Cybercrime - W/E - 081718
Compromised MikroTik Routers Pulled into Large-Scale Monero-Mining Campaign (08/14/2018)
Symantec has been tracking a large-scale coin mining campaign which was first concentrated in Brazil and has moved outward to infect routers worldwide. According to Shodan, the campaign has infected about 157,000 MikroTik routers. All of the routers that Symantec reviewed were running a vulnerable Winbox service, which when exploited, enables an attacker to bypass authentication and compromise the router. After the router is compromised, the hackers can load a malicious error page, which is displayed any time a user accessing the Internet via the router encounters an HTTP error. Each time the error page is displayed, the victim is unknowingly mining Monero for the hackers.
Symantec has been tracking a large-scale coin mining campaign which was first concentrated in Brazil and has moved outward to infect routers worldwide. According to Shodan, the campaign has infected about 157,000 MikroTik routers. All of the routers that Symantec reviewed were running a vulnerable Winbox service, which when exploited, enables an attacker to bypass authentication and compromise the router. After the router is compromised, the hackers can load a malicious error page, which is displayed any time a user accessing the Internet via the router encounters an HTTP error. Each time the error page is displayed, the victim is unknowingly mining Monero for the hackers.
Man Associated with Reveton Ransomware Gets Jail Sentence (08/14/2018)
The Justice Department (DOJ) announced that a former Microsoft employee was sentenced to18 months in prison after pleading guilty to conspiracy to commit money laundering in connection with the spread of a particular type of ransomware commonly referred to as Reveton. According to the factual proffer filed in connection with the plea agreement, Raymond Uadiale helped to "cash out" the payments of victims whose computers were infected with Reveton and displayed a splash screen on the victim's computer with the logo of a law enforcement organization. The splash screen would include a message falsely telling the victim that the law enforcement organization had found illegal material on the infected computer and required the payment of a fine to regain access to the computer and its data. The ransomware directed the victim to purchase a GreenDot MoneyPak and enter the account number into a form on the splash screen. Using prepaid debit cards, Uadiale transformed the MoneyPak funds into cash, kept a portion for himself, and sent a portion back to Reveton's distributor, who resided in the United Kingdom.
The Justice Department (DOJ) announced that a former Microsoft employee was sentenced to18 months in prison after pleading guilty to conspiracy to commit money laundering in connection with the spread of a particular type of ransomware commonly referred to as Reveton. According to the factual proffer filed in connection with the plea agreement, Raymond Uadiale helped to "cash out" the payments of victims whose computers were infected with Reveton and displayed a splash screen on the victim's computer with the logo of a law enforcement organization. The splash screen would include a message falsely telling the victim that the law enforcement organization had found illegal material on the infected computer and required the payment of a fine to regain access to the computer and its data. The ransomware directed the victim to purchase a GreenDot MoneyPak and enter the account number into a form on the splash screen. Using prepaid debit cards, Uadiale transformed the MoneyPak funds into cash, kept a portion for himself, and sent a portion back to Reveton's distributor, who resided in the United Kingdom.
Microsoft Drafts Cybersecurity Policy Framework (08/13/2018)
Microsoft released its new Cybersecurity Policy Framework, a policy-maker resource that is designed to provide an overview of the building blocks for effective cybersecurity policies that are "aligned with the best practices from around the globe." Specific areas of coverage include national strategies for cybersecurity; establishing a national cyber agency; developing and updating cybercrime laws and critical infrastructure protections; and international strategies for cybersecurity.
Microsoft released its new Cybersecurity Policy Framework, a policy-maker resource that is designed to provide an overview of the building blocks for effective cybersecurity policies that are "aligned with the best practices from around the globe." Specific areas of coverage include national strategies for cybersecurity; establishing a national cyber agency; developing and updating cybercrime laws and critical infrastructure protections; and international strategies for cybersecurity.
Threat Actors Use Docusign, Other Methods to Phish for Victim Data (08/15/2018)
Proofpoint is advising homebuyers to be aware of phishing scams using documents that claim to come from realtors or other parties in the real estate market. Sherrod DeGrippo said in a blog post, "Real estate transactions frequently rely upon electronic signatures, making Docusign a popular and effective lure for potential homebuyers. Threat actors have also recognized the effectiveness of lures that abuse this brand."
Proofpoint is advising homebuyers to be aware of phishing scams using documents that claim to come from realtors or other parties in the real estate market. Sherrod DeGrippo said in a blog post, "Real estate transactions frequently rely upon electronic signatures, making Docusign a popular and effective lure for potential homebuyers. Threat actors have also recognized the effectiveness of lures that abuse this brand."