[ISN] ‘Operation Tovar’ Targets ‘Gameover’ ZeuS Botnet, CryptoLocker Scourge

http://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/ By Brian Krebs Krebs on Security June 2, 2014 The U.S. Justice Department is expected to announce today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. The sneak attack on Gameover, dubbed “Operation Tovar,” began late last week and is a collaborative effort by investigators at the FBI, Europol, and the UK’s National Crime Agency; security firms CrowdStrike, Dell SecureWorks, Symantec, Trend Micro and McAfee; and academic researchers at VU University Amsterdam and Saarland University in Germany. News of the action first came to light in a blog post published briefly on Friday by McAfee, but that post was removed a few hours after it went online. Gameover is based on code from the ZeuS Trojan, an infamous family of malware that has been used in countless online banking heists. Unlike ZeuS — which was sold as a botnet creation kit to anyone who had a few thousand dollars in virtual currency to spend — Gameover ZeuS has since October 2011 been controlled and maintained by a core group of hackers from Russia and Ukraine. Those individuals are believed to have used the botnet in high-dollar corporate account takeovers that frequently were punctuated by massive distributed-denial-of-service (DDoS) attacks intended to distract victims from immediately noticing the thefts. According to the Justice Department, Gameover has been implicated in the theft of more than $100 million in account takeovers. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] American Express issues alert after Anonymous dumps cardholder data

http://www.csoonline.com/article/2304654/hacktivism/american-express-issues-alert-after-anonymous-dumps-cardholder-data.html By Steve Ragan CSO June 2, 2014 In a letter to the California Attorney General’s Office (OAG), American Express says that 76,608 people in the state will get a breach notification letter after some of their data was published by Anonymous Ukraine earlier this year. In March, Anonymous Ukraine released more than 7 million records as part of a protest against the financial firms that helped “enslave” people the world over. “After the USA showed its true face when she unilaterally decides which of the peoples to live independently and who under the yoke of the Federal Reserve, we decided to show the world who is behind the future collapse of the American banking system,” Anonymous Ukraine supporters wrote at the time. In all, they released 3,255,663 records from Visa; 1,778,749 records from MasterCard; 362,132 record from Discover; and 668,279 records from American Express. To date, only American Express has taken notification steps. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Keeping Up with Cybersecurity Framework

http://www.bankinfosecurity.com/interviews/keeping-up-cybersecurity-framework-i-2329 By Eric Chabrow Bank Info Security May 30, 2014 The folks at PricewaterhouseCoopers, after surveying 500 U.S. business, law enforcement and government executives, conclude that the vast majority of cybersecurity programs fall very short of the federal government’s cybersecurity framework goals. And that observation comes as some critics gripe that the framework is quite basic, too simple to be effective to protect critical infrastructure. That’s an arguable point, one that the framework’s point man, Adam Sedgewick, disputes. But even if it’s too basic, many see great value in the framework, issued in February as a guide to critical infrastructure owners that they could voluntarily adopt (see NIST Releases Cybersecurity Framework). Are infrastructure owners adopting the framework? That’s a question Rep. Jim Langevin, D-R.I., wants answered, and earlier this week he persuaded his colleagues in the House to support a survey of infrastructure operators to find out just that. Where are most organizations failing in implementing basic cybersecurity protections? PricewaterhouseCoopers identifies 45 IT security practices, policies and technologies that correspond with the cybersecurity framework, but in only seven of them did at least half of the respondents’ organizations implement those practices, policies and technologies. The seven widely adopted practices, policies and technologies are: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

http://arstechnica.com/security/2014/06/meet-cupid-the-heartbleed-attack-spawns-evil-wi-fi-networks/ By Dan Goodin Ars Technica June 2, 2014 It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients. Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy “evil networks” that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers. The release of Cupid comes eight weeks after the disclosure of Heartbleed, one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in “heartbeat” functions designed to keep a transport layer security (TLS) connection alive over an extended period of time. Heartbleed is best known for giving end users the ability to pluck data out of vulnerable servers. But it turns out that the bug can be used to the same effect against virtually any device running an unpatched version of OpenSSL. Cupid streamlines the process of exploiting devices connecting over wireless networks that are secured using the extended authentication protocol (EAP), which many large organizations use to password-protect access. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Flash Poll: The Hunt For Cyber Talent

http://www.darkreading.com/operations/flash-poll-the-hunt-for-cyber-talent-/a/d-id/1269272 By Marilyn Cohodas Dark Reading 5/30/2014 Our latest flash poll paints a nuanced picture of how the security skills shortage is playing out in hiring strategies for the SOC. For the Dark Reading security community the Chinese curse, “May you live in interesting times,” has never been more true, at least when it comes to staffing. According to our latest flash poll, roughly eight out of 10 respondents say their companies are struggling with personnel issues related to the skills of in-house staff, finding qualified candidates for new positions, and having a sufficient budget to hire them. Worse, nearly a quarter of the security professionals who participated in the report say they are “too underwater” with the daily battle of fighting threats to even take the time to reflect and answer our question. Not surprisingly, only 13 percent of respondents say that they are not hiring, with a little more than half of that cohort reporting that their staffs and skills sets are adequate. For the rest, where head counts are sufficient, managers struggle to train existing security staff on the critical skills to protect corporate assets. A scant 5 percent of respondents in a hiring mode report having no trouble finding qualified candidates. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail