Tag Archives: malware

[ISN] Hackers give up when they go up against this cybersecurity company

http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ By Robert Hackett @rhhackett Fortune.com July 29, 2015 It’s not every day that a company can compel hackers to give up. Yet that’s exactly what CrowdStrike managed to do earlier this year. CEO and co-founder George Kurtz tells it like this: A besieged customer needed backup. So Kurtz’s team sent in reinforcements, placed its cloud-based software sensors across the breached business’s computing environment, and started gathering intel. Aha! Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled. CrowdStrike’s reputation precedes it. The company, founded in 2011 and based in Irvine, Calif., has gone toe-to-toe with some of the world’s most sophisticated state-sponsored hacking groups. The firm analyzed the data behind the breaches of millions of sensitive records at the Office of Personnel Management, the federal agency responsible for human resources, in what may have been the biggest act of cyberespionage the U.S. has ever seen. It has published threat reports on many of the more than 50 adversaries it tracks, which include the likes of Ghost Jackal (the Syrian Electronic Army), Viceroy Tiger (an Indian intruder), and Andromeda Spider (a criminal coterie). Between 2013 and 2014 its revenue grew 142% and its customer base more than tripled, two reasons Google Capital GOOG 0.63% , the tech giant’s growth equity arm, led a $100 million investment in CrowdStrike in July, its first ever for a computer security company. Kurtz used to travel hundreds of thousands of miles a year as CTO of McAfee, now called Intel Security INTC 0.17% , to meet with beleaguered customers. It struck him that they did not need more anti-malware and antivirus products, the traditional realm of information security, so much as software oriented toward tradecraft and technique, the domain of cyberspies. Co-founder and CTO Dmitri Alperovitch, then McAfee’s head of threat intelligence, agreed. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘Plague Scanner’ controls multiple AV engines, for $0.00

http://www.theregister.co.uk/2015/07/27/plague_scanner_box_offers_invisibility_cloak_to_white_hats_vxers/ By Darren Pauli The Register 27 Jul 2015 Security researcher Robert Simmons has released a tool that offers a new level of stealth to the malware cat-and-mouse skirmish by shrouding binary analysis. “Plague Scanner” is a free on-premise anti-virus framework – a class of tool that drives multiple anti-virus scanners at once – and is the only free alternative to commercial frameworks or online systems. It can help businesses to analyse malware containing potentially sensitive corporate information, or black hats to test their wares without exposing either to traditional public web services like VirusTotal. Simmons (@MalwareUtkonos) says the only commercial on-premise multiple antivirus scanners worth their salt are hugely expensive and out of the range of small to medium businesses, independent researchers, and probably black hats. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Some hackers make more than $80,000 a month — here’s how

http://www.businessinsider.com/we-found-out-how-much-money-hackers-actually-make-2015-7 By CALE GUTHRIE WEISSMAN Business Insider Jul. 14, 2015 It’s a known fact that hacking makes money. But how much money? And how do hackers carry out their internal dealings with one another so as not to step on each other’s toes? Much like the fine-tuned systems of mafias and gangs that act almost identically to businesses, hackers have also created their own extremely intricate systems — and the scale of their operations is astounding. Security researchers have been embedding themselves into these online underbellies to see precisely what’s going on. This way they can get an early look at the malware hackers are cooking up, while also learning just how the system works. The information security company Trustwave has been doing just this for years. It now has a lot to show for it, including discovering how much money a hacking gang makes and how precisely the cybercrime ecosystem works. Trustwave’s VP of Security Research Ziv Mador has put together a presentation he gives to customers so they can get a better handle on how to protect themselves. As he put it, it’s just a “glance of what we find.” But Mador has given Business Insider an exclusive look at the wheeling and dealing of hackers inside this secretive world — check it out below. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking Team orchestrated brazen BGP hack to hijack IPs it didn’t own

http://arstechnica.com/security/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/ By Dan Goodin Ars Technica July 12, 2015 Spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn’t own to help Italian police regain control over several computers that were being monitored in an investigation, e-sent among company employees showed. Over a six day period in August 2013, Italian Web host Aruba S.p.A. fraudulently announced its ownership of 256 IP addresses into the global routing system known as border gateway protocol, the messages document. Aruba’s move came under the direction of Hacking Team and the Special Operations Group of the Italian National Military Police, which was using Hacking Team’s Remote Control System malware to monitor the computers of unidentified targets. The hijacking came after the IP addresses became unreachable under its rightful owner Santrex, the “bullet-proof” Web hosting provider that catered to criminals and went out of business in October 2013, according to KrebsOnSecurity. It’s not clear from the e-mails, but they appear to suggest Hacking Team and the Italian police were also relying on Santrex. The emails were included in some 400 gigabytes of proprietary data taken during last weekend’s breach of Hacking Team and then made public on the Internet. With the sudden loss of the block of IP addresses, Italy’s Special Operations Group was unable to communicate with several computers that were infected with the Hacking Team malware. The e-mails show Hacking Team support workers discussing how the law enforcement agency could regain control. Eventually, Italian police worked with Aruba to get the block—which was known as 46.166.163.0/24 in Internet routing parlance—announced in the BGP system as belonging to Aruba. It’s the first known case of an ISP fraudulently announcing another provider’s address space, said Doug Madory, director of Internet analysis at Dyn Research, which performs research on Internet performance. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Adobe to patch second Hacking Team Flash zero-day bug

