from Understanding Java Code and Malware | Malwarebytes Unpacked
Last week, we talked about a donation 419 scam, gave an overview of what an APT is, counted the ways one can stay protected online while playing Pokémon Go, gave a roundup of what went down during InfoSec Europe, and alerted our readers about leaked Chimera ransomware keys.
Our researchers also did several deep analyses on some malware: one, a Trojan that was delivered by the RIG exploit kit; and two, the downloaders that aid in the delivery of the Locky ransomware onto user systems.
Speaking of RIG, Senior Threat Researcher Jérôme Segura took a deeper look into this EK, particularly on its distribution channels and payloads.
For our PUP Friday post, we highlighted on RegClean Pro, a piece of software that we have categorized as a fake registry cleaner.
Notable news stories and security related happenings:
- 7 Tips For Mid-Sized Firms To Improve Their Cybersecurity Posture. “Since the ‘Panama Papers’ breach in which 11.5 million confidential documents and 2.6 terabytes of client data was stolen from law firm Mossack Fonseca, a greater emphasis has been placed on law firm cybersecurity. The breach, however, wasn’t an isolated incident. As noted in the 2015 American Bar Association (ABA) Legal Technology Survey Report, 15 percent of law firms have experienced a breach. And yet, almost half of attorneys say their firms have no response plan in place.” (Source: Legal Tech News)
- As Voice Interaction Increases, What Will Security Look Like In The Next 5 Years? “In Mary Meeker’s recent annual report on the State of the Internet, she dedicated a chunk of it to the liftoff of the voice interface. The voice UI makes human interaction with computers possible through speech. Think Alexa and Amazon Echo. While voice UI has been around for decades, over the years the accuracy of this technology continues to raise its profile. In 1970, machines could recognize words with just 10 percent accuracy. In 2010, it grew to 70 percent accuracy. In 2016, it jumped to 90 percent.” (Source: Help Net Security)
- Uber Flaw Discovery Shows Why Bug Bounty Programs Are Important. “Uber recently closed a high-impact flaw in its platform that could potentially have put user information at risk. Although the vulnerability is interesting, so too is the means and method by which it was discovered in the first place. Although Uber is a technology company, it didn’t discover the flaw on its own, but rather by way of a third-party researcher, participating in a bug bounty program.” (Source: eWeek)
- The Internet Of Things Will Turn Large-Scale Hacks Into Real World Disasters. “On the Internet of Things, integrity and availability threats are much worse than confidentiality threats. It’s one thing if your smart door lock can be eavesdropped upon to know who is home. It’s another thing entirely if it can be hacked to allow a burglar to open the door—or prevent you from opening your door. A hacker who can deny you control of your car, or take over control, is much more dangerous than one who can eavesdrop on your conversations or track your car’s location.” (Source: Motherboard)
- Banks On Edge After Spate Of Spectacular Cyber Heists. “A series of spectacular cyber attacks against banks, resulting in the theft of tens of millions of dollars, has heightened fears for an industry becoming an increasingly attractive target for hackers. Banks in Bangladesh, the Philippines, Vietnam and Ecuador have been targeted over the past year in the attacks on the global interbank service known as SWIFT, and some analysts expect more attacks to be revealed.” (Source: South China Morning Post)
- Warframe, Clash of Kings players’ Info Stolen After Forum Hacks. “Two new website hack/ user data theft combos have been revealed last week, and the victims are players of popular mobile real time strategy game Clash of Kings and online free-to-play third-person shooter Warframe. In both cases the attackers found their way in by exploiting vulnerabilities in the software used by the companies to set up their online forums (vBulletin) or manage the content on their site (Drupal).” (Source: Help Net Security)
- Pornhub Hacked To Access Billions Of Users’ Information. “Pornhub averages 18.9 billion views per year and more than 60 million daily visits, with four million people registered as Pornhub users, according to Alexa rankings. The flaws allowed the white hats to gain enough information to ‘dump the complete database of Pornhub including all sensitive user information,’ such as the identities of those uploading risqué and explicit films, and those starring in them.” (Source: InfoSecurity Magazine)
- Facebook, Twitter Co-operated With Brazil Probe Of Alleged Militants. “The judge overseeing the probe that led to the arrest last week of suspected Islamist militants in Brazil said Facebook Inc. and Twitter Inc. co-operated with investigators by providing information about the suspects’ use of both social networks. In an interview late Sunday with Fantastico, a weekly news program on the Globo television network, Judge Marcos Josegrei da Silva said cooperation by both companies, after a judicial order tied to the investigation, was instrumental to understand the nature of discussions carried out by the suspects, a 12th of whom was detained late Sunday.” (Source: Reuters)
- Petya, Mischa Ransomware Now Available As A Service. “Ransomware-as-a-Service (RaaS) has become a very popular business model over the past several months, and the actor(s) behind Petya and Mischa ransomware families have adopted the service model. After testing the RaaS model with a limited amount of high volume distributors, the Petya and Mischa operators have decided to make the service publicly available. Following this move, any criminal wannabe can become an official distributor for the ransomware, which is expected to result in a spike in infection campaigns featuring these two malware variants.” (Source: Security Week)
