Cybersecurity News Bytes for the Week Ending 9 February 2018
Winter Olympics Faces Hacking Threats
Fear of phishing attacks, hacks, and other malicious activity are increasing as the opening of the Pyeongchang Olympics approaches. Cybersecurity experts are observing an increase in criminal activity including using phishing emails to attract people to engage in illegal activities. The threat is severe enough to prompt the Department of Homeland Security to issue a warning about the cybersecurity risks associated with attending the Games. (DHS warning: https://www.us-cert.gov/ncas/current-activity/2018/02/01/Pyeongchang-2018-Staying-Cyber-Safe-during-Olympics). Some experts have detected signs of nation-state involvement in malicious activity. Russian-based hacking group Fancy Bear has ramped up its activity in response to the doping charges levied against Russia in the last Olympics, targeting the U.S. anti-doping agency and several Olympic organizations. The International Olympics Committee is aware of the increased threat level and claims to be prepared to fend off any cyber attacks on the Games. The Hill, 3 February 2018
Google Chrome Extensions Used to Create Large Botnet
Trend Micro researchers have discovered a botnet affecting hundreds of thousands of users. The botnet, dubbed “Droidclub, is based on malicious extensions to Google Chrome which deploy malware to every website a user may visit. The Chrome extensions can record every action a user takes on a website. They can also inject adware and cryptocurrency mining malware into websites. Trend Micro published a detailed report on the tactics, techniques and procedures used to install the extensions and create the botnet as well as a list of the malicious extensions. Trend Micro Blog, 1 February 2018
Russian Hacker “Peter of the North” Extradited to U.S.
Notorious Russian hacker Peter Yuryevich Levashov, aka “Peter Severa” (“Peter of the North”), was extradited to the United States from Spain to face criminal charges resulting from his creation of the Kelihos botnet that was used to generate spam, steal financial data, and infect computers around the world. While rumored to be involved in the Russian hacking of the 2016 U.S. presidential election, Levashov was sought by law enforcement for his “spam as a service” offerings and targeted phishing attacks. The FBI alleges that Levashov sold services including up to one million spam messages for $200 and, for $300, “job spam” seeking to hire people for illegal services like money laundering. Levashov was in Spain on vacation last April when arrested by Spanish authorities. He arrived in New Haven, Connecticut on Friday, 2 February. (Note: Russian cyber criminals wanted in the U.S. are immune from extradition to the U.S. as long as they remain in Russia. They place themselves in jeopardy when they go on vacation to countries that have extradition treaties with the United States. Levashov is not the first Russian hacker to be arrested while on vacation outside Russia and then extradited to the U.S.) Full Story
Adobe Fixes Flash Vulnerability
Adobe released update Flash Player 18.104.22.168 on Feb. 6 to fix the zero-day vulnerability identified as the vector used by North Korean hackers to infiltrate South Korean government websites. Users of the Flash plug-in that is packaged with Google Chrome, Microsoft Edge, and Internet Explorer 11 will be updated automatically via updates to those browsers. Analysts assess this action to be from a North Korean threat actor dubbed Group 123, noting that use of this zero-day was beyond North Korea’s known hacking repertoire. Security Boulevard, 6 Feb 2018
Record Number of Data Breaches in 2017
Richmond, Virginia based firm Risk Based Security released its 2017 Data Breach Quick-View Report on 6 February. More than 5,200 breaches were reported worldwide in 2017, an increase of 20% from the previous record set in 2015. A total of 7.8 billion records were compromised, also a record number. The most common form of breach in 2017 was the accidental exposure of sensitive information on the Internet or other means, with 5.4 billion records exposed. An egregious example of corporate mishandling of sensitive data involved Aetna. The insurance company agreed to pay over $18 million to more than 11,000 members who are also HIV patients. In August, the company sent updates on the process for filling prescriptions. But the mailings were sent in envelopes with large glassine windows that exposed sensitive medical information. Risk Based Security, 6 Feb 2018
Return to our HOME PAGE.