Instigate a Botnet DDoS Attack

Want to make a quick buck and don’t mind breaking a few laws in the process? You’re in luck – find the right people on the Dark Web and get ready to have botnet DDoS attack source code that can take down servers with a click of a mouse. But, when we really look at the details, just how many people are able to get their hands on these attacks, and what does this mean for the safety of your company’s vulnerable data?

A few months ago, source code for the botnet DDoS attack nicknamed “Mirai” was released online. For those that aren’t familiar, the botnet DDoS attack in question is the Mirai malware, designed to scan the Internet and infect easy-to-hack devices, with the ultimate goal of controlling them in future cyber attacks. Not impressed? Consider the following: hundreds of thousands of attackers taking control of your child’s IoT-connected toy, or even your office refrigerator, and turning them into cyber attack bots. It is an unfortunate, yet very possible, reality.

The botnet DDoS attack source code is available for anyone to use. However, according to sources at Digital Shadows, the firm that discovered the source code post, many of those interested in utilizing the source code are commonly known as “skids”, slang for those who can’t hack. This is where more experienced hackers come into play – by offering paid tutorials to less-skilled attackers, they can make a few extra bucks on the side while still utilizing the very botnet DDoS attack they’re teaching others to use.

What does this mean for individuals and companies in the IoT-connected world? At the end of the day, working with cyber security experts with management and monitoring experience is essential to ensuring the continued protection of your vulnerable data. Whether your organization is big or small, for-profit or not, utilizing cyber security protection from the experts at Neovera or other firms, will give you, your employees and customers piece of mind that new cyber attacks won’t stand a chance.

Avalanche Halted by International Forces

In one of the largest international busts of its kind, a cyber criminal infrastructure responsible for a debilitating attack called “Avalanche” is finally no more. With international support, the take-down was the result of a four-year effort with a victim count spread throughout 180 countries worldwide. Avalanche has been in use since 2009, muddying the Internet waters through phishing and malware attacks, stealing money and moving it across international borders, and botnet activity in DoS (denial of service) attacks. Though the financial industry was targeted the majority of the time, single user financial data was also a significant victim as well.

With monetary losses numbering in the hundreds of millions according to The Department of Justice, here are a few other mind-blowing statistics:

  • 4: Years spent by international government agencies, private companies and cyber security academics to track down
  • 180: Countries in which Avalanche attack victims were located
  • 30: The number of countries collaborating with private cybersecurity companies and academics
  • 5: Suspects arrested
  • 221: Servers taken offline
  • 37: Additional servers seized by law enforcement
  • 800,000: Domains seized, blocked, or disrupted by the investigating officials

To put this into perspective, normal botnet busts aim at dismantling 1,000 domains per day. Unique to the Avalanche operation is a process called sinkholing – in order to get control of the 20 malware families spread by Avalanche, sinkholing cuts off communication between the victim’s infected computer and the malicious servers. Avalanche users also took advantage of the fast-flux hosting method – the attackers were able to hide all botnet actions behind proxy IP addresses. These proxy locations would change constantly, making the attackers extremely hard to trace.

Avalanche isn’t the first attack to wreak widespread havoc on users worldwide, nor will it be the last. While it was a major actor in the online attack world, there will be others to take its place soon enough. Don’t wait until the next big attack hits your network – manage and monitor your systems now, so that you can work with your trusted cyber security service provider when your precious data is in jeopardy.

Gooligan: The Next Threat to Android Users

A new type of malware is taking aim at tens of thousands of Android devices. According to various reports, hackers are targeting Google accounts linked to Android devices at an average daily rate of 13,000 smartphones.

Considered to be the largest Google account breach to date, Gooligan – the malware in question – initiates an attack and takes control of the Android device. From there, the access allowed by Gooligan gives hackers the ability to steal Google account information, install applications from Google play, and, most troubling, install adware on the device. As was mentioned previously, an average of 13,000 devices have been affected daily, with at least 30,000 applications installed on these attacked Android devices every 24 hours.

