Week 09: Malware

FUD Crypters Recycling Old Malware – https://www.technewsworld.com/perl/section/cyber-security

This article was quite interesting. I bet the hacker got the idea of recycling old malware from the fact that recycling is motivated and promoted in almost every product. He/She might have been drinking a bottle of coke and say the word recycle and then the idea of recycling malware was thought of. Every thing has two sides is indeed true!!!!

Anyway, the article says that this is happening not because crypters are an entirely new phenomenon, but because there’s a sophistication and “ease of use” threshold which appears to have been crossed and What’s happening, from a certain perspective, is the automation of evasion, along with other elements of the malware “supply chain.”

https://thehackernews.com/2018/11/cia-joshuaa-wikileaks.html

Damn this dude is screwed. Regardless of the fact that Joshua Adam Schulte has been found with smuggled devices some encrypted, Joshua says he is innocent of all charges. Reading about his allegations of leaks and child pornography I began to wonder how hard it would be to have a malware to set up any individual with child porn. Really, with what we all know from this class it wouldn’t too difficult. After you gain access you just dump child pornography to you HD. That would be a hell of a CIA/FBI trick.

A rudimentary bot is infecting cloud servers with botnet malware. Specifically, the framework Hadoop used in cloud environments has been targeted. The attack is carried out by DemonBot, which is actively enslaving Hadoop clusters to carry out DDoS attacks based on UDP and TCP floods. These attacks reflect a greater trend in attacking the cloud, which experts predict will become increasingly common in the future.

https://threatpost.com/demonbot-fans-ddos-flames-with-hadoop-enslavement/138597/

The title kind of speaks for itself, but I found this statistic to be very surprising because you’d think that employees would be briefed on how to properly handle data or items that could reveal someone’s personal information. “Respondents were asked a variety of questions based on real-world scenarios, such as correctly identifying personal information, best practices for logging onto public Wi-Fi networks and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors correctly identified, survey takers were labeled one of three things: A risk (lacking in security awareness), a security novice (possessing some awareness) or a security hero (having good awareness).” I thought one thing was very fascinating; managers and upper-level employees scored worse than entry-level employees.

https://threatpost.com/threatlist-3-out-of-4-employees-pose-a-security-risk-to-businesses/138506/

https://krebsonsecurity.com/2018/02/would-you-have-spotted-this-skimmer/

Skimming is a form of theft by which credit card or debit card information is stolen/captured by recording by installing a bit of technology, typically at the credit card terminal.
While more banks are issuing credit and debit cards containing a minute computer chip these days, which is more difficult to forge, not all vendors accept them yet. So, most cards still have magnetic strips attached to the back of the cards. This makes it possible to steal the information from the strips and allows criminals to use the fake cards created by skimming. It is difficult to identify whether a skimming device is installed in the ATM or not because of the miniature size of the device and different places where criminals install.. All the retail outlet should use few protective steps like running a baseline scan of the store, installing skimmer detection devices, inspecting the seal etc

https://capture.fox.temple.edu/Mediasite/Play/5a23c78ebad44502b9c08234e2178fa01d

Intro-to-Ethical-Hacking-Week-9

The article introduces about five risk management and security trends in banking. The first one is security breaches. Security breaches make organizations spend a lot of money on it. There were security breaches which cause $1 billion data lose in the world in 2017. The number will keep increasing in the future. The second one is new regulation. The new regulations keep coming out. Organizations should make sure the compliance of the regulation when a new one is published. Next one is cloud-based solution. Many organizations start to se cloud-based computing. They spend over $1 trillion to purchase dedicated cloud computing. The following one is remote monitoring capacities. It provides flexible and efficient method in working. The last one is fraud mitigation. it brings video surveillance and data management solutions to integrate with access control and intrusion. To mitigate the risks, organizations should provide security service in line to deal with problems in time.

https://www.securitymagazine.com/articles/89528-emerging-risk-management-and-security-trends-in-banking

Admittedly the word choices for Samhain were perfect…”body hacking movement”…implanted chips…

But really is this a nice addition to biometrics and an enhancement to our own security and communications possibilities?

I would line up if it came with internet…

How does one secure an implanted chip?

https://www.chicagotribune.com/news/columnists/kass/ct-met-swedish-body-hacking-kass-20181025-story.html