Reminder: Verify Those Messages Before Clicking… Cybercriminals Target Blackberry Users in Phishing Campaign

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Social Media, Technology & Digital Security  Comments Off
Nov 142012
 

Reminder: Verify Those Messages Before Clicking… Cybercriminals Target Blackberry Users in Phishing Campaign

Security Week
by Mike Lennon
August 24, 2012

 

 

 

Security researchers from Websense have discovered a new malware campaign targeting BlackBerry customers. The malicious emails say that the recipient has successfully created a Blackberry ID, and attempts to infect their system via a malicious attachment.

“To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file,” the email reads.

As Websense notes, the email itself is actually a copy and paste of a legitimate email that would come from Blackberry when someone signs up for a BlackBerry ID.

According to Websense, if the malicious attachment is run, it then drops other executable files and modifies the system registry to automatically launch the malware programs when the system is booted up.

At the time of publishing, only 27/24 anti-virus engines identify the malware in VirusTotal.

 

Direct Link:  http://www.securityweek.com/cybercriminals-target-blackberry-users-phishing-campaign

Adobe Zero-Day Attack Part Of Wider Campaign

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Dec 112011
 

Adobe Zero-Day Attack Part Of Wider Campaign

Symantec research points to well-funded attackers who use so-called Sykipot malware to target defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government
Dark Reading
By Kelly Jackson Higgins
Dec 09, 2011

The latest Adobe Reader and Acrobat zero-day attack is part of a larger, longer-term targeted attack campaign aimed mainly at stealing intellectual property from the U.S. and U.K. industries and government agencies, according to Symantec.

Symantec identified the malware family involved in the attacks as Sykipot, which has been used in targeted attacks for the past two years and possibly as far back as 2006. Organizations hit in the latest wave of attacks were mainly U.S. and U.K. defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government agencies.

Adobe on Tuesday alerted users that its Adobe Reader and Acrobat were under attack via a previously unknown flaw in the software that lets an attacker crash the app and wrest control of the victim’s machine. Brad Arkin, Adobe’s senior director of product security and privacy, said the company would issue an out-of-band update by next week for Windows-based systems only, and that the attack was targeting Adobe Reader and Acrobat 9.4.6 for Windows.

He advised users of Adobe Reader or Acrobat 9 and older versions to immediately upgrade to Adobe Reader or AcrobatX, which are safe from the exploit and attack due to the Protected Mode and Protected View features. Adobe will fix the issue in Adobe Reader and Acrobat for Windows in the company’s next scheduled security update on Jan. 10.

Symantec researchers, meanwhile, say this is just the latest in a series of well-funded targeted attacks by what appears to be an organized, skilled group of people. “The goal of Sykipot attackers is to obtain sensitive documents to high level executives within a variety of target organizations, of which the vast majority have been defense related. Considering the long-running campaign history of the attackers and their previous use of zero-day exploits, future versions of Sykipot that are delivered using another zero day are likely,” according to a new post by Symantec today.

The backdoor Trojan used in the malware is not especially sophisticated or well-written, but the researchers point out how the attackers have been able to come up with zero-day flaws to exploit. “Given the long list of command and control servers being used for controlling the botnet, the attackers are unlikely to be a single person, but rather a group of people,” according to Symantec.

The attacks begin with targeted emails with a link or malicious attachment, and the attackers appear to have done their homework on employees in the victim organizations, targeting mainly C-level executives, vice presidents, and directors of the organizations. “These employees may have access to sensitive information and computers containing intellectual property of interest to the attackers. Furthermore, these employees’ computers, and the information gathered from them, may be used to mount attacks on lower-level employees and the computers that hold the desired information,” the Symantec researchers said.

Direct Link:  http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232300294/adobe-zero-day-attack-part-of-wider-campaign.html

14 Enterprise Security Tips From Anonymous Hacker & Former Anonymous member “SparkyBlaze” advises companies on how to avoid massive data breaches.

