial issue, we have also accumulated a list of accounts related to IS fighters, which are spread over a large number of pods, and we are in the process of talking to the podmins of those pods."
Apple iMessage now accounts for more than 30 percent of all mobile spam messages sent to users, with cybercriminals easily able to send messages to a large number of users. To better combat spam messaging, Apple previously put in place iMessage rate-limiting, as hackers last year were able to send a large volume of messages with little resistance. However, it still remains a lucrative tool for cybercriminals to use for spam and phishing attacks, with the problem seemingly out of control.
To register for an iMessage account, a criminal simply needs a victim's linked email address - a mobile phone number isn't required. Security experts have seen message come from U.S. companies such as Microsoft's Hotmail to China's Yeah.net, indicating a large number of accounts have been created to send out spam.
Trying to report iMessage spam abuse is a tiresome, annoying process: users must email Apple, including a screenshot of the spam message, email address or phone number of sender, along with the date and time the message was sent by the spammer.
U.S. universities face a bigger threat of security data breaches than the retail and healthcare sectors, according to a recent study published by BitSight. As the school year begins again, hackers are preparing to target universities once again, the report said.
Using data based on major athletic conferences, including the Pacific-12, Big 10, Big 12, Southeastern Conference, Atlantic Coast Conference and Ivy League from July 2013 to June 2014, all divisions saw a drop in cybersecurity performance.
"From Social Security and credit card numbers to health records and intellectual property produced by research departments, colleges and universities house a vast amount of sensitive data," said Stephen Boyer, BitSight co-founder and CTO, in a statement to FierceCIO. "While not surprising given the unique challenges universities face securing open campus networks, it's concerning to see that they are rating so far below other industries that we've seen plagued by recent security problems."
The UPS Store suffered a data breach at 51 retail locations across the United States, with 105,000 customer transactions, ranging from January 20 to August 11, at risk due to the security incident. If you've shopped at the UPS Store, you're urged to visit the company's website to identify if your UPS Store location was compromised - individual notification letters will not be sent out.
To date, there has been no evidence of fraud related to the incident, with malware found on the company's network. Names, postal addresses, payment information and email addresses are at risk, but it's unknown how many customers might have been affected.
"As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue," said Tim Davis, UPS Store President, in a statement. "Our customers can be assured that we have identified and fully contained the incident."
The U.S. Nuclear Regulatory Commission (NRC) was "successfully hacked" at least three times in the past few years, with two of the data breaches conducted by hackers overseas, according to records. One breach took places due to a phishing attack that was sent to more than 200 NRC employees, with a successful logon-credential harvesting attempt. At least 12 employees opened an enclosed link in the email, indicating there is still work to be done to better educate employees against opening suspicious emails.
A different attack also utilized a phishing attack that redirected employees to malware spread via Microsoft SkyDrive, with "one incident of compromise and the investigation tracked the sender to a foreign country."
"The few attempts documented in the OIG Cyber Crimes Unit report as gaining some access to NRC networks were detected and appropriate measures were taken," said David McIntyre, NRC spokesman, in a statement to the media.
The healthcare industry is still being slammed by cyberattacks, with 90 percent of organizations losing patient data at one time or another, according to research from the Ponemon Institute. It's a frightening thought because the medical industry faces more data breaches than the military and banking industries combined.
Cybercriminals have shown great interest in targeting the healthcare industry, as stolen records are worth more on the underground market. Credit card information can fetch around $1 per stolen record, but medical data earns up to $50+ per stolen credential.
"They can't keep up [with hackers]," said J.D. Sherry, Trend Micro security firm adviser for hospitals and healthcare organizations. "Their resources are tremendously overwhelmed. With day-to-day business, IT security is not top of mind."
Pro-Syrian hackers are using WhatsApp, Facebook, YouTube and Viber to share malware that is aimed at activists fighting for a regime change in Syria. In addition to Syrian Internet users, people were also targeted in the United States, France, Saudi Arabia, United Arab Emirates, Turkey, Palestine, Israel, Morocco and Lebanon, security researchers noted.
The malware is using remote access tools (RATs) and being shared to groups that support Syrian President Bashar al-Assad. The RAT technology are able to compromise PCs and systems in which they are installed, with attackers stealing credentials, remotely turning on microphones and video cameras, and controlling the infected PCs.
"Total Network Monitor (which is a legitimate application) is inside another sample found, being used with embedded malware for spying purposes," according to Kaspersky Lab researchers. "Offering security applications to protect against surveillance is one of the many techniques used by malware writing groups to get users desperate for privacy to execute these dubious programs."
Coordinated state-sponsored cyberattacks are nothing new, but it looks like Pakistan wants to evolve from simple hacktivism and mature into official cyberespionage. Recent collaborative research from FireEye and ThreatConnect noted advanced persistent threat (APT) attacks dating back to early 2013, which is more common from organized cyberattackers.
The Bitterbug malware, for example, uses US virtual private servers and is designed to steal information and send it back to its operator overseas. It appears that a hosting provider in Pakistan leases the ability to operate a command and control server from a U.S. provider.
"Adversaries are masking their exploitation operations behind U.S. infrastructure and targeting U.S> and international victims," said Rich Barger, ThreatConnect Director of Intelligence Research, in a press release. "These adversaries are purporting to be legitimate organizations and abusing unwitting service providers."
The Community Health Systems (CHS) suffered a data breach in April and June that has affected up to 4.5 million of the company's patients. Although payment information wasn't taken, patient names, addresses, birthdates, telephone numbers, and Social Security numbers were compromised during the breach.
The attack likely was an Advanced Persistent Threat (APT) originating from China, in an effort to steal bulk data which can be used later. APTs are targeted attacks designed to circumvent modern firewalls, antivirus and antimalware solutions used by companies.
"The company has confirmed that this data did not include patient, credit card, medical, or clinical information," Community Health noted in a statement to the Securities and Exchange Commission (SEC).