Cybersecurity News for the Week Ending 15 December 2017
MoneyTaker Group Robs Banks
The MoneyTaker group is a previously unknown and sophisticated group of Russian hackers who have stolen more than $10M in the past 18 months, according to Moscow-based cybersecurity firm Group-IB. MoneyTaker operates a theft ring that concentrates on ATM machines. Since May 2016, they have targeted banks in Moscow, New York, California, and Utah. The average amount stolen from U.S. banks was $500,000. The group stole more than $3M from three Russian financial institutions. The group uses “fileless” malware, or malware that only exists in a computer’s memory and is destroyed when the user logs off. MoneyTaker further disguises their efforts by using fake encryption certificates using names such as Bank of America, Microsoft, and the Federal Reserve. The group accessed card processing systems and then opened accounts at the targeted banks. They erased the withdrawal limits and used money mules to withdraw money from the ATMs. Their techniques have been so successful that one bank was robbed twice. (Hamilton Spectator (Ontario, Canada), 12/11/2017. View Article)
Germany Accuses China of “Catphishing”
Germany’s Security Agency (BV), as part of a long-running counterintelligence operation, called out China for catphishing, which refers to the phishing attacks on targeted individuals by creating phony social media profiles. Germany pointed to 10,000 instances of fake profiles – mostly on LinkedIn – that were used as bait for unwary social media users. Most of the fictitious profiles were taken down quickly, and the Chinese denied any involvement. They asked Germany to “speak and act more responsibly,” and dismissed the report as “groundless.” (The CyberWire, 12/12/17)
Former CIA Deputy Director Cites a “Failure of Imagination” by U.S. Intelligence in Russian social media operation against 2016 U.S. Election
Mike Morell told Politico that Russian hacking in the run-up to the 2016 presidential election was a U.S. intelligence failure that was “not dissimilar to the failure of imagination we had for 9/11.” Morrell said the U.S. Intelligence Community failed to understand that social media platforms could be used by the Russians to interfere in the U.S. electoral process. He also lamented the lack of focus on Russia under Vladimir Putin that occurred in the aftermath of 9/11, when intelligence agencies shifted resources to the counter-terrorism mission. He said, “As we were trying to protect the country from terrorists, we became more blind to what was going on in the rest of the world,” adding that, “When you make choices you leave significant risk on the table.” View Article
Link Between Kaspersky Labs and Russian Security Service Identified
A Russian cybercriminal, spending time in prison while awaiting trial, posted a court document on his Facebook page that seems to indicate the Russian Federal Security Bureau (FSB) has agents posted inside Kaspersky Labs. The April 2015 document cites an incident where an FSB agent gave a password for a cybercriminal’s computer to a Kaspersky technician who then retrieved plaintext documents from the targeted computer. DHS recently banned the use of Kaspersky products for the U.S. Government based on the suspicion that the firm’s founder, Eugene Kaspersky, has close ties with the Russian security services. View Article
Army to Bring on Direct Commission Cyber Officers
The Army will soon select its first class of cyber warriors to be direct commissioned as second lieutenants. While the initial class includes only five people and the Army is treating it as a pilot program, Army Cyber Command leadership and Congress are excited about the possibilities. Applicants up to age 41 are being considered. By next May, computer engineers and software specialists accepted into the program may become Army officers in as little as four months after a short period of training. They will become Cyber Operations Officers and begin to fill vacancies in the Defense Department’s Cyber Mission Force. Most Army cyber officers have entered service via the ROTC program, West Point, or Officers Candidate School. View Article
Mirai Botnet Perpetrators Plead Guilty
The U.S. Justice Department unsealed an indictment on 12 December against a New Jersey and a Pennsylvania man for their role in creating and deploying the Mirai botnet, which used the Internet of Things to launch Distributed Denial of Service (DDOS) attacks on many organizations in the past year. Paras Jha (21) and Josiah White (20) co-founded Protraf Solutions LLC, which focused on stopping DDOS attacks. As security researcher Brian Krebs puts it, they were like “fireman who were getting paid to put out the fires they started.” The attacks they led included the DDOS against Internet service provider DYN in October 2016 which affected Twitter, Netflix, Reddit, and many other sites. The two men pleaded guilty to the charges about Mirai and also to conducting click fraud, a form of fraudulent online advertising. Their click fraud activities are projected to cost advertisers more than $16 billion in 2017. View Article
GCHQ Opens its Doors to Cyber Innovation
GCHQ and its National Cyber Security Centre have launched a cyber innovation accelerator program in London. Nine start-up companies will work with GCHQ and cyber experts to develop technology to improve the UK’s cyber defenses. Projects ranging from detecting phishing and spearphishing messages to identifying vulnerabilities in deployed systems, to advanced intrusion detection for transportation networks are included. Participating companies will receive help with funding, office space, and contacts with potential investors to bring successful projects into the cyber defense market. View Article
Industrial Safety and Control System Hacked in Middle East
Cybersecurity firm FireEye reported on a failed cyber attack on an industrial plant in the Middle East, likely in Saudi Arabia. The attack was targeted at Triconex industrial control technology that supports plant safety and control capabilities at more than 11,000 industrial plants around the world. FireEye suggests that the event may have been cyber reconnaissance gone wrong since the hack triggered the fail-safe mode of safety systems, shutting the plant down. FireEye also believes that a nation-state was behind the attack. Like Stuxnet, the malware used in this attack is capable of disrupting industrial processes. View Article
Can You Trust Your TV?
Researchers at TripWire and Trend Micro have demonstrated several vulnerabilities in TVs connected to the Internet. TripWire found that most Android-based set-top boxes sold on-line use old and insecure versions of Windows. Trend Micro pointed to vulnerabilities in Linksys WVBRO-25, the wireless bridge used for video links supporting DirecTV. Although Trend Micro disclosed this problem to Linksys months ago, no action was taken. View Article
Change Your Passwords!
4iQ is a cybersecurity group that studies the Dark Web, a covert part of the Internet used by criminals and others who want to avoid detection. The firm recently found a searchable database with over 1.4 billion stolen credentials that resulted from more than 250 data breaches against LinkedIn, Twitter, Badoo, Myspace, Gmail, and other entities. Their analysis shows that over 380 million credential pairs, almost 320 million unique users, and 147 million passwords in this data base are new, meaning not available elsewhere in the Dark Web. 4iQ identified the Top 40 passwords and their frequency of occurrence in the data base. Here are the Top 10:
1 - 123456, used 9,218,720 times
2 - 123456789, used 3,103, 503 times
3 - qwerty, used 1,651,385 times
4 - password, used 1,313,464 times
5 - 111111, used 1,273,179 times
6 - 12345678, used 1,126,222 times
7 - abc123, used 1,085,144 times
8 - 1234567, used 969,909 times
9 - password1, used 954,446 times
10 - 1234567890, used 879,924 times
Cybersecurity firm Cylance reported on 4iQ’s work, and advises everyone to change to longer and stronger passwords to protect yourself and your data. View Article
Return to our HOME PAGE
