Feed aggregator

Russian-speaking fraud on Skype

Secure List feed for B2B - Thu, 09/25/2014 - 03:42

It used to be a common scam: Russian cybercriminals would send an SMS like: "Mom, I'm in trouble. Please, transfer me some funds. I will explain it properly when I get home". A whole bunch of friends and relatives got suckered by this fraud, believing that the message had genuinely come from someone close to them.

Fortunately, Russian mobile operators cracked down hard on this, forcing the criminals to give up. But now they've moved on to Skype. Yesterday I got this Skype message from one of my contacts:

Translation of the text:
Hey. I'm on a trip right now and I can't get to a payment terminal and top up my balance. Could you please transfer 100 rubles – or even better 200 – to the number  +7925XXXXXXX? I can't think of anyone else who could help me. It would really do me a big favor! I pay you back as soon as I get home!!

What happened? The cybercriminals stole my contact's password, probably using password stealing malware. Suddenly, even a Skype account without any money attached is worth something to a crook.

The victim will never see that couple of hundred rubles again. The number mentioned belongs to the cybercriminals, not to the Skype account-holder. It's impossible to say how many people fall victim to this kind of social engineering fraud, but in general we know that social engineering is an effective trick for scammers.

Well, that escalated quickly

Secure List feed for B2B - Thu, 09/25/2014 - 03:00

An interesting title felt just about right for an interesting topic when I first submitted my research paper about the evolution of bitcoin cybercrime for this year's edition of the Virus Bulletin conference, held in the sleepless Seattle. Discussing the situation from an economic standpoint I aimed to paint a picture reflecting how the present geopolitical situation in Latin America makes the region a fertile ground for bitcoin enthusiasts, and by extension, cybercriminals. It's certainly not easy to capture a snapshot of a phenomena that changes so rapidly and present it to a group of security experts who are already well-informed about the subject. Nevertheless, with the aid of regional statistics, incident timelines and analysis of the most interesting malware samples, there is enough information in the report to give some clear indicators about what's been going on with the world's most popular cryptocurrency this past year, and what we can expect in the future when it comes to bitcoin-related cybercrime.

While some early adopters have been involved in the bitcoin market from the beginning (by means of mining or simply by participating in exchanges), others are just grasping the concept of cryptocurrencies and learning about the perils of bitcoin the hard way – be it in the form of