Tag Archives: Bleeping Computer

29th October AVIEN updates

Updates to Anti-Social Media 

Tomáš Foltýn for ESET: Nothing exceeds like excess; or, a lack of privacy in the digital age 
What has the internet brought us? And how does privacy stay anchored in the data deluge of the digital age? Here’s a brief reflection to celebrate today’s Internet Day

Updates to Cryptocurrency/Crypto-mining News and Resources

Lawrence Abrams for Bleeping Computer: Exposed Docker APIs Continue to Be Used for Cryptojacking – “Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. ”


Sophos: Call of Duty players caught up in cryptocurrency theft racket – “According to the Chicago Sun-Times, which has seen the first-hand report from a court filing in Chicago, the FBI alleges that the criminals involved stole more than $3.3 million USD in a variety of cryptocurrencies, including Reputation and Ethereum tokens and that the thieves coerced other Call of Duty players into joining their criminal activities.”

Updates to: Ransomware Resources

Stephen Cobb for ESET: Ransomware and the enterprise: A new white paper
“Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk”

David Harley

Advertisements

Ransomware and support scam updates

 

Updates to Specific Ransomware Families and Types

The Register: Please forgive me, I can’t stop robbing you: SamSam ransomware earns handlers $5.9m – “Sophos has been investigating the SamSam campaign since its emergence. A study (PDF) based on this research – released on Tuesday – summarises its findings about the attacker’s tools, techniques and protocols.” For ZDnet, Danny Palmer tells us that This destructive ransomware has made crooks $6m by encrypting data and backups – “Attackers behind destructive SamSam ransomware show no signs of giving up – and they’re now taking $300,000 a month in ransom from victims.”

Bleeping Computer: BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters for a Week – “In a PDF report published yesterday, Wyatt finally identified the “virus” as the BitPaymer ransomware. This ransomware strain was first spotted in July 2017, and it first made news headlines in August 2017 when it hit a string of Scottish hospitals.”

Updates to Tech support scams resource page

Sean Gallagher for ArsTechnica: Click on this iOS phishing scam and you’ll be connected to “Apple Care” – “This phishing attack also comes with a twist—it pops up a system dialog box to start a phone call. The intricacy of the phish and the formatting of the webpage could convince some users that their phone has been “locked for illegal activity” by Apple, luring users into soon clicking to complete the call.”

Commentary from Sophos: Porn-warning security scam hooks you up to “Apple Care”

July 23rd resources updates

[Updates that haven’t been flagged in my other AVIEN articles today]

Updates to Specific Ransomware Families and Types

Catalin Cimpanu for Bleeping Computer: Vaccine Available for GandCrab Ransomware v4.1.2 Cimpanu reckons that “The GandCrab ransomware has slowly become the most widespread ransomware strain in use today.” At the moment Ahnlab’s vaccine app only works with version 4.1.2 of GandCrab, but Cimpanu suggests that it might be backported. The app can be downloaded from here or here.

John Leyden for The Register: Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records – “Tens of thousands of Canadian medical files, healthcare worker details snatched” Not ransomware, but still extortion.

Updates to Chain Mail Check

HelpNet Security: Microsoft tops list of brands impersonated by phishers. Summarizes an article by Vade Secure’s Phishers’ Favorites Top 25 List. Trailing quite a long way behind are PayPal, Facebook, Netflix etc. Vade reckon that Microsoft is such a favourite because it can be so profitable to get into a Microsoft Office 365 account.

Updates to Mac Virus

  1. Following up this story: USB restricted mode: now you don’t see it, now you do…

Elcomsoft’s claims hinged on the assertion that “…iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before…Most (if not all) USB accessories fit the purpose — for example, Lightning to USB 3 Camera Adapter from Apple.”

Andrew O’Hara, for AppleInsider, tells us that iOS 12 developer beta 4 requires device to be unlocked before connecting any USB accessories. “In the fourth developer beta of iOS 12, a passcode is required any time a computer or USB accessory is connected…Before the change, authorities or criminals would have an hour since last unlock to connect a cracking device, like the GreyKey box. Now, they don’t have that hour, making it that much more difficult to brute force a password attempt into a device.”

