CyberCrime - W/E - 1/18/19
Cyber Attacks Take Aim at Financial Organizations in West African Nations (01/17/2019)
Cybercriminals are targeting banks and other financial institutions in various West African nations by employing a range of commodity malware and living off the land tools. The attacks have been underway since at least mid-2017 and organizations in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast have been affected. Symantec has observed four distinct attack campaigns directed against financial targets in Africa but it is not clear who is conducting them.
Cybercriminals are targeting banks and other financial institutions in various West African nations by employing a range of commodity malware and living off the land tools. The attacks have been underway since at least mid-2017 and organizations in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast have been affected. Symantec has observed four distinct attack campaigns directed against financial targets in Africa but it is not clear who is conducting them.
Cyber Thieves Using Payroll Diversion Schemes to Siphon Cash (01/16/2019)
Research scientists at email security company Agari discovered social engineering techniques - specifically, business email compromise scams - being used to steal credentials and directly access employees' payroll accounts. The adversaries set up a temporary email account and switch the display name to the name of the individual they are attempting to impersonate. Once the fraudulent account has been created, an email is sent to someone within the payroll organization - typically within the finance or human resources departments. The attacker requests to make a change to his or her existing payroll direct deposit account detail, controlling the entire situation and eventually taking over the victim's payroll account.
Research scientists at email security company Agari discovered social engineering techniques - specifically, business email compromise scams - being used to steal credentials and directly access employees' payroll accounts. The adversaries set up a temporary email account and switch the display name to the name of the individual they are attempting to impersonate. Once the fraudulent account has been created, an email is sent to someone within the payroll organization - typically within the finance or human resources departments. The attacker requests to make a change to his or her existing payroll direct deposit account detail, controlling the entire situation and eventually taking over the victim's payroll account.
SEC Charges Nine Individuals in EDGAR Hacking Case (01/15/2019)
The Securities and Exchange Commission (SEC) charged nine defendants for participating in a scheme to hack into the SEC's EDGAR system and extract nonpublic information to use for illegal trading. The SEC charged a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities. The hacker and some of the traders were also involved in a similar scheme to hack into newswire services and trade on information that had not yet been released to the public and were charged for that conduct in 2015. Ukrainian hacker Oleksandr Ieremenko extracted EDGAR files containing nonpublic earnings results and passed the information to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million USD in illegal profits.
The Securities and Exchange Commission (SEC) charged nine defendants for participating in a scheme to hack into the SEC's EDGAR system and extract nonpublic information to use for illegal trading. The SEC charged a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities. The hacker and some of the traders were also involved in a similar scheme to hack into newswire services and trade on information that had not yet been released to the public and were charged for that conduct in 2015. Ukrainian hacker Oleksandr Ieremenko extracted EDGAR files containing nonpublic earnings results and passed the information to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million USD in illegal profits.
Warnings Posted in Regards to DNS Infrastructure Hijacking Attacks (01/14/2019)
Following reports from both FireEye and Cisco, the National Cybersecurity and Communications Integration Center (NCCIC) issued an alert regarding a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization's domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization's domain names, enabling man-in-the-middle attacks. FireEye's post suggests that these DNS attacks are coming from Iran. A November advisory from Cisco observed a DNS campaign targeting government domains in Lebanon and the United Arab Emirates.
Following reports from both FireEye and Cisco, the National Cybersecurity and Communications Integration Center (NCCIC) issued an alert regarding a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization's domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization's domain names, enabling man-in-the-middle attacks. FireEye's post suggests that these DNS attacks are coming from Iran. A November advisory from Cisco observed a DNS campaign targeting government domains in Lebanon and the United Arab Emirates.