However, before you wipe your entire phone for fear that Gooligan has taken charge, make sure to note the following: the malware targets devices running Android 4 and 5, narrowing those potentially in jeopardy to 74% of the Android device market; on top of that, the vast majority are located in Asia. Google’s lead engineer for Android security released information detailing the company’s response to Gooligan – it is thought to be the latest variant in a long line of Ghost Push applications that have wreaked havoc in some shape or form for years. Ghost Push applications are being removed from the Google Play store, as well as fake applications infected by Gooligan.

Constant education and understanding of how to protect your online presence is paramount – Gooligan attacks are being addressed quickly by Google, both when they have been discovered on a device and even before they have taken control. It plays into the larger idea of cyber security management and monitoring for everyone from the single user to larger enterprises. With 24×7 security and notification from trusted and experienced cyber security professionals at Neovera, your Android device – and any others on your network – will stay safe and protected.

Don’t Get Caught in this Amazon Phishing Scam

Just in time for the height of the holiday season – another phishing scam set to lure unsuspecting shoppers using one of the world’s largest online retailers. With a 336% increase in malicious phishing links around Thanksgiving and the holidays, hackers are hard at work to take advantage of the online shopping frenzy before the year comes to a close.

It’s not just small businesses that get hit this time of year – though 50% admit to having been breached in the past 12 months alone. According to AARP, shoppers using online retailer Amazon in Australia and the UK have reported receiving phishing scam emails from what initially seems to be the online behemoth:

amazon-email

The message states that there is an issue processing the order and, to make sure the details were all entered properly, to re-enter them at the link provided. The link in the phishing scam email directs the user to, frankly, a page that looks practically identical to the legitimate Amazon payment page and includes required information space for the CVV code, credit card number – everything a phishing scam perpetrator would need:

amazon-order-cannot-be-shipped-phishing-scam-1

After hitting the “Save & Continue” button, users are re-directed back to the actual Amazon landing page. The targeted consumers continue their online journey none the wiser that they just gave hackers complete access to their financial online presence. With that being said, there are obviously a number of ways you can differentiate a phishing scam from a legitimate message. Let’s take a look at the warning signs from this particular phishing scam if this message happens to make its way into your inbox:

  • Do not, under any circumstances, click on the link provided in the suspicious message
  • Check your Amazon account in a separate window or tab
  • If you haven’t placed an order on Amazon, feel free to just delete the message

At one point or another, practically every active online user has encountered a phishing scam in the wild – how they react is entirely unique but ends either with a compromised network or business as usual. Whichever option has been chosen, education and understanding of the threat at hand is paramount to individual users and businesses large and small. Implementing a cyber security management and monitoring plan that keeps your employees aware of the daily threats facing your network, as well as protecting precious data, will secure your organization’s future for years to come.

But First, Let Me Take a Selfie: Third Party Malware

Third party applications are a blessing and a curse – when properly vetted and secured by practiced cyber security veterans, they can be great tools for added growth and learning at an individual and business level. Unfortunately not all applications display this amount of integrity. Some with more questionable bases are able to bypass safety regulations in order to take advantage of an unsuspecting consumer or organization. This is where cyber security protection and education come into play more than ever – blame is never just on the originating party but the final destination as well. The consumer, be it a single person or larger firm, needs to protect themselves as much as they assume the third party application will do the same.

Take a new strain of malware circulating through third party application stores. Before laying out the red flags in the situation at hand, it should be noted that hackers are going to increasingly greater lengths to make their product look as legitimate as possible. Gone are the laughable spelling mistakes and horrible graphics – in their place are what seem to be normal user interfaces. At this point there are two segments to consider when making the final determination of whether to trust this application: where did it come from, and what is it asking of you as the user? With this particular strain of malware, according to McAfee, it is found in unsavory third party application stores and, not only does it ask for a picture of the user’s ID (front and back), but a picture of the user in question holding their very own ID in front of them.

To be clear, no company will EVER ask you for this information. And if they do, a simple call to their customer service line or well-placed email can serve as unofficial two-factor authentication in making your final decision. But be warned, just because a third party application looks and feels somewhat legitimate, if you, as the user, are having second thoughts, there is no harm in doing a small amount of research to assuage or confirm your fears. Put the onus on yourself as much as the third party application to provide quality cyber security protection.

