- Cybersecurity week Round-Up (2018, Week 8)
- VISA – The adoption of chip-and-PIN card technology lead to 70% Drop in Counterfeit Fraud
- Pyeongchang – Russia’s GRU military intelligence agency hacked Olympics Computers
- Data Keeper Ransomware – An unusual and complex Ransom-as-a-Service platform
Posted: 26 Feb 2018 12:57 PM PST
Cybersecurity week Round-Up (2018, Week 8) -Let’s try to summarize the most important event occurred last week in 3 minutes.
Last week, the Russian central bank revealed unknown hackers have stolen roughly $6 million from a Russian bank last year via SWIFT system.
Hackers continue to show a great interest in cryptocurrency.
Google Project Zero hackers disclosed details of an unpatched vulnerability in the Edge browser because Microsoft failed to address it within a 90-day deadline.
Google white hackers disclosed also critical vulnerabilities in uTorrent clients that could be easily exploited by the researchers to deliver a malware on the target computer or view the past downloads.
The former NSA hacker and malware researcher Patrick Wardle spotted a new remote access Trojan dubbed Coldroot RAT. The Coldroot RAT is a cross-platform malware that is targeting MacOS systems and the bad news is that AV software is not able to detect it.
Intel released a stable microcode update to address the Spectre vulnerability for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.
State-sponsored hackers are often active and are expanding their horizons:
SamSam Ransomware hit the Colorado Department of Transportation Agency that shut Down 2,000 Computers after the infection.
FBI warns of spike in phishing campaigns to gather W-2 information.
Enjoy the video
(Security Affairs – cybersecurity, cyberweek)
Posted: 26 Feb 2018 05:38 AM PST
VISA – The cases of counterfeit fraud had dropped by 70% in September 2017 compared to December 2015 thanks to the diffusion of the diffusion in the storefronts of payment systems for EMV cards.
The introduction of chip-and-PIN card technology in the United States improved in a significant way the security of merchants and has reduced payment card fraud.
The cases of counterfeit fraud had dropped by 70% in September 2017 compared to December 2015 thanks to the diffusion of the diffusion in the storefronts of payment systems for EMV cards.
“For merchants who have completed the chip upgrade, counterfeit fraud dollars
The process started in 2011 with the introduction of EMV (Europay, MasterCard, Visa) card technology in the United States.
The process was very slow, according to Visa, by September 2015, only roughly 392,000 merchants were accepting payment card using the new technology. at the same period, the number of Visa debit and credit cards using the EMV technology was only at 159 million.
Now Visa has shared data related to the adoption of the EMV technology by December 2017. The number of storefronts that currently accept payments with chip cars has reached 2.7 million in the U.S. (+570%), representing 59% of the total.
The number of Visa payment cards using EMV technology increased passed from 159 million to 481 million (202%), with 67% of Visa payment cards having chips.
It is an excellent result, according to VISA Chip transactions continue to increase in the US. EMV cards accounted for 96% of the overall payment volume in the United States in December 2017, with chip payment volume reaching $78 billion.
Cybercriminals have responded to the adoption of EMV chip cards focusing their efforts on card-not-present (CNP) fraud had that is today a serious concern for merchants.
(Security Affairs – EMV chip cards, VISA)
The post VISA – The adoption of chip-and-PIN card technology lead to 70% Drop in Counterfeit Fraud appeared first on Security Affairs.
Posted: 26 Feb 2018 03:14 AM PST
Pyeongchang – Russia’s GRU military intelligence agency hacked Olympics Computers conducted a false flag operation to make it appear the attack originated in North Korea.
According to The Washington Post, the incidents were caused by cyber attacks powered by hackers working at Russia’s GRU military intelligence agency that managed to take control in early February of 300 computers linked to the Olympic organization.
The cyber attacks were a retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping cases of Russian athletes.
