Friday, June 23, 2017

SANS talks about fake DDOS extortions

Apparently the latest thing is fake DDOS extortions.  Unfortunately all they have to do is make good on them - and what's the risk?  They're already opening up their bitcoin address to tracing.  Let's see what happens.

Johannes at SANS would like some more samples too.

https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/

Perry
Posted by at No comments:
Labels: , , ,

Thursday, June 22, 2017

Variety article about Netflix's "Orange is the new black" leak

Really interesting

http://variety.com/2017/digital/features/netflix-orange-is-the-new-black-leak-dark-overlord-larson-studios-1202471400/amp/

More on Variety about Dark Overlord
http://variety.com/t/dark-overlord/



Posted by at No comments:

Wednesday, June 21, 2017

Is ANYBODY still allowing UPNP?

From Graham Clueley - Just say no to UPnP


Universal Plug 'n' Pwn! Pinkslipbot malware exploits UPnP to help it steal credentials

First malware to use infected devices as HTTPS-based control servers.

A variant of Pinkslipbot is the first known malware to conduct attack campaigns using infected devices as HTTPS-based control servers.
The Pinkslipbot malware has been around since 2007. It comes equipped with keyloggers and other credential stealers to make off with U.S. users' financial information. In fact, it steals over half a million user records each day.
To perpetrate this scale of data theft, Pinkslipbot, otherwise known as the Active Directory lockout-producing QakBot trojan, relies on a botnet of 500,000 infected machines. Each newly infected bot indirectly receives instructions from the malware's real command-and-control (C&C). Two layers of defenses - infected machines serving as HTTPS proxies and additional HTTPS proxies
- funnel these commands down to bots, likely in an effort to conceal the real C&C servers' IP addresses.


more...
https://www.grahamcluley.com/universal-plug-n-pwn-pinkslipbot-malware-exploits-upnp-help-steal-credentials/


Posted by at No comments:

Big ransomware attack conclusively linked to malvertising?

We DON'T NEED PROOF, but interesting...

Yes,  we  do need good, tested, reliable backups.

UK Uni Ransomware Attacks Linked to Malvertising Campaign

UK / EMEA News Reporter , Infosecurity Magazine

The ransomware that caused widespread disruption at two UK universities last week is now thought to have been spread via a much larger malvertising campaign, according to Proofpoint.
Kafeine, a researcher at the security vendor, explained that the C&C IP address for the ransomware in question is commonly associated with the Mole family and payloads linked to the Astrum exploit kit, a known favorite of the banking trojan group AdGholas.
“At that stage, we were almost convinced the events were tied to AdGholas / Astrum EK activity. We confirmed this, however, via an HTTPS connection common to the compromised host avia-book[.]com,” the blog post continued.
This host was apparently being used in a large scale malvertising campaign targeting the UK, Australia, Canada, Italy, Monaco, Liechtenstein, Luxembourg, Switzerland, Japan, Taiwan and the United States.
All compromised hosts are said to have contacted the Astrum C&C IP address.
“It appears that between June 14 and 15, Astrum was dropping Mole ransomware in the United Kingdom and likely in the US. Mole is a member of the CryptFile2/CryptoMix ransomware family. We do not know the payloads in other countries, but, based on past activity, we are confident they were banking Trojans. Unlike ransomware, bankers are generally less noisy and often remain unnoticed by victims,” Kafeine concluded.

more...
https://www.infosecurity-magazine.com/news/uk-uni-ransomware-attacks-linked/?utm_source=dlvr.it&utm_medium=twitter


Posted by at No comments:

Tuesday, June 20, 2017

Interesting wired article on power grid hacking as Cyberwar

How An Entire Nation Became Russia's Test Lab for Cyberwar


The clocks read zero when the lights went out.
It was a Saturday night last December, and Oleksii Yasinsky was sitting on the couch with his wife and teenage son in the living room of their Kiev apartment. The 40-year-old Ukrainian cybersecurity researcher and his family were an hour into Oliver Stone’s film Snowden when their building abruptly lost power.
“The hackers don’t want us to finish the movie,” Yasinsky’s wife joked. She was referring to an event that had occurred a year earlier, a cyberattack that had cut electricity to nearly a quarter-million Ukrainians two days before Christmas in 2015. Yasinsky, a chief forensic analyst at a Kiev digital security firm, didn’t laugh. He looked over at a portable clock on his desk: The time was 00:00. Precisely midnight.

Link here:
https://www.wired.com/story/russian-hackers-attack-ukraine/


Posted by at No comments:

NATO publishes a book about Russian Cyber defense in the Ukraine

Cyber War in Perspective: Russian Aggression against Ukraine

The conflict in Ukraine appears to have all the ingredients for cyber war. Moscow and Kyiv are playing for the highest geopolitical stakes, and both countries possess a high level of expertise in information technology and computer hacking. However, there are still many sceptics of cyber war, and more questions than answers. Malicious code has served criminals and spies very well, but can cyber attacks offer soldiers more than a tactical edge on the battlefield? Can they have a strategic effect? And what norms should be established in international relations to govern nation-state hacking in peacetime and in war?

Link here:
https://ccdcoe.org/multimedia/cyber-war-perspective-russian-aggression-against-ukraine.html

Posted by at No comments:
Labels: , , , ,

Reuters: U.S. banks, corporations establish principles for cyber risk ratings firms



More than two dozen U.S. companies, including several big banks, have teamed up to establish shared principles that would allow them to better understand their cyber security ratings and to challenge them if necessary, the U.S. Chamber of Commerce said on Tuesday. Large corporations often use the ratings, the cyber equivalent of a FICO credit score, to assess how prepared the companies they work with are to withstand cyber attacks. Insurers also look at the ratings when they make underwriting decisions on cyber liability.
The group includes big banks like JPMorgan Chase & Co (JPM.N), Goldman Sachs Group Inc (GS.N) and Morgan Stanley (MS.N), as well as non-financial companies like coffee retailer Starbucks Corp (SBUX.O), health insurer Aetna Inc (AET.N) and home improvement chain Home Depot Inc (HD.N). They are organizing the effort through the Chamber of Commerce, a broad trade group for corporate America.
The move comes in response to the emergence of such startups as BitSight Technologies, RiskRecon and SecurityScorecard that collect and analyze large swaths of data to rate companies on cyber security.



Remember kids - use those ad blockers!
http://www.reuters.com/article/us-banks-cyber-idUSKBN19B1ZL
Posted by at No comments:
Labels:

Monday, June 19, 2017

Paper on why Bancor Is Flawed

http://hackingdistributed.com/2017/06/19/bancor-is-flawed/

Questions for the class:
1. WTF is Bancor?  Is it a cryptocurrency? (Likely)
2. Why on earth did they collect  144M crowdsourcing?
3. Will we hear more of them?
4. Will this be like Ethereum?  Which is $371. OMFG
5. Is there anything I can do about it?

Extra Credit:  Apparently (some (idiotic)) people are shortening "cryptocurrency" to "crypto".  PLEASE do something bad to them, like ask for their AOL or Prodigy email address, or ask which ransomware attacks they've been hit with.

Litecoin is $50 BTW


Posted by at No comments:
Subscribe to: Comments (Atom)