Category Archives: MALWARE

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.

WannaCry researcher denies in court about creating banking malware

The security researcher rose to fame for curbing the spread of the WannaCry ransomware recently

A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware.

Marcus Hutchins, 22, said he was not guilty during a hearing at a Las Vegas court after he was arrested and detained earlier this week.

The news was confirmed by his attorney Adrian Lobo, speaking on Facebook Live to local reporter Christy Wilcox, at the court house.

Hutchins was granted bail on a bond of $30,000 during a hearing at a Las Vegas court.

But he will “not be released today lawyers says could not get bail in time,” according to Wilcox in a tweet.

He will not be allowed access to devices with an internet connection, said Wilcox, and he will be tagged to be monitored at all times.

Hutchins, also known as @MalwareTechBlog, stormed to fame earlier this year after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware in May.

By registering a domain found in the code, he stopped the spread of the malware.

The Justice Department announced Thursday that it was charging Hutchins with malicious activity, unrelated to the WannaCry cyberattack.

The security researcher, a British native, was arrested shortly before boarding a flight home. He had been attending the Def Con security conference late last month. He was briefly detained in a federal detention facility in Nevada, then later questioned by the FBI at its field office in Las Vegas.

Hutchins was later indicted, along with an unnamed defendant, on six charges relating to allegations that he created the Kronos malware, a trojan that can steal banking usernames and passwords from victims’ computers.

He was also charged with five other counts, including wiretapping — thought to relate to the interception of passwords; and violating the controversial Computer Fraud and Abuse Act, which serve as the basis of US hacking laws.

Hutchins will appear at a court in Wisconsin, where the case was filed, on August 8.

Developing… more soon. www.crimefiles.net

Henry Sapiecha

Myth of the malware “silver bullet” is Busted

hack-attack-MALWARE IMAGE www.intelagencies.com

The malware threat is undeniable. Especially with more sensitive data than ever traveling from cloud to endpoints and back again. And while “silver bullet” solutions might provide some relief, they can never protect your endpoints from increasingly sophisticated cybercriminals like a coordinated and integrated security platform can. Our dynamic endpoint threat defense solution combats emerging threats and dramatically simplifies your security operations. It’s also the only solution that delivers comprehensive endpoint security by combining traditional protection, machine learning analytics, and grayware containment, on day zero, and throughout the entire threat lifecycle

.MORE ON THIS TOPIC BELOW IN PDF DOWNLOAD DOC

CLICK HERE TO DOWNLOAD FLASHING BUTTON PURPLE YELLOW

3arrows_blue

2543_0217_wp-busting-myth-malware-silver-bullet_fnl_lores

CLUB LIBIDO BANNER THE EYES HAVE IT

www.spy-drones.com

www.ispysite.com

Henry Sapiecha

Thousands of security threats happen every five minutes

hooded-hacker-with-laptop image www.intelagencies.com

The pace at which businesses now find themselves operating has allowed for the files on a network to be encrypted and beyond an organisation’s reach in just five minutes.

In just five minutes, files on a company’s network can be encrypted and beyond its reach, according to Rik Ferguson, vice president of Security Research at Trend Micro.

Trend Micro has seen a lot of development around ransomware capabilities targeting businesses rather than consumers, Ferguson said during his keynote speech at Cloudsec Australia 2016 in Sydney on Thursday, with 1,800 new threats released out into the wild every five minutes.

Additionally, he said that more than 800,000 people are exposed to malicious URLs, exploit kits, phishing websites, malware, spam, and threats every five minutes, with almost 7,000 records on average being exposed in the same timeframe.

“Just so we can measure the speed of things, the fastest trains today … can reach top speed of about 450km/h. That means in five minutes, you can travel close to 40 kilometres. That’s an incredible distance to be able to go in a very, very short period of time,” Ferguson pointed out.

“It gives you an idea of really how short that time is. In five minutes, [aside from] propelling you across the surface of the earth, it can also result in a number of other things.

“If you were hit by a crypto ransomware attack, within five minutes, all of the files on your computer or the files, god forbid, on all of the computers on your network … can be encrypted and beyond your reach unless you paid criminals some money.”

