Malware BLACKGEAR reemergesOriginally identified in 2010, BLACKGEAR [1] has shifted targets from Taiwan to Japan and is still using its old mode of operation. The group were previously known for using blogging services in their attacks, and still do, along with a newer variant of the Elirks trojan [2]. BLACKGEAR’s campaign involves a three-stage infection methodology and targets Japanese micro-blogging websites, using Japan specific lures in their spear phishing [3] campaign. More information. [4] Hucky RansomwareA Hungarian Locky [5] imitation has surfaced, using the old .locky extension that the original hasn’t used for months. There are numerous clues to the fact that Hucky [6] is a knockoff, including icons in odd places and the ransom screen asking victims to email the author for decryption. Thus far, the ransomware has only targeted Hungarian users. More information. [7] Leaks & BreachesRed Cross leaked personal information of blood donors550,000 Australian Red Cross [8] blood donors may have seen their personal details leaked online thanks to a security breach. The breach was due to a third party vendor hosting a file with donor information in an insecure environment for over a month. The file included details such as contact information and blood types, but was discovered by a security researcher and has since been removed. More information [9]. Trending VulnerabilitiesNew attack vector for injecting malware discovered in WindowsAtomBombing [10] is a newly discovered code injection technique leveraging the underlying Windows [11] operating system. It allows an attacker to infect a target system with malware while bypassing existing security solutions. The technique exploits Windows ‘atom tables’, which are used by applications to store and access data. AtomBombing does not rely on a bug or vulnerability in Windows and therefore cannot be patched. More information [12]. Ongoing Campaigns Anonymous resurrects #OpKillingBayHacker collective Anonymous [13] are once again targeting Japanese institutions and companies to protest whale hunting. #OpKillingBay [14] has seen the group hit Japanese websites with DDoS attacks and deface government websites intermittently since 2010. Anonymous restarted the campaign in September, with Nankai Express, NEXI and the Japan Agency for Medical Research and Development amongst the those targeted. More information [15].Twitter phishing campaign targeting UK banksCriminals are using Twitter to trick UK banking customers into giving away their credentials. The scammers are posing as customer support staff under fake Twitter accounts such as @BarclaysHelpUK, rather than the legitimate @BarclaysUKHelp. The campaign has even seen conversations with genuine support staff hijacked and customers redirected to fake support pages. Researchers from Proofpoint are calling this scam an “Angler Phishing” [16] campaign. More information. [17]Mirai-infected botnets continue to launch DDoS attacks The Mirai [18] malware that was behind the takedown of Dyn DNS on the 22nd of October continues to be used in multiple small-scale DDoS attacks. Since the source code of the malware was leaked in September, there are now 23 unique command-and-control servers associated with the distribution of Mirai. Many of the attacks being notice and logged on a twitter feed monitoring the spread of Mirai are incredibly small lasting no more than a minute however, the proliferation of the malware is cause for concern. More information [19]. The Silobreaker TeamDisclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] https://my.silobreaker.com/view360.aspx?item=11_1101215933#?q=Keyphrase:%22BLACKGEAR%22&rd=true
[2] https://my.silobreaker.com/view360.aspx?item=11_954259444#?q=Malware:%22Elirks%20Malware%22&rd=true
[3] https://my.silobreaker.com/view360.aspx?item=11_130863708#?q=Keyphrase:%22Spear%20Phishing%22&rd=true
[4] http://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-espionage-campaign-evolves-adds-japan-target-list/
[5] https://my.silobreaker.com/view360.aspx?item=11_966417407#?q=Malware:%22Locky%20Ransomware%22&rd=true
[6] https://my.silobreaker.com/view360.aspx?item=11_1100339962#?q=Malware:%22Hucky%20Ransomware%22&rd=true
[7] https://blog.avast.com/hucky-ransomware-a-hungarian-locky-wannabe
[8] https://my.silobreaker.com/view360.aspx?item=11_476550#?q=Organization:%22Australian%20Red%20Cross%22&rd=true
[9] http://info.donateblood.com.au/?utm_source=Twitter&utm_content=281016
[10] https://my.silobreaker.com/view360.aspx?item=11_1102199806#?q=Keyphrase:%22AtomBombing-Attack%22
[11] https://my.silobreaker.com/view360.aspx?item=11_316607#?q=Product:%22Microsoft%20Windows%22&rd=true
[12] http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions
[13] https://my.silobreaker.com/view360.aspx?item=11_247827020#?q=ThreatActor:%22Anonymous%20group%22&rd=true
[14] https://my.silobreaker.com/view360.aspx?item=11_657094121#?q=Keyphrase:%22OpKillingBay%22&rd=true
[15] http://asia.nikkei.com/Japan-Update/Dolphin-hunt-prompts-renewed-Anonymous-cyberattacks-on-Japan
[16] https://my.silobreaker.com/view360.aspx?item=11_1025127862#?q=Keyphrase:%22Angler%20Phishing%22&rd=true
[17] https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts
[18] https://my.silobreaker.com/view360.aspx?item=11_1062532442#?q=Malware:%22Mirai%20Trojan%22&rd=true
[19] https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
↧