Week 09: Malware

https://www.usnews.com/news/economy/articles/2017-11-22/uber-extorted-by-hackers-as-breach-details-surface-a-year-later

Recently appointed Uber CEO Dara Khosrowshahi recently learned that in late 2016 that two individuals outside of the company had inappropriately accessed user data stored on a third-party cloud-based service: GitHub.Khosrowshahi said names, email addresses and phone numbers of 57 million Uber users worldwide were accessed, as well as the driver’s license numbers of about 600,000 U.S. drivers that the company employs He also stated that there was no indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded. Regardless there was confidential uber customer information that was compromised. The hackers are believed to have accessed information through GitHub, a software development platform used by Uber’s engineering and coding team, to carry out the breach. The hackers reached an agreement with Uber to delete the compromised data and be silent in exchange for $100,000.

This is a pretty interesting audio clip actually about the NSA who were actually hacked themselves which proves nobody is safe.

https://www.npr.org/2017/11/14/564006460/nsas-hackers-are-hacked-in-major-cybersecurity-breach

This week, I want to share this interesting article: The United States Department of Justice has reportedly gathered enough evidence to charge at least six Russian government officials for allegedly playing a role in hacking DNC systems and leaking information during the 2016 presidential race.
Earlier this year, US intelligence agencies concluded that the Russian government was behind the hack and expose of the Democratic National Committee (DNC) emails in order to influence the 2016 presidential election in Donald Trump’s favour.
Now, citing people familiar with the investigation, the Wall Street Journal reported on Thursday that United States federal prosecutors could bring charges against the alleged unnamed Russian officials early next year.

https://thehackernews.com/2017/11/dnc-email-russian-hackers.html

On the evening of November 2, 1988, a self-replicating program was released upon the Internet (1) This program (a worm) invaded VAX and Sun-3 computers running versions of Berkeley UNIX, and used their resources to attack still more computers (2). Within the space of hours this program had spread across the U.S., infecting hundreds or thousands of computers and making many of them unusable due to the burden of its activity. This paper provides a chronology for the outbreak and presents a detailed description of the internals of the worm, based on a C version produced by decompiling.

Read more here.

An analysis done by Cryen researchers looked at 10.3 million Office 365 emails, revealing that 9.3% were unfiltered spam and contained malware and phishing information. While a small percentage was zero-day unknown malware, many common malware signatures were let through. Microsoft’s filtering is based on off the information they hold is databases to whatever I unknown to them is let through the content filters. The article then encourages the use of comprehensive whitelisting within a corporate environment to help mitigate this risk.

https://www.darkreading.com/cloud/office-365-missed-34000-phishing-emails-last-month/d/d-id/1330282

https://www.infosecurity-magazine.com/news/eu-to-declare-cyber-attacks-act-of/

Members of the European Union have drafted a document stating that cyber attacks by foreign nations could be considered an act of war. They say that members of the EU may respond to cyber attacks with conventional weapons ”in the gravest circumstances”.  NATO had previously established cyber a military domain. The document is pretty vague and largely symbolic in nature but highlights the fact that state sponsored cyber attacks are at the forefront of many politicians minds.

A new form of cybercrime has been hitting American citizens. Recently, mobile phone account numbers are being stolen and then transferring services to a different device. Additionally, hackers have being using mobile phones to steal digital wallets and various accounts. These types of attacks have been quite successful. Lorrie Cranor, the chief technologist of the Federal Trade Commission, is among many of the victims to encounter this theft. In the article it states, the number of mobile accounts stolen or opening if a new mobile account, increased from 1,038 (2013) reported to 2,638 (2016).

https://www.technewsworld.com/story/84772.html

https://www.darkreading.com/endpoint/phishing-kits-regularly-reused-by-cybercriminals/d/d-id/1330269?
Cyber criminals are getting a ROI, re-using phishing kits. Brings up the question, why aren’t monitoring tools picking these up before they are delivered to a user’s inbox.