Ferguson said that universities, corporations, individuals, and healthcare organisations are all being targeted by ransomware that is being developed with specific capabilities to target enterprise.

“Ransomware used to be a consumer thing that would go after your computer, your things, and encrypt all that knowing that if you wanted to get all the files back, you were going to pay the ransom,” he said.

Meet_Russian_728_90

“Over the course of the last calendar year, we saw 29 new families of ransomware, which was already a huge jump on the 13 in the year before that. In the first half of this year, we’ve already seen 79 new families of ransomware, which is a massive increase.”

He said that criminals are investing time, money, and expertise into creating new tools, tool kits, and delivery mechanisms to get ransomware out there, because “this stuff pays dividends”.

“One of the Trend Micro competitors out there, a startup, is offering a ransomware guarantee — but their guarantee is not you’ll never get hit by it; it’s that if you do get hit by it, they’ll pay the ransom for you. That’s a cybersecurity company offering to give money to criminals,” he said.

Over the last few years, Trend Micro has also seen an uptake in what Ferguson called business email compromise, or CEO fraud, which he said is a basic scam that pays criminals a lot of money.

“It’s really simple. It’s a criminal doing the research upfront, identifying the target organisation, looking at who fulfills which role, and then sending a fake email into that company or compromising a mailbox that belongs to an employee of that company,” he said.

“[The criminals] target an email of the right victim, quite often the CFO or someone responsible in the finance department of the business, with requests from a known colleague to pay outstanding money or wire transfer money to a third-party supplier, often abroad, who is fictitious.”

Russian_Girl_2_728_90

He said this practice has been hugely successful, with $2.3 billion lost to CEO compromise or fraud between 2013 and 2015, with an estimated 79 different countries being affected.

“A certain Australian government department, local council, lost over AU$200,000 to this scam by paying fake invoices. That’s AU$200,000 of your money, I guess, at the end of the day,” he said.

“Australia is not immune. You have the — I don’t know if it’s the good fortune or the misfortune — to speak one of the most simplest and widespread languages on the planet, and it’s the most-targeted language when it comes to cybercrime globally.”

Aside from being a VP with Trend Micro, Ferguson is also special adviser to Europol, project lead with the International Cyber Security Prevention Alliance, vice chair of the Centre for Strategic Cyber Security and Security Science, and an advisor to various UK government technology forums.

Also speaking at Cloudsec Australia 2016, Timothy Wallach, Supervisory Special Agent Cyber Taskforce with the FBI, said the two most significant increases the FBI has seen over the last couple of years has been ransonware or extortion, and business email compromise.

“This is probably the reason why we are seeing a decrease in the number of records stolen, because these schemes are much easier to monetise than compromising a network, stealing information, getting it to the dark web, and eventually on an online market,” he said.

When it comes to consumer ransomware, Wallach said the requested amount is somewhat affordable, at around $450 to $500. However, this is a lot different in an enterprise environment, as the ransom is usually based on the number of endpoints or the servers that are compromised.

“If an organisation has 30,000 endpoints in its network and potentially that many endpoints have been struck with ransomware, it’s generally 30,000 times one bitcoin,” he said.

“The FBI does not recommend paying your ransom. That’s a business decision an organisation has to make.

“When organisations pay ransom, they’re involved in the criminal activity. It’s encouraging the scheme to continue.”

Additionally, Wallach highlighted that paying a ransom does not always mean that you are left with a clean system, or that everything an organisation had initially lost has been recovered.

“Whatever infected your organisation in the first place is still there,” he said. “What we do recommend is prevention, business continuity, and remediation.

www.scamsfakes.com

www.crimefiles.net

Date_Hottest_Girls_300_250

Henry Sapiecha

Cyber spies are still using these old Windows flaws to target their victims

‘Dropping Elephant’ cyber-espionage group is using old and long-patched flaws as part of its strategy, but appears to be still finding successes.

cyber-spy-eye image www.intelagencies.com

Government officials are being targeted by very simple methods of cyber-espionage.

