A Week in Security (Nov 22 – Nov 28)

Last week, we at Malwarebytes Unpacked celebrated with our CEO, Marcin Kleczynski, after hearing news from London on Black Friday that V3.co.uk honored him the “Technology Hero of the Year” award. He joined the ranks of Steve Jobs, Mark Zuckerberg, and Eugene Kaspersky.

Senior security researcher Jérôme Segura documented some interesting finds during the last several days. First, he spotted a number of compromised WordPress sites containing conditional site scripts that likely target users of Internet Explorer. These sites were redirecting to sites harboring the Angler and Flash Player exploits. Second, he found, as per our telemetry, more notable sites like the Reader’s Digest pushing out exploit kits. Lastly, he touched on a ransomware variant that asks for Bitcoin ransom amounting from $50 to $999. Segura also theorized on a possible future of malvertising, and it involves ads on videos.

For our PUP Friday post, our researchers discussed about FrameFox, an application that is capable of disabling security software installed on user systems.

Notable news stories and security related happenings:

  • Australians Among World’s Worst Malware Victims – but the Death of APTs Signals Worse Times Ahead. “Australian users remain among the world’s most likely to click on malicious links, new industry research suggests – but if you thought things were bad now, hold onto your hats: security specialists warn that 2016 is likely to make things even worse as growing desire to commercialise the spoils of data breaches drives a transformation in the way attackers launch already-insidious advanced persistent threats (APTs).” (Source: CSO)
  • How Online Fraud will Evolve in 2016. “While 2015 is drawing to a close, the security fraud community is preparing for more battles ahead in 2016. And next year, consumer-facing web and mobile apps are up against a much more sophisticated and prolific enemy as bad actors continue to evade traditional security defenses, leverage the latest mobile hacker tools to impersonate legitimate users and take control of consumer accounts en masse.” (Source: Help Net Security)
  • Holiday Scams That will be Donning Your Inbox Soon. “Every year someone falls for something that is just too good to be true. Make sure your users are up to date on the latest social engineering scams this holiday season.” (Source: CSO Online)
  • Many Embedded Devices Ship Without Adequate Security Tests, Analysis Shows. “An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them, pointing to poor security testing by manufacturers.” (Source: CSO Online)
  • Patreon Users Threatened by Ashley Madison Scammers. “Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users. The group sending the messages has claimed to be DD4BC, and they have a history of extortion and DDoS attacks.” (Source: CSO Online)
  • Cyber Theft Hits One in Five Consumers, Survey Finds. “Just under 40% had had personal data stolen or deleted because of a computer virus or malware, up from 26% in 2013. More than half (53%) did not know the detail of the personal data that had been collected by organisations, up from 37% in 2013. The Deloitte survey also found companies that failed to safeguard data were more likely to lose custom than those which raised prices.” (Source: The BBC)
  • India and Malaysia Sign Cyber-security Pact. “The cyber-security agreement seeks to promote closer cooperation and the exchange of information pertaining to cyber-security incident management, technology cooperation, cyber-attacks, prevalent policies and best practices and mutual response to cyber-security incidents.” (Source: First Post)
  • Facebook ‘Most Used Words’ Game Accused of Stealing and Selling User Data. “And thanks to a post about the game – which is called Most Used Words on Facebook – from UK-based VPN comparison website Comparitech that recently called it a “privacy nightmare,” I was initially ready to urge friends like her to please not touch the game with a 12-foot pole.” (Source: Sophos’s Naked Security Blog)
  • Cyber Monday: What Retailers & Shoppers Should Watch For. “The most immediate concern is anything that prevents a retailer from making money, like a denial of service attack on an online shop or mobile purchasing app — or a security measure that causes impatient customers to take their business elsewhere. Threats that may cost a retailer money — like shipping fraud or chargebacks for fraudulent purchases made with stolen credit cards or gift cards bought with stolen credit card data — are secondary.” (Source: Dark Reading)
  • Researchers Poke Hole in Custom Crypto Built for Amazon Web Services. “In case it’s not clear to some readers, there’s nothing wrong with writing a new implementation of a trusted crypto standard, especially when the work is followed up with the kind of security reviews Amazon sought with s2n. And as noted in the paper, most modern browsers are immune to Lucky 13 attacks.” (Source: Ars Technica)
  • GlassRAT Linked to Earlier Geopolitical Malware Campaigns. “Security researchers at RSA have discovered that the GlassRAT remote administration Trojan (RAT) might have been in the same command and control (C&C) infrastructure shared in geopolitical malware campaigns observed earlier this decade. The authors of RSA’s research paper explain that they linked GlassRAT to other malicious C&C infrastructures using malicious domains that pointed to common hosting.” (Source: Graham Cluley’s Blog)
  • Dell’s Security-shattering PC Root Certificate Debacle: What You Need to Know. “In an attempt to streamline remote support, Dell installed a self-signed root certificate and corresponding private key on its customers’ computers, apparently without realizing that this exposes users’ encrypted communications to potential spying.” (Source: PC World)
  • Analytics Services are Tracking Users Via Chrome Extensions. “It’s quite possible that, despite your belief that the Google Chrome is the safest browser there is and your use of extensions that prevent tracking, your online movements are still being tracked. The culprits? Popular Chrome extensions like HooverZoom, Free Smileys & Emoticons, Flash Player+, SuperBlock Adblocker and many more.” (Source: Help Net Security)
  • Study Reveals Security Gaps That Could Greatly Impact 2016. “A recent Trend Micro study revealed that in third quarter 2015, a worst-case security scenario occurred when leaked information from a data breach was used for further attacks, such as blackmail and extortion.” (Source: Legal Tech News)
  • Russian Criminals Steal $4 Million in Cash with a New Technique Dubbed Reverse ATM Attack. “According to the experts at security firm GroupIB, the Reverse ATM Attack allowed criminal rings in Russia to steal 252 Million Rubles (roughly US$3.8 Million) from at least five different banks. The theft started in summer 2014 and finished in Q1 2015.” (Source: Security Affairs)
  • Cyberattacks On Firms Posing Credit Risk. “Credit rating agency Moody’s Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services […] According to the report, organizations that house significant amounts of personal data, including financial institutions, healthcare entities, higher education organizations and retail companies, are at greatest risk to experience large-scale data theft attacks resulting in serious reputational and financial damage.” (Source: CXO Today)
  • Black Friday: Cyber-thieves ‘target Christmas shoppers’. “One gang had updated the sophisticated malware it used to target tills in stores, security company iSight said. There had also been an increase in spam and phishing emails crafted to catch out people seeking bargains.” (Source: The BBC)
  • Black Friday Deals? Nope, This Fake Amazon Android App Only Harvests Your Personal Data. “According to a post published by the Zscaler research team, the fake app is being distributed from a URL set up by the malware authors to fool victims into believing it is a legitimate Amazon site. Indeed, as Yahoo! Tech reveals, the app in some ways appears very similar to the real Amazon Underground app, which offers users games and free apps.” (Source: Graham Cluley’s Blog)
  • Hello Barbie, You are a Privacy and Security Threat. “Engineering Miracle Barbie isn’t just an idiot when it comes to computers, she is also something of a loose cannon in terms of security and privacy, according to people who have been playing with their dollies […] Hello Barbie, or Hell Barbie depending on your privacy stance, is new and likely to be heading for the underside of fir trees that are wondering why they are suddenly in urban living rooms. But parents beware: it has raised privacy and security hackles.” (Source: The Inquirer)

Safe surfing, everyone!

The Malwarebytes Labs Team