2. SecureList: Calisto Trojan for macOS – “The first member of the Proton malware family? … Conceptually, the Calisto backdoor resembles a member of the Backdoor.OSX.Proton family: … it masquerades as a well-known antivirus (a Backdoor.OSX.Proton was previously distributed under the guise of a Symantec antivirus product) … Like Backdoor.OSX.Proton, this Trojan is able to steal a great amount of personal data from the user system, including the contents of Keychain”

David Harley

IoT resource/news updates

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

(1) Brian Krebs talks about the asymmetry in cost and incentives when IoT devices are recruited for DDoS attacks like one conducted against his site: Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K.

He observes: “The attacker who wanted to clobber my site paid a few hundred dollars to rent a tiny portion of a much bigger Mirai crime machine. That attack would likely have cost millions of dollars to mitigate. The consumers in possession of the IoT devices that did the attacking probably realized a few dollars in losses each, if that. Perhaps forever unmeasured are the many Web sites and Internet users whose connection speeds are often collateral damage in DDoS attacks.”

Some of his conclusions are based on a paper from researchers at University of California, Berkeley School of Information: the very interesting report “rIoT: Quantifying Consumer Costs of Insecure Internet of Things Devices.

(2) Product test specialists AV-Test conducted research into the security of a number of fitness trackers (plus the multi-functional Apple watch: Fitness Trackers – 13 Wearables in a Security Test. On this occasion, the results are fairly encouraging.

(3) Bleeping Computer: 5,000 Routers With No Telnet Password. Nothing to See Here! Move Along! – “The researcher pointed us to one of the router’s manuals which suggests the devices come with a passwordless Telnet service by default, meaning users must configure one themselves.”

(4) Help Net Security: Hacking for fun and profit: How one researcher is making IoT device makers take security seriously  Based on research by Ken Munro and Pen Test Partners.

David Harley

Ransomware: PUBG, RensenWare, Quant, Wannacry

Updates to Specific Ransomware Families and Types

Resources updates, 26 March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

David Harley

Resource updates 21st March 2018

Additions to the new Anti-Social Media page:

Additions to Meltdown/Spectre – Related Resources

Decryption for Polsk, Vortex, Flotera

Catalin Cimpanu for Bleeping Computer: Author of Polski, Vortex, and Flotera Ransomware Families Arrested in Poland.

“Authorities were able to recover data from the suspect’s laptop and remote servers, including encryption keys. Polish police are now encouraging victims of the Polski, Vortex, and Flotera ransomware families to file official complaints with local authorities so they can receive a decryption key for their files.”

Added to the Specific Ransomware Families and Types page.

David Harley

Meltdown/Spectre PoC samples

Catalin Cimpanu for Bleeping Computer: We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities

“All evidence suggests most of these detections are security researchers playing with the PoC code, but experts won’t rule out that some samples are from malware authors looking for ways to weaponize the PoC code for malicious actions.”

Fortinet says:

“FortiGuard Labs has analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected, and determined that they were all based on proof of concept code.  The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us.”

AV-Test’s list of hashes

Helpnet Security commentary

David Harley

Ransomware updates

(1) Raj Samani, Chief Scientist at McAfee, describes an attempt to explore the motivations that drive ransomware gangs. Why ransomware? Let’s ask the bad guys 

Perhaps the most useful and interesting fact to emerge from these exchanges is that ‘1 in 3 of the email addresses were fake/non-existent [implying] that almost one third of ransomware could potentially be pseudo since the promised ‘helpdesk’ does not even exist.’

(2) Bleeping Computer reports the arrest of five Romanian distributors of spam associated with the CTB-Locker and Cerber ransomware families: Five Romanians Arrested for Spreading CTB-Locker and Cerber Ransomware

David Harley