Hackers using only the most basic forms of cyberattack have been able to successfully steal files from high-profile governmental and diplomatic targets.

A cyber-espionage operation has targeted individuals and organisations across the globe, although the vast majority of attacks have focused on Chinese government and diplomatic entities, individuals associated with them and partners of these organisations.

Cybersecurity researchers from Kaspersky Lab’s Global Research and Analysis team have been investigating the “aggressive cyber-espionage activity” since February. The researchers suggest that it originates in India and that attacks are undertaken using old exploits, low-budget malware tools and basic social engineering methods.

The simple, but effective threat actor has been dubbed ‘Dropping Elephant’ and use emails which are sent in mass to large numbers to identify potential victims.

While the email itself doesn’t contain a malicous payload, it does send a ping request back to the attackers’ server when the message is opened. The ping providers the cyber-spies with information about the victim, including IP address, type of browser, the device used and its location.

www.scamsfakes.com

www.ispysite.com

BBB

Henry Sapiecha

 

Here’s how absurdly easy it is for attackers to destroy your website in just ten minutes

You might be amazed at how accessible hacking tools have become. Your site can be p0wn3d and an entire library of hacking tools downloaded and installed in just a few short minutes. Read this article and be prepared.

lock-hacked-security-image www.intelagencies.com

Every week, we read about another massive breach due to cyberattack. These breaches can cost organizations millions of dollars, subject them to lawsuits, and ruin thousands of lives.

The key to how an attacker gains a foothold inside an organization’s network is by being able to — somehow — gain access to accounts and computers inside the firewall. This often happens with malware that’s inadvertently brought inside the firewall by unsuspecting employees.

That malware can be delivered in a wide variety of ways, from phishing attacks where an insufficiently trained or careless user accidentally opens and runs an email attachment, to visiting a website that downloads information onto an insider’s computer.

It’s that second mechanism we’re going to talk about today. When most of us think about malware-infested websites, we usually think about users who visit inadvisable websites, sites that, frankly, most of us should know better than to visit. Someone visiting a porn site or a smartphone jailbreaking site is, almost by definition, visiting a site that is likely to be operated for nefarious purposes.

But it turns out that a great many innocent websites can be carriers for malware. All it takes is an insufficiently protected directory, an unpatched exploit, a poorly chosen FTP password, or even installing a free (but corrupted) site theme, and your website can become an entry point for a massive malware infection.

What most people don’t realize is how sophisticated and, frankly, user-friendly the tools used for cyberattacks can be. In this article, I’ve included a 10-minute video by the fine folks at Wordfence (a WordPress security firm) that shows how a typical WordPress site can be infected by just two lines of scripting code.

Once those two lines of code execute, they install a complete hacking toolkit that contains 43 separate hacking tools that the hackers can use to further compromise the server. As the video shows, these tools are often browser-based, and work like any other browser-based app.

According to a blog post by Wordfence, after analyzing a recently hacked site, they found what they called a hacking platform, which contained the following tools:

  • Complete attack shells that let [hackers] manage the filesystem, access the database through a well designed SQL client, view system information, mass infect the system, DoS other systems, find and infect all CMS’s, view and manage user accounts both on CMS’s and the local operating system and much more.
  • An FTP brute force attack tool
  • A Facebook brute force attacker
  • A WordPress brute force attack script
  • Tools to scan for config files or sensitive information
  • Tools to download the entire site or parts thereof
  • The ability to scan for other attackers shells
  • Tools targeting specific CMS’s that let [hackers] change their configuration to host [their] own malicious code

The following video is only ten minutes long, but it shows you just how accessible hacking tools have become. With tools and hacking platforms like these, it might take attackers no more than about ten minutes to gain a complete hold on your site.

This video illustrates why it’s just so important to update your sites, plugins, and themes frequently. Hackers who discover vulnerabilities can use them to get inside your site. Once they do, they can use your site as a malware delivery platform that can help them breach other sites and organizations.

See also

VIDEO BELOW SHOWS HOW TO BEST PROTECT WORDPRESS SITES

ooo

Henry Sapiecha