Malicious Advertising Hits Spotify Users

Spotify experienced another malicious advertising attack earlier this week – though the last occurred in 2011, the popular music platform has dealt with a number of small cyber security issues, bringing a significant idea to light. Specifically, it’s one thing if a user interacts with a platform that doesn’t have a required download, and it’s quite another if Spotify users using the paid or free version have to consider that their operating systems will always potentially be a target.

Though original reports suggested that the vulnerabilities lay within the Windows 10 operating system, others utilizing Ubuntu and MacOS reported the same issues. Only reported on the free version of the downloaded music platform, users took to Twitter to express their discontent at what seemed to be a glitchy user experience. But once a few curious listeners started looking into their network’s operating speed and overall functionality, the truth came to light. Essentially, through no interaction other than using Spotify to listen to music, the malicious advertising agents lurking within the free platform took hold of the user’s browsers and opened malicious websites without their express consent or knowledge. Spotify resolved the problem quickly, and no additional backlash has been reported – yet.

Consider the following: in 2012, over 10 Billion ad impressions were compromised by malicious advertisements; remember, this is a statistic from 2012. The number is likely quite higher and, from trend reports, continues to be growing at a consistent and steady pace. The unfortunate issue with malicious advertising is that, in order to wreak havoc on your operating system, the user in question just needs to visit a website that has an infected advertisement. Most attackers behind malicious advertising will not be brought to justice, nor are they found out right away – normally they pose as a reputable company interested in placing online advertisements within certain sites. Eventually, that reputable company shows its true colors, and presto! the website you own or visited is infected and you were none the wiser.

Though there isn’t much to be done to avert malicious advertising before it takes over, you can rest assured that monitoring and managing your network and infrastructure will show when a malicious advertisement has unleashed an attack. Furthermore, having a team of cyber security experts from Neovera will give you 24×7 coverage and peace of mind to handle your direct business goals and opportunities.

Warning: Malvertising Is Infecting Your Network

Malvertisements hide in plain sight throughout the Internet, their unassuming and indistinguishable nature making them all the more lethal to users across the World Wide Web – sometimes the only interaction needed is to land on an otherwise nondescript webpage. And while researchers recently uncovered and killed the longest-running malvertising campaign to date, many wonder what else is out there and how much more damage will be done.

Undetected since October 2015, the AdGholas discovery is making waves due to its stealth nature and groundbreaking operation. The group behind the malvertising programs managed to attract anywhere from one to five million hits on the host sites per day while just using 100 ad exchanges. Ultimately 10-20% of computers that loaded the malvertisements were redirected to servers hosting exploit kits (they use the security holes found in software applications to spread malware), essentially hitting one million computers every day and infecting thousands.

AdGholas’s selective malvertising campaign allowed it to languish for so long – the machines manned by security researchers or ad networks intent on discovering these attacks were filtered from those who interacted with the advertisements. Then, the victims were sent attacks in accordance with their location. And to add just one more layer of intrigue, AdGholas is the first group to use steganography – hiding code inside images – in a malvertising campaign, making it that much more unique and deadly to any computer that comes in contact.

Use common sense judgment to navigate potential malvertising pitfalls – though many globally trusted sites have guidelines regarding questionable advertising, other sites may not have these precautionary measures. Stay ahead of security threats with continuous monitoring and management, proactive prevention, rapid response, and investigation of root causes; these skills can be provided by internal or external cyber security protection teams. Better knowledge means better protection when combined with comprehensive tools to defend your networks, data, devices, web traffic, applications, and more.

Skimer Malware Infects ATMs

Skimer, originally surfacing in 2009, is back and stronger than ever. For those who are unfamiliar, Skimer gives hackers complete access to an ATM without needing to install any kind of physical hardware. At one point, that was the only way a fraudster could steal bank information, duplicate it, and use it at their discretion. The newest version of Skimer, beside not needing physical hardware, is much more stealth and barely leaves a path for cyber security personnel to track.

Discovered by Kapersky, the company was originally investigating an entirely different situation at a bank when they came across trace remnants of Skimer. What’s significant is that after the hacker installs the file – Backdoor.Win32.Skimer – the malware hides in the ATM until it is activated by a particular user; the interface appears only if they’ve entered the correct information within the specified time limit. Allowed to issue 21 commands once the ATM is in use, these actions range from dispensing bills directly from the ATM to printing account and card numbers onto a receipt. The “best” part? They don’t have to stay at the infected ATM; so long as the machine is on the same network as the infected one, they have the same access across the board.

While there haven’t been reports of widespread attacks in the US, South Africa is an entirely different situation. In just two hours, over 1,400 users were able to complete close to 1,600 unique transactions at different ATMs – all on the same network – and steal a total of $20M USD. It was a malicious and coordinated fraud attack, and they aren’t any closer to nabbing the perpetrators.

Users can still be proactive in these types of situations – for example, continuing to educate themselves on what protection is available to them through their bank or credit card providers. Vigilance and understanding that these situations can happen to anyone are some of the preliminary steps one must take to protect themselves and their financial and personal data.

Malicious Exploit Threatens Online Images

A malicious exploit in online images? Not implausible, but definitely enough to raise some eyebrows. According to online publication Engadget, hackers discovered that they could run a code of their choosing on a server of their choosing. In particular, a web-based picture processing company called ImageMagick experienced the effects of this attack as simple exploits were found on their very servers. The hackers in question just had to upload a maliciously coded image and, so long as ImageMagick handled the infected image, presto! An otherwise unassuming and blindly trusted user upload just brought down a whole server (or more).

Obviously they found the issue prior to anything substantial happening to ImageMagick’s online presence – using the information provided by the researchers, the image processing security team is working on closing the security holes in question. In the meantime, the applications and SaaS products most vulnerable to such attacks beyond ImageMagick were contacted directly so that they might be able to fix the issues without raising any major concern amongst their user base. Initially discovered by security researcher Nikolay Ermishkin, an ImageMagick developer and researcher originally went live with the information only after it had been strewn about the Internet ahead of Ermishkin’s planned statement.

This really points to a matter of how much security is necessary on a peer-driven site for two reasons. One is that, on a peer-driven site, these users are expecting their profiles and uploaded data to be safe and secure, not susceptible to a malicious exploit like the one described. Two, companies cannot be open to potential cyber attacks (like the one listed above) no matter how much of their site is peer-driven. Monitor and increase security, and keep it ironclad – at the end of the day it won’t take away from the user experience and your users will feel confident interacting within its confines.

Banking Apps Pose Cyber Security Risk

Google Play Store users confronted an unfortunate surprise when illegitimate banking applications were outed on the popular site. A cyber security risk doesn’t faze mobile device owners as they download an application from the online store of their choice (Apple, Google, and others) without a second thought. The consumer assumption is that each application is verified by the online store, and they need not worry about rogue attacks coming from their most recent download. Unfortunately this assumption is coming to bite those who use the Google Play Store; specifically, the banking apps that many have downloaded aren’t actually legitimate after all.

Surprisingly, the perpetrators behind the Android phone attacks aren’t aiming to infect millions of devices with malicious code or other software – once the user downloads the application, they are prompted to input their contact information. Consumer data is an extremely valuable commodity for both legitimate and illegitimate enterprises; if someone happens to be in a hurry and assumes an application is completely safe and secure, they would be none the wiser unless they took a closer look. Unfortunately, this isn’t new territory as Google ran into a more damaging situation – namely, a series of malware attacks that infiltrated Android phones through the Play Store – a few years ago. Because of the swift outcry, Google does daily scans for harmful malware on over 6 billion apps and 400 million devices.

To avoid these situations, something as simple as checking the URL associated with the application, or doing some quick research on the creator(s) can save people one major headache. These tips speak to the way that users should conduct themselves when using connected devices. It’s not about thinking every link or program is going to be infected, but rather to replace a defeatist attitude with education and an understanding that these challenges are out there. Cyber security risk education is key, and being able to apply it from your home to your office is invaluable.