“Analysts surmise the disruption was retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping violations. No officials from Russia's Olympic federation were allowed to attend, and while some athletes were permitted to compete under the designation "Olympic Athletes from Russia," they were unable to display the Russian flag on their uniforms and, if they won medals, their country's anthem was not played.” reported The Washington Post.
“As of early February, the Russian military agency GRU had access to as many as 300 Olympic-related computers, according to an intelligence report this month.
The Office of the Director of National Intelligence declined to comment.”
The cyber attacks caused severe problems to the Olympic organization, many attendees were unable to print their tickets for the ceremony and were not able to participate the event.
According to the authorities, it is a sabotage, Russian cyber soldiers compromised South Korean computer routers and implanted a strain of “malware” that paralyzed the network.
In order to make hard the attribution of the attack, Russian hackers conducted a false flag operation to make it appear the attack originated in North Korea.
“Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence.” continues the Washington Post.
“They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a "false-flag" operation, said two U.S. officials who spoke on the condition of anonymity to discuss a sensitive matter.”
(Security Affairs – Russian hackers, Pyeongchang Olympic Games)
The post Pyeongchang – Russia’s GRU military intelligence agency hacked Olympics Computers appeared first on Security Affairs.
Posted: 26 Feb 2018 12:13 AM PST
The Data Keeper Ransomware that infected systems in the wild was generated by a new Ransomware-as-a-Service (RaaS) service that appeared in the underground recently.
A few days ago a new Ransomware-as-a-Service (RaaS) service appeared in the underground, now samples of the malware, dubbed Data Keeper Ransomware, generated with the platforms are have already been spotted in the wild.
The Data Keeper ransomware was discovered by researchers at Bleeping Computer last week.
“The service launched on February 12 but didn’t actually come online until February 20, and by February 22, security researchers were already reporting seeing the first victims complaining of getting infected.” reads the blog post published by Bleeping Computer.
Anyone can sign up for the RaaS service and activate his account for free and create their samples of the ransomware.
The ransomware encrypted the files with a dual AES and RSA-4096 algorithm, it also attempts to encrypt all networks shares. Once the files are encrypted, the malicious code will place a ransom note (“!!! ##### === ReadMe === ##### !!!.htm“) in each folder it will encrypt files.
The operators behind the Data Keeper RaaS request their users to generate their samples and distribute them, in turn, they offer a share of the ransom fee when victims pay the ransom. It is not clear the percentage of the ransom that is offered to the user.
Affiliates just need to provide the address of their Bitcoin wallet, generate the encryptor binary, and download the malware along with a sample decrypter.
According to the researchers at the MalwareHunterTeam who analyzed the ransomware, even if it is written in .NET language, its quality is high.
The Data Keeper ransomware is complex, it is one of the few ransomware strains that use the PsExec tool. The Data Keeper ransomware uses the PsExec to execute the malicious code on other machines on the victims’ networks.
An interesting characteristic implemented by the Data Keeper ransomware is that it doesn’t append an extension to the names of the encrypted files.
With this trick victims won’t be able to know if the files are encrypted unless they try to open one.
“This is actually quite clever, as it introduces a sense of uncertainty for each victim, with users not knowing the amount of damage the ransomware has done to their PCs.” continues Bleeping Computer.
Another singularity of this RaaS platform is the possibility for affiliates to choose what file types to encrypt, affiliated can also set amount of the ransom.
The platform uses a payment service hosted on the Tor network, it is a common option for many malware.
According to the researchers, many crooks have already signed up for the Data Keeper RaaS and are distributing weaponized binaries in the wild.
The experts at MalwareHunter told Bleeping Computer that one of the groups that is distributing the ransomware is hosting the malicious binaries on the server of a home automation system.
Further technical details and the Indicators of Compromise (IOCs) are included in the post published by Bleeping Computer
(Security Affairs – Data Keeper ransomware, RaaS)
The post Data Keeper Ransomware – An unusual and complex Ransom-as-a-Service platform appeared first on Security Affairs.
|You are subscribed to email updates from Security Affairs. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|