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Social Media, Technology & Digital Security  No Responses »
Nov 232011
 

14 Enterprise Security Tips From Anonymous Hacker
Former Anonymous member “SparkyBlaze” advises companies on how to avoid massive data breaches.
InformationWeek
By Mathew J. Schwartz
August 31, 2011

Want to avoid large-scale data breaches of the type served up by hacking group Anonymous, and its LulzSec and AntiSec offshoots? Start by paying attention to the security basics, including hiring good people and training employees to be security-savvy.

“Information security is a mess. … Companies don’t want to spend the time/money on computer security because they don’t think it matters,” said ex-Anonymous hacker “SparkyBlaze,” in an exclusive interview with Cisco’s Jason Lackey, published on Cisco’s website Tuesday.

Accordingly, what’s the best way for businesses to improve the effectiveness of their information security efforts? SparkyBlaze offered 14 tips, ranging from using “defense-in-depth” and “a strict information security policy”; regularly contracting with an outside firm to audit corporate security; and hiring system administrators “who understand security.” Also encrypt data–”something like AE-256,” he said–and “keep an eye on what information you are letting out into the public domain.”

Other best practices: use an intrusion prevention system or intrustion detection system to detect unusual network activity. Employ “good physical security” too, he said, to ensure no one routes around your information security measures by simply walking through the front door. Finally, pay attention to employees’ security habits and keep them briefed on the threat of social engineering attacks, since all it takes is one person opening a malicious attachment to trigger a data breach of RSA-scale proportions.

While SparkyBlaze’s back-to-basics guidance isn’t new, it bears repeating given the number of data breaches and releases executed by hacktivist groups in recent months. According to security experts, these attacks aren’t necessarily highly sophisticated, and most don’t make use of so-called advanced persistent threats. Rather, attackers often exploit common vulnerabilities or misconfigurations in Web applications, just as they’ve done for years.

SparkyBlaze defected from Anonymous earlier this month, saying via a Pastebin post that he was “fed up with Anon putting people’s data online and then claiming to be the big heroes.” As that suggests, there’s no clear and easy definition of what constitutes “hacktivism.” Even so, the “scope creep” in the type of data collected and released by Anonymous and its offshoots is evidently turning some people away from the collective.

“I love hacking and I believe in free speech and anti-censorship, so putting both together was easy for me. I feel that it is ok if you are attacking the governments. Getting files and giving them to WikiLeaks, that sort of thing, that does hurt governments,” said SparkyBlaze to Cisco’s Lackey.

But in his Pastebin post, SparkyBlaze said that AntiSec and LulzSec had increasingly been operating against the supposed mission statement of Anonymous, which was ostensibly formed to keep governments accountable. “AntiSec has released gig after gig of innocent people’s information. For what? What did they do? Does Anon have the right to remove the anonymity of innocent people? They are always talking about people’s right to remain anonymous so why are they removing that right?”

On a related note, the raison d’etre of Anonymous–WikiLeaks–appears to have lately suffered its own data breach, or at least loss of data control. On Monday, German weekly news magazine Der Spiegel reported that a file posted by WikiLeaks supporters to the Internet included concealed, password-protected, and unexpurgated versions of the 251,000 U.S. State Department cables that WikiLeaks released–with many sources omitted–in November 2010.

Through a somewhat circuitous sequence of events, possibly involving personnel disagreements inside WikiLeaks, the existence of a 1.73-GB “cables.csv” file, which contains the uncensored cables and which is protected by a password, became publicly known. Furthermore, thanks to an “external contact” of WikiLeaks, according to Der Spiegel, the password was also publicly disclosed, enabling the file to be unlocked.

But in a statement on Twitter, WikiLeaks disputed responsibility for the leak: “There has been no ‘leak at WikiLeaks’. The issue relates to a mainstream media partner and a malicious individual.” WikiLeaks, however, didn’t name either.

Direct Link: http://www.informationweek.com/news/security/intrusion-prevention/231600561?itc=edit_in_body_cross