- The End Of Anonymity For Bitcoin? EU Proposes Tracking Cryptocurrency Users. “The proposal would provide the EU with a record containing the real-world identities of people using cryptocurrencies as well as the addresses of the virtual wallets where their money is held. Cryptocurrencies like Bitcoin can’t be traced easily, making them a popular choice for cyber-criminals for funding illegal activities. Ransomware attacks, for example, often demand payments in Bitcoin because it leaves no identifiable paper trail to their source.” (Source: International Business Times)
- Why Hackers Love Health Apps. “Hackers particularly love the kind of medical information stored in health apps because it’s harder to change. A stolen credit card number can be cancelled, but medical histories, and the home addresses and Social Security numbers that often go into medical records—these things are hard to change and can therefore be sold for a higher price on the black market. Health apps are popular, but not very private. One-fifth of mobile devices in the United States have a health app installed. A study in the March issue of the Journal of the American Medical Association in March, however, showed that of 271 apps studied, 81 percent did not have privacy policies. Of the 19 percent (41 apps) that did have privacy policies, only four specified that they would seek permission before sharing data with third parties.” (Source: CSO)
- Orgs Must Prepare For New, More Destructive Ransomware. “Organizations must be better prepared to deal with future strains of ransomware that will be more sophisticated and damaging, with fragile infrastructure, poor network hygiene and slow detection rates all currently giving adversaries too much time and air cover to operate. That’s according to new findings from Cisco, whose 2016 Midyear Cybersecurity Report delves into the current state of the cyber-risk landscape.” (Source: InfoSecurity Magazine)
- Radio Hack Steals Keystrokes From Millions Of Wireless Keyboards. “You should be able to trust your wireless keyboard. And yet security researchers have been warning people to be suspicious of wireless computer accessories using sketchy radio protocols for years. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, in case you missed that message, the same researchers have extended their attack to millions more devices—and this time, they can not only inject keystrokes, but also read yours, too.” (Source: Wired)
- How Illegal Streaming is Putting Your Security at Risk. “If you find yourself swept up in the hype surrounding Manchester United against Liverpool but don’t already fork out for a subscription, then there are corners of the internet that can help you feed that craving. And it’s a victimless crime, right? Sky and BT – holders of the hideously expensive Premier League TV contracts – are big enough to cope without your few quid. Plus, one cheeky click means that you don’t miss out and will be fully up to speed when the blokes at work are picking apart the action on Monday morning. It’s the logic many people apply, yet it is fundamentally flawed. The problem with this victimless crime is that the biggest victim it throws up is not the TV executives, but you.” (Source: HackRead)
- Rio Olympics 2016 Keyboard App: More Privacy Challenges For Enterprises. “A simple keyboard extension built for people celebrating the Olympics was actually collecting more information than its developer intended, putting personal privacy and corporate information at risk. Any time a very popular event like the Olympics occurs, or a wildly popular app like Pokemon Go is released, the enterprise is going to face risk. Attackers will target the people interested in those cultural moments, who are often also employees in your company. The app collects all of the apps associated with the devices running the keyboard app.” (Source: Lookout Blog)
- White House Celebrates Cyber Contests To Attract Young Talent. “It’s summertime, and you know what that means: coding and network infrastructure! Well, maybe not for most kids, but at Wednesday’s Cybersecurity Competitions Workshop, students and participants in national cyber contests gathered to celebrate cyber education at the White House. Hosted by the Office of Science and Technology Policy, the event included volunteers, organizers and sponsors from three previous security competitions.” (Source: Fed Scoop)
- Would You Use This ATM? “One basic tenet of computer security is this: If you can’t vouch for a networked thing’s physical security, you cannot also vouch for its cybersecurity. That’s because in most cases, networked things really aren’t designed to foil a skilled and determined attacker who can physically connect his own devices. So you can imagine my shock and horror seeing a Cisco switch and wireless antenna sitting exposed atop of an ATM out in front of a bustling grocery store in my hometown of Northern Virginia.” (Source: KrebsOnSecurity)
Safe surfing, everyone!
The Malwarebytes Labs Team
RELATED ARTICLES
July 26, 2012 - That’s right, this week some of the Malwarebytes gang will be out in Las Vegas for the hacker convention: DefCon 20! Who is going? Marcin Kleczynski – CEO Rebecca Kline – Director of Marketing Josh Hall-Bachner – Web Developer Doug Swanson – VP of Development Adam Kujawa – Me! What are we doing there? DefCon...
July 30, 2012 - As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the...
August 8, 2012 - My colleague Adam Kujawa recently wrote a great post about the Malwarebytes experience at the hacker convention DefCon this year. By popular demand, here’s a round-up of my top four favorite DefCon talks from a development perspective: 1. “Stiltwalker”, by “DC949” (http://ift.tt/28JOru2) I am sure everyone is familiar with reCAPTCHA. You have likely wasted hours...
August 24, 2012 - BitCoin is a new-ish form of digital currency. It allows people to perform financial transactions without the need for a bank or central authority and allows for a large amount of privacy. Transactions are currently limited to ones performed online and only by individuals and organizations that accept BitCoin as payment. However, in the next...
September 18, 2012 - In war, there are always two sides: the attackers and the defenders. A less focused on group is the researchers and developers. While soldiers are fighting a war on the front lines, scientists and engineers are researching and developing new weapons, defenses and tools; things that give their side an advantage. If one of these...