http://www.computerworld.com/article/2947273/malware-vulnerabilities/adobe-to-patch-second-hacking-team-flash-zero-day-bug.html By Gregg Keizer Computerworld July 11, 2015 Adobe next week will patch a second zero-day vulnerability found in the leaked documents from the Hacking Team, a controversial Italian company that sells surveillance software and exploits to governments, Adobe said late Friday. Computerworld’s Best Places to Work in IT 2015: Company Listings The complete listings: Computerworld’s 100 Best Places to Work in IT for 2015 A compact list of the 56 large, 18 midsize and 26 small organizations that ranked as Computerworld’s READ NOW The flaw will be patched this coming week; Adobe did not set a release date for the fix. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe noted in an advisory. The vulnerability was the second uncovered in the gigabytes of documents leaked after attackers compromised the Hacking Team’s network and pilfered emails, financial information and contracts from the firm’s systems. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Credit Card Breach at a Zoo Near You

http://krebsonsecurity.com/2015/07/credit-card-breach-at-a-zoo-near-you/ By Brian Krebs Krebs on Security July 9, 2015 Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems. Several banking industry sources told KrebsOnSecurity they have detected a pattern of fraud on cards that were all used at zoo gift shops operated by Denver-basd SSA. On Wednesday morning, CBS Detroit moved a story citing zoo officials there saying the SSA was investigating a breach involving point-of-sale malware. Contacted about the findings, SSA confirmed that it was the victim of a data security breach. “The violation occurred in the point of sale systems located in the gift shops of several of our clients,” the company said in a written statement. “This means that if a guest used a credit or debit card in the gift shop at one of our partner facilities between March 23 and June 25, 2015, the information on that card may have been compromised.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Meet the hackers who break into Microsoft and Apple to steal insider info

http://arstechnica.com/security/2015/07/meet-the-hackers-who-break-into-microsoft-and-apple-to-steal-insider-info/ By Dan Goodin Ars Technica July 8, 2015 In February 2013, Twitter detected a hack attack in progress on its corporate network. “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” a Twitter official wrote when disclosing the intrusion. Sure enough, similar attacks were visited on Facebook, Apple, and Microsoft in the coming weeks. In all four cases, company employees were exposed to a zero-day Java exploit as they viewed a website for iOS developers. Now, security researchers have uncovered dozens of other companies hit by the same attackers. Alternately known as Morpho and Wild Neutron, the group has been active since at least 2011, penetrating companies in the technology, pharmaceutical, investment, and healthcare industries, as well as law firms and firms involved in corporate mergers and acquisitions. The developers of the underlying surveillance malware have thoroughly documented their code with fluent English, and command and control servers are operated with almost flawless operational security. The take-away: the threat actors are likely an espionage group in a position to profit on insider information. “Morpho is a skilled, persistent, and effective attack group which has been active since at least March 2012,” researchers from security firm Symantec wrote in a report published Wednesday. “They are well resourced, using at least one or possibly two zero-day exploits. Their motivation is very likely to be financial gain and given that they have been active for at least three years, they must be successful at monetizing their operation.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FS-ISAC: Remote-Access Attack Alert

http://www.bankinfosecurity.com/interviews/fs-isac-remote-access-attack-alert-i-2787 By Tracy Kitten Bank Info Security July 8, 2015 Remote-access attacks waged against smaller merchants are a growing threat, according to a cybersecurity alert published July 7. The alert was released by the Financial Services Information Sharing and Analysis Center, along with Visa, the U.S. Secret Service and The Retail Cyber Intelligence Sharing Center, which provides threat intelligence for retailers. While industry attention in late 2013 and early 2014 was focused on the large-scale RAM-scraping malware attacks that resulted in breaches at big-box retailers, including Target and Home Depot, more attention is now being paid to remote-access attacks against point-of-sale devices commonly used at smaller merchants, says Charles Bretz, director of payment risk at the FS-ISAC. The organization provides a conduit for information sharing among financial services institutions. “We are seeing a shift in the breaches of card data,” Bretz says in this interview with Information Security Media Group. Now that many of the larger retailers have implemented end-to-end encryption and tokenization, in conjunction with their rollouts of EMV-compliant POS terminals, hackers are turning their attention toward smaller retailers, he says. “Criminals continue to find success by targeting smaller retailers that use common IT and payments systems,” Bretz explains. “Merchants in industry verticals use managed service provider systems. There might be 100 merchants that use a managed service provider that provides IT and payment services for their business.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail