CyberCrime - W/E - 12/14/18
European Law Enforcement Cracks Down on Counterfeit Money Sold on the Dark Web (12/11/2018)
Actions coordinated by Europol led to the seizure of counterfeit banknotes, drugs, weapons, computers, and hardware used to mine for cryptocurrencies. The counterfeit money had been sold in the cybercriminal underground. The operation, which involved multiple countries, also uncovered two marijuana growing facilities
Actions coordinated by Europol led to the seizure of counterfeit banknotes, drugs, weapons, computers, and hardware used to mine for cryptocurrencies. The counterfeit money had been sold in the cybercriminal underground. The operation, which involved multiple countries, also uncovered two marijuana growing facilities
Food and Beverage Companies Targeted by Malicious Campaign (12/10/2018)
The TA505 threat actor is targeting organizations in the food and beverage industry - including restaurant, grocery, and retail chains - to deliver various malware families, including Remote Manipulator System and FlawedAmmyy, among others. Proofpoint has determined that tens of thousands of email messages are being circulated and each intended target received a personalized attachment, a technique that TA505 has not previously used.
The TA505 threat actor is targeting organizations in the food and beverage industry - including restaurant, grocery, and retail chains - to deliver various malware families, including Remote Manipulator System and FlawedAmmyy, among others. Proofpoint has determined that tens of thousands of email messages are being circulated and each intended target received a personalized attachment, a technique that TA505 has not previously used.
Linux.org Site Hacked and Defaced (12/11/2018)
The community Web site for Linux.org was defaced by a hacker to include racial slurs and an obscene image, Security Week reported. The threat actor gained unauthorized access to a registrar account and made changes to the DNS settings. At the time, Linux.org did not use multi-factor authentication (MFA), but the site claims to have made changes and implemented MFA.
The community Web site for Linux.org was defaced by a hacker to include racial slurs and an obscene image, Security Week reported. The threat actor gained unauthorized access to a registrar account and made changes to the DNS settings. At the time, Linux.org did not use multi-factor authentication (MFA), but the site claims to have made changes and implemented MFA.
Numerous Amplification Bots Found on Twitter (12/11/2018)
Researchers at Duo Security have spotted thousands of amplification bots on Twitter. The two scientists assessed datasets of 576 million tweets to establish normal tweet behavior and abnormal amplification behavior. By using this as a guide, they determined deviations that pointed to amplification accounts, which are often used by spammers and other cybercriminals.
Researchers at Duo Security have spotted thousands of amplification bots on Twitter. The two scientists assessed datasets of 576 million tweets to establish normal tweet behavior and abnormal amplification behavior. By using this as a guide, they determined deviations that pointed to amplification accounts, which are often used by spammers and other cybercriminals.
Seedworm/MuddyWater Ramps Up Cyber Espionage Campaign (12/12/2018)
Symantec researchers gained insight into a cyber espionage group behind a series of ` attacks designed to gather intelligence on targets spread primarily across the Middle East as well as in Europe and North America. The group, which Symantec calls Seedworm (also known as MuddyWater), has been operating since at least 2017, with its most recent activity observed in December. The researchers spotted a new backdoor called Powemuddy, new variants of Seedworm's Powermud backdoor (also known as POWERSTATS), a GitHub repository used by the group to store its scripts, and post-compromise tools the group uses to exploit victims once it has established a foothold in their networks. Observed Seedworm victims were located primarily in Pakistan and Turkey, but also in Russia, Saudi Arabia, Afghanistan, Jordan, and elsewhere. Government agencies and companies in the oil and gas, telecommunications and IT sectors are among the main targets.
Symantec researchers gained insight into a cyber espionage group behind a series of ` attacks designed to gather intelligence on targets spread primarily across the Middle East as well as in Europe and North America. The group, which Symantec calls Seedworm (also known as MuddyWater), has been operating since at least 2017, with its most recent activity observed in December. The researchers spotted a new backdoor called Powemuddy, new variants of Seedworm's Powermud backdoor (also known as POWERSTATS), a GitHub repository used by the group to store its scripts, and post-compromise tools the group uses to exploit victims once it has established a foothold in their networks. Observed Seedworm victims were located primarily in Pakistan and Turkey, but also in Russia, Saudi Arabia, Afghanistan, Jordan, and elsewhere. Government agencies and companies in the oil and gas, telecommunications and IT sectors are among the main targets.
Unknown Attackers Stole Credentials from Government Sites Around the World (12/12/2018)
Over 40,000 civilian and military Web sites in more than 30 countries, including the US, have been compromised and had their credentials siphoned, Bloomberg Law has reported. The sites for the Senate, the Internal Revenue Service (IRS), the Department of Homeland Security (DHS), NASA, Norway's Directorate of Immigration, and the Israel Defense Forces have all been affected, according to a statement from Group-IB. The company has warned that stolen data culled from the breaches may have been sold in the hacker underground. Although Group-IB did not identify who the attackers were, it was noted that keyloggers were used to steal data.
Over 40,000 civilian and military Web sites in more than 30 countries, including the US, have been compromised and had their credentials siphoned, Bloomberg Law has reported. The sites for the Senate, the Internal Revenue Service (IRS), the Department of Homeland Security (DHS), NASA, Norway's Directorate of Immigration, and the Israel Defense Forces have all been affected, according to a statement from Group-IB. The company has warned that stolen data culled from the breaches may have been sold in the hacker underground. Although Group-IB did not identify who the attackers were, it was noted that keyloggers were used to steal data.