CyberSecurity Institute – Page 75 – Security News Curated from across the world

Ramnit sleeping malware targets UK financial sector

Posted on April 30, 2013December 30, 2021 by admini

But, there is still one more obstacle in the way of the malware – to complete the transaction a One Time Password (OTP) must be entered by the user.

Trusteer said the malware’s authors have moved to further hide the malware from its intended victims, by making it alter the bank’s FAQ to make it seem as if the bogus messages are entirely legitimate. Anticipating that some suspicious users may reference the bank’s FAQ page, Ramnit authors took the extra step of altering the FAQ section to fit the new process,” said the spokesman.

“By changing multiple entries in the FAQ section Ramnit demonstrates that its authors did not leave anything to chance – even if the victim decides to go the extra step, Ramnit is already there.”

Link: http://www.v3.co.uk/v3-uk/news/2264999/ramnit-sleeping-malware-targets-uk-financial-sector

U.S. response to bank cyberattacks reflects diplomatic caution, vexes bank industry

Posted on April 29, 2013December 30, 2021 by admini

“You’re always going to see the government be more cautious and incremental in response to most incidents than the private sector probably would like,” Michael Daniel, the White House cybersecurity coordinator, said in a recent interview, speaking generally.

This much is clear: The last eight months of disruptions to bank Web sites, caused by efforts to crash servers with torrents of computer traffic, have not been severe enough to trigger a military response, cyber or otherwise.

Daniel, the White House cyber official, said he thinks companies need to do more to defend their own networks as part of a “spectrum of responsibility” that includes the public and private sectors.

At a March meeting of banking executives hosted by the Treasury Department, U.S. officials made clear to the chief executive officers that they could not simply rely on the government for cybersecurity. Some banking officials say they would like the providers — including Verizon, AT&T and Century Link — to do more to block malicious traffic headed toward their networks.

Alexander, the director of the National Security Agency, suggested that the Internet companies would be best positioned to block an Aramco-type attack with help from the NSA. If a company is asked by the government to screen the traffic to stop an attack, it could be seen as acting as a government agent, exposing the firm to legal action.

Alexander, industry officials say, would like the Internet providers to be able to screen traffic entering U.S. networks, but privacy laws prevent them from doing so unless, for instance, they have customer consent or a court order.

Link: http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html

US banking sector vulnerable to hackers

Posted on April 27, 2013December 30, 2021 by admini

Making reference to a series of cyber attacks that targeted several of the biggest US banks toward the end of 2012, the FSOC noted “the knowledge and skill of the attackers appeared to increase over time.”

In an attempt to protect the financial system against these attacks, the FSOC proposed “enhancing cross-sector cooperation, particularly with industries upon which the financial sector is dependent, such as energy, power, and telecommunications.” “Public-private partnership improvements in the analysis and dissemination of robust information to improve real-time responses to cyberattacks will enhance incident management, mitigation, and recovery efforts,” the report added.

Link: http://www.adelaidenow.com.au/news/breaking-news/us-banking-sector-vulnerable-to-hackers/story-e6frea7u-1226630247494

Kingston adds malware scanner to its secure drives

Posted on April 26, 2013December 30, 2021 by admini

Today, flash drives are just as convenient as when they were first released, but many also contain high levels of security, which has helped bring them back into government.

“People often carry sensitive personal files on their USB drives, and they often don’t realize that their drive can be infected when plugged into a computer, and then that infection can be transferred to other machines. Together with Kingston and ClevX, we can offer a solution which keeps the contents of USB flash drives safe and malware-free and prevents malware from spreading via removable media.”

Link: http://gcn.com/articles/2013/04/26/kingston-adds-malware-scanner-secure-drives.aspx

Recently patched Java flaw already targeted in mass attacks

Posted on April 25, 2013December 30, 2021 by admini

The vulnerability, identified as CVE-2013-2423, was one of the 42 security issues fixed in Java 7 Update 21 that was released by Oracle last week, on April 16. The company gave the flaw’s impact a 4.3 out of 10 rating using the Common Vulnerability Scoring System (CVSS) and added that “this vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets.”

An exploit for CVE-2013-2423 was integrated into a high-end Web attack toolkit known as Cool Exploit Kit and is used to install a piece of malware called Reveton, an independent malware researcher known online as Kafeine said Tuesday in a blog post.

The vulnerability started being targeted by attackers one day after an exploit for the same flaw was added to the Metasploit framework, an open-source tool commonly used by penetration testers, the F-Secure researchers said.

This wouldn’t be the first time when cybercriminals have taken Metasploit exploit modules and adapted them for use with their own malicious attack toolkits.

Users who need Java on their computers and especially in their browsers are advised to upgrade their Java installations to the latest available version — Java 7 Update 21 — as soon as possible. This version also made changes to the security warnings displayed when websites attempt to load Web-based Java applications in order to better represent the risk associated with allowing different types of applets to execute.

Browsers like Google Chrome and Mozilla Firefox also have a feature known as click-to-play that can be used to block plug-in-based content from executing without explicit consent.

Link: http://www.computerworld.com/s/article/9238652/Recently_patched_Java_flaw_already_targeted_in_mass_attacks?source=CTWNLE_nlt_pm_2013-04-24

Mandiant: No Drop in Chinese Hacking Despite Talk

Posted on April 25, 2013December 30, 2021 by admini

Rich Bejtlich said the roughly two-dozen groups the firm tracks closely – some of which have links to the Chinese government and military – have been “very busy.” Bejtlich said, has been a noticeable drop in cyber attacks from Unit 61398, a group within the People’s Liberation Army that Mandiant has accused of attempting to hack nearly 150 victims over seven years. Bejtlich’s remarks come a day after Verizon Communications Inc. released a report on cybersecurity in cooperation with 19 other organizations analyzing 47,000 security incidences in 2012 and 621 confirmed data breaches.

She said that China was building a working group on cybersecurity with the U.S. to strengthen cooperation, trust, and constructive dialogue, adding that China hopes both countries will gain a better understanding of explicit breaches and strengthen cybersecurity.

Some have also specifically criticized the Mandiant report, saying it didn’t include thorough analysis of alternative explanations for the cyberattacks it documented, while others have noted that all computer-security companies have an interest in emphasizing threats.

Fang Fenghui, chief of staff of the People’s Liberation Army, said cyberattacks could be “as serious as a nuclear bomb” while simultaneously denying that the PLA was behind cybersyping aimed at U.S. companies.

Nonetheless U.S. officials have remained skeptical that dialogue will slow the pace of attacks from China aimed at U.S. companies, as acquiring trade secrets and intellectual property from U.S. companies is a part of its efforts to beef up weaker industries and those deemed key to national security.

“We’re at this log jam where there’s overwhelming evidence on the classified and unclassified sides that says the Chinese are doing this, and that there are military units [involved], but the Chinese deny it,” Mr. Dempsey said he had not discussed with Chinese officials any specific measures the U.S. might take in response to cyberattacks or what any potential cybersecurity code of conduct might involve. “Cyber continues to evolve whether we would like it to or not,” he said, adding that both sides were still in a phase of trying to understand the problems that needed to be solved.

Link: http://blogs.wsj.com/chinarealtime/2013/04/24/mandiant-no-drop-in-chinese-hacking-despite-talk/