CyberCrime - W/E - 10/25/19
Dots for Magecart Threat Group Connected to Carbanak Gang (10/23/2019)
Scientists at Malwarebytes have connected the Carbanak threat gang to the Magecart Group 5 cybercriminal group and Dridex phishing campaigns. Magecart is a group of affiliates who use malicious JavaScript to steal payment data from shoppers, mostly on checkout pages. Magecart Group 5 targets the supply chain used by online merchants. While analyzing Magecart Group 5's domains, Malwarebytes noticed several that connected to Dridex phishing campaigns. Dridex, a well-known banking Trojan, has often been used as an initial infection vector in attacks that deliver the Carbanak malware as the payload. The Carbanak gang use the malware of the same name.
Scientists at Malwarebytes have connected the Carbanak threat gang to the Magecart Group 5 cybercriminal group and Dridex phishing campaigns. Magecart is a group of affiliates who use malicious JavaScript to steal payment data from shoppers, mostly on checkout pages. Magecart Group 5 targets the supply chain used by online merchants. While analyzing Magecart Group 5's domains, Malwarebytes noticed several that connected to Dridex phishing campaigns. Dridex, a well-known banking Trojan, has often been used as an initial infection vector in attacks that deliver the Carbanak malware as the payload. The Carbanak gang use the malware of the same name.
FTC Takes Action Against Spying Apps (10/23/2019)
The Federal Trade Commission (FTC) has barred the developers of three stalking apps from selling apps that monitor consumers' mobile devices unless they take certain steps to ensure the apps will only be used for legitimate purposes. The FTC alleges that Retina-X and its owner, James N. Johns, Jr., developed three mobile device apps that allowed purchasers to monitor the mobile devices on which they were installed, without the knowledge or permission of the device's user. The apps - known as MobileSpy, PhoneSheriff, and TeenShield - allowed purchasers to access sensitive information about device users, including the user's physical movements and online activities. At the same time, devices on which the apps were installed were exposed to security vulnerabilities.
The Federal Trade Commission (FTC) has barred the developers of three stalking apps from selling apps that monitor consumers' mobile devices unless they take certain steps to ensure the apps will only be used for legitimate purposes. The FTC alleges that Retina-X and its owner, James N. Johns, Jr., developed three mobile device apps that allowed purchasers to monitor the mobile devices on which they were installed, without the knowledge or permission of the device's user. The apps - known as MobileSpy, PhoneSheriff, and TeenShield - allowed purchasers to access sensitive information about device users, including the user's physical movements and online activities. At the same time, devices on which the apps were installed were exposed to security vulnerabilities.
Ransomware Attack Knocks Billtrust Offline (10/22/2019)
An October 17 malware attack on financial services provider Billtrust resulted in an outage of the company's services, Bleeping Computer reported. Although the company did not publicly acknowledge the attack, customer Wittichen Supply announced that it had been notified by Billtrust of the malware incident. According to Wittichen Supply, no customer data was impacted and services were in the process of being restored from backups. An anonymous source told Bleeping Computer that Billtrust was affected by the BitPaymer ransomware.
An October 17 malware attack on financial services provider Billtrust resulted in an outage of the company's services, Bleeping Computer reported. Although the company did not publicly acknowledge the attack, customer Wittichen Supply announced that it had been notified by Billtrust of the malware incident. According to Wittichen Supply, no customer data was impacted and services were in the process of being restored from backups. An anonymous source told Bleeping Computer that Billtrust was affected by the BitPaymer ransomware.
Russian Turla Group Stole Malicious Iranian Tools and Infrastructure (10/21/2019)
The National Security Agency (NSA) and the UK's National Cyber Security Center (NCSC) released a joint advisory on the Turla (also known as Waterbug and Venomous Bear) advanced persistent threat group that is widely thought to be associated with Russia. Previous advisories from the NCSC detailed Turla's use of Neuron and Nautilus implants and an ASPX-based backdoor alongside the Snake rootkit. Since those advisories were published, the NCSC, NSA, and partner-shared analysis of additional victims and infrastructure determined the Neuron and Nautilus tools were very likely Iranian in origin. Those behind Neuron or Nautilus were almost certainly not aware of, or complicit with, Turla's use of their implants. After acquiring the tools and the data needed to use them operationally, Turla first tested them against victims they had already compromised using their Snake toolkit, and then deployed the Iranian tools directly to additional victims.
The National Security Agency (NSA) and the UK's National Cyber Security Center (NCSC) released a joint advisory on the Turla (also known as Waterbug and Venomous Bear) advanced persistent threat group that is widely thought to be associated with Russia. Previous advisories from the NCSC detailed Turla's use of Neuron and Nautilus implants and an ASPX-based backdoor alongside the Snake rootkit. Since those advisories were published, the NCSC, NSA, and partner-shared analysis of additional victims and infrastructure determined the Neuron and Nautilus tools were very likely Iranian in origin. Those behind Neuron or Nautilus were almost certainly not aware of, or complicit with, Turla's use of their implants. After acquiring the tools and the data needed to use them operationally, Turla first tested them against victims they had already compromised using their Snake toolkit, and then deployed the Iranian tools directly to additional victims.
Texas Man Receives 12+ Years in Prison for Phishing LA Superior Court (10/24/2019)
A Texas man who was found guilty of hacking into the Los Angeles Superior Court (LASC) computer system, using the system to send approximately two million malicious phishing emails, and fraudulently obtaining hundreds of credit card numbers was sentenced to 145 months in federal prison. The Department of Justice (DOJ) announced that Oriyomi Sadiq Aloba and his co-conspirators targeted the LASC for a phishing attack. During the attack, the email account of one court employee was compromised and used to send phishing emails to coworkers purporting to be from the file-hosting service Dropbox. The email contained a link to a bogus Web site that asked for the users' LASC email addresses and passwords. Thousands of court employees received the Dropbox email, and hundreds disclosed their email credentials to the attacker. The compromised email accounts then were used to send millions of phishing emails.
A Texas man who was found guilty of hacking into the Los Angeles Superior Court (LASC) computer system, using the system to send approximately two million malicious phishing emails, and fraudulently obtaining hundreds of credit card numbers was sentenced to 145 months in federal prison. The Department of Justice (DOJ) announced that Oriyomi Sadiq Aloba and his co-conspirators targeted the LASC for a phishing attack. During the attack, the email account of one court employee was compromised and used to send phishing emails to coworkers purporting to be from the file-hosting service Dropbox. The email contained a link to a bogus Web site that asked for the users' LASC email addresses and passwords. Thousands of court employees received the Dropbox email, and hundreds disclosed their email credentials to the attacker. The compromised email accounts then were used to send millions of phishing emails.