March 2013 – Page 3 – CyberSecurity Institute

Malwarebytes uncovers AV-dodging ransomware in Java exploit kit

Posted on March 18, 2013December 30, 2021 by admini

“Malwarebytes identified a ransomware Trojan, part of the Urausy family, which was being spread by a new Exploit Kit dubbed Neutrino. This ransomware sample evaded AV detection for almost a day and uses several levels of encryption to hide its payload,” Segura told V3. “This practice is becoming more and more common these days as it makes detection by looking at traffic packets more difficult.”

The Neutrino attack pretends to be a legitimate Skype file to gain access to a user’s machine. It’s called this because the ransomware renames itself to “skype.dat” and is placed in the folder, along with a configuration file called “skype.ini,” said Cannell.

“The skype.dat ransomware has nothing to do with the legitimate Skype program that millions of people use for VoIP communication.”

At the end of 2012 security firm Symantec issued a report suggesting ransomware scams are now earning criminals as much as $33,000 a day.

Link: http://www.v3.co.uk/v3-uk/news/2255480/malwarebytes-uncovers-av-dodging-neutrino-exploit-kit-targeting-java

Internal-use SSL certificates pose security risk for upcoming domain extensions

Posted on March 18, 2013December 30, 2021 by admini

That certificate is also valid for alternative non-publicly-recognizable domain names like qsauhub01, qsauhub01.sea.quiksilver.corp, qsauhub02, qsauhub02.sea.quiksilver.corp, and autodiscover.sea.quiksilver.corp. The .corp domain extension has been used internally on private corporate networks for a very long time, but is currently being considered for future public use as a new gTLD.

“If an attacker obtains a certificate before the new TLD is delegated, he/she could surreptitiously redirect a user from the original site to the attacker site, present his certificate and the victim would get the Transport Layer Security/SSL (TLS/SSL) lock icon,” the SSAC said in the advisory.

In a test case, a researcher working with SSAC successfully applied for and obtained an internal-use certificate for www.site from a CA.

…The SSAC also searched SSL certificate data collected in 2010 by the Electronic Frontier Foundation’s SSL Observatory project and found 37,244 internal name certificates issued by 157 CAs. The SSL Observatory data is from 2010 and only contains publicly available certificates on the IPv4 (Internet Protocol version 4) network, like the Quiksilver one, that are valid for both public and non-public domain names, it said.

Link: http://www.computerworld.com/s/article/9237678/Internal_use_SSL_certificates_pose_security_risk_for_upcoming_domain_extensions?source=CTWNLE_nlt_pm_2013-03-18

Security Think Tank: Context-aware security saves time

Posted on March 18, 2013December 30, 2021 by admini

Identify areas of intensive data analysis and look for strategic alignments with context-aware devices that can increase reaction times without reducing effectiveness

Thinking back to the origin of the phrase contextual computing, it is important also that these actions be put into the most appropriate human context. It should be a specialist security team or officer running these processes and they need to be made in context – while thinking holistically about the overall needs of the business.

It may well be that more security technology, context-aware or not, is not the biggest requirement for some companies.

Sometimes it is the human context that needs to be improved, from a social-engineering perspective. After all, the supplemental information the software will be looking for is founded on human behavior patterns, from information user behavior and tasks to location, infrastructure and physical conditions.

Link: http://www.computerweekly.com/opinion/Security-Think-Tank-Context-aware-security-saves-time?utm_medium=EM&asrc=EM_ERU_20999938&utm_campaign=20130318_ERU%20Transmission%20for%2003/18/2013%20(UserUniverse:%20635390)_myka-reports@techtarget.com&utm_source=ERU&src=5114873

Cyber attacks on banks resume, targeting Chase

Posted on March 13, 2013December 30, 2021 by admini

Chase was targeted by the latest in a series of denial-of-service attacks, which overwhelm websites with phony requests so that legitimate customers can’t get through.

A group identifying itself as Izz ad-Din al-Qassam Cyber Fighters has been attacking American banks off and on since September. The group, based in the Middle East, says the attacks are retaliation for a video, produced by amateur U.S. filmmakers, that mocks the prophet Muhammad.

In a pastebin.com post, the group threatened to attack U.S. banks on Tuesdays, Wednesdays and Thursdays “because of widespread and organized offends to Islamic spirituals and holy issues.”

The website sitedown.co, which allows Internet users to report crashes of corporate sites, recorded 213 reports of problems with Chase’s website in the 24 hours that ended at 7:40 p.m.

The site showed 917 reports of Chase outages over the last month, compared with 453 at AT&T, 415 at Netflix, 351 at Bank of America and 107 at Wells Fargo.

Link: http://www.latimes.com/business/money/la-fi-mo-bank-cyber-attacks-chase-20130312,0,1903959.story

Australian central bank computers hacked

Posted on March 11, 2013December 30, 2021 by admini

A defence department official cited by the newspaper said “the targeting of high-profile events, such as the G20, by state-sponsored adversaries … is a real and persistent threat”.

In another sophisticated incident the month before, revealed on the central bank’s disclosure log under its freedom of information obligations, “targeted” emails were received regarding its strategic planning for 2012.

“Malicious email was highly targeted, utilising a possibly legitimate external account purporting to be a senior bank staff member,” an official report by the bank’s risk management unit said. “As the email had no attachment, it bypassed existing security controls, allowing users to potentially access the malicious payload via the Internet browsing infrastructure.”

Last year, Chinese telecoms giant Huawei was barred from bidding for contracts on Australia’s ambitious Aus$36 billion (S$46.16 billion) broadband rollout due to fears of cyberattacks.

Link: http://news.asiaone.com/News/Latest%2BNews/Science%2Band%2BTech/Story/A1Story20130311-407662.html

Canadian businesses are resigning themselves to being hacked: study – Canadian Business

Posted on March 10, 2013December 30, 2021 by admini

In one of the interviews, a chief information officer for a large company, told Hejazi that when he was hired, he laid it out for his bosses. Hejazi said the findings are reminiscent of the troubles that former technology giant Nortel Networks faced when international hackers broke into its corporate computers and accessed information for nearly a decade. The Nortel security breach gave hackers “plenty of time” and “access to everything,” according to 19-year Nortel veteran Brian Shields, who was behind a six-month investigation into the security breach that is believed to have started in 2000, but was only made public in 2012.

Hejazi said that organizations that operate with a “Yes” mentality, or are open to discussions with their staff about how to use technology responsibly, are more secure than companies with rigid security controls. Even an attachment file can directly lead to a security breach, or using free public computers at a conference in another country that has keylogging spyware installed.

Link: http://www.canadianbusiness.com/business-news/canadian-businesses-are-resigning-themselves-to-being-hacked-study/