Weekly Security Roundup #49: New Developments Reactivate Previous Malware Campaigns
If something works, the bad guys will use it until it stops being effective
This past week we’ve seen a lot of previously announced malware campaigns emerging once again, enhanced with new tricks to do even more damage.
Today we’ve updated the details for the latest Dridex-dropping campaign, which is currently targeting the United Kingdom. What’s more, other experts agree that the situation is increasingly worrisome. Eward Driehuis, a director at cybersecurity and threat-intelligence firm Fox-IT, said:
Cybercriminals are now using Dyre and Dridex to gather data that can help track patterns of human and corporate behavior, which might later be used to help attackers evade network intrusion detection
We’ve also published additional details about the post office scam that infects victims with Cryptolocker2 (crypt0l0cker): the attackers have modified the malware to harvest email addresses from the infected machines. More than 7,000 PCs have become infected in the Scandinavian region, and we expect that the email addresses being captured to be used to distribute future versions of crypt0l0cker.
What’s more, there was another reason for concern for Scandinavians: a ransomware campaign targeting them went by completely undetected for hours! Detection rates have increased since we announced the campaign, but remain unsatisfactory.
Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.
That’s how Symantec’s August 2015 “The evolution of ransomware” report starts and we couldn’t agree more. Ransomware victims are often left to answer a burning question by themselves: should they pay to get their data back or not?
What’s clear is that Internet users are confronted with a lot of threats that didn’t exist until recently and which they can’t stop because they lack cyber security knowledge and the right tools. That’s why this week we chose to write about the 6 Cyber Threats You Didn’t Have to Worry About 10 Years Ago.
And because we always want to play an active role in protecting users worldwide and helping them understand what they need to do to stay safe, we’re inviting everyone interested to join our beta testing program for the new Heimdal PRO!
Also, we really hope that CyberSecMonth, which will unfold throughout October, will help users become friendly with cyber security and grasp its importance for their wellbeing.
Now here is what else happened this week that we believe it’s important to know and get protected from: let’s see the 10 news included in the Weekly Security Roundup.
Security articles of the week
Graham Cluley shows how a well-executed scam could trick any user into clicking on infected websites, links and banners. That’s why we recommend you choose the right tools to get protected from this kind of attacks.
The infamous HTTP cookies used to monitor website activity and help enhance experience for the user became a huge liability when “a team of researchers from University of California, Berkeley, Tsinghua University in Beijing, the International Computer Science Institute and Microsoft tested the implications of such attacks on different high-profile HTTPS websites and presented their findings in August at the USENIX conference.”
Earlier this week, the biggest pirate torrent site in the world, KickAss Torrents, served scareware advertising to its users, persuading the gullible ones into allowing cunning call center operators to take control of their PCs.
In a recent blogpost, Google spoke about its efforts to help dismantle the mechanisms that fuel the development of the underground cyber criminal market and called for collaboration as a necessary condition for success.
Over the last decade, Internet crime has matured into an underground economy where a large number of globally distributed criminals trade in data, knowledge, and services specifically geared towards defrauding users and businesses. Within this black market, criminals buy and sell compromised machines, scam hosting, exploit kits, and wholesale access to pilfered user records including usernames and passwords, credit card numbers, and other sensitive personal data. The availability of such specialized resources has transformed for-profit abuse into a cooperative effort among criminals each satisfying a cog in a supply chain.
Since there has been a “66% year-over-year increase in cyberattacks since 2009“, the value of threat intelligence is only bound to increase, which we also believe should be a key area of focus for those who want to help fight cyber crime and its malicious outcomes.
5. DDoS attacks: “it’s not if, not when, but how frequently“
DDoS attacks are an issue that’s not new, but it certainly is always pressing. These key global DDoS trends are worth reading, especially since:
A new type of distributed denial of service attack has recently been reported by CloudFlare, involving the use of mobile advertisement networks and funneling traffic from real users.
The problem is that people are not aware of the risks and they usually find out only when a financial institution contacts them. Don’t let this happen to you as well. Learn how to protect yourself.
Cyber criminals always look for new ways to infiltrate web locations that users trust. And this week they even managed to get into search engine page results, a section that users know is normally safe. Read more details on the same story.
It seems that users have gotten over the fear of infected email attachments sent to them by cyber criminals. But these old school threats are back and they’re vicious.
If an attack on critical infrastructure puts people’s lives in danger, shouldn’t that become a public issue?
If security researchers get no response from manufacturers when disclosing vulnerabilities with life-threatening implications, the majority of IT security professionals (64%) believe that the information should then be made public, according to AlienVault.
We really wish it was shorter.
We can’t emphasize this enough, but the need for cyber security education is more prominent now than ever! Maybe CyberSecMonth will help those who are curious or willing to learn about cyber protection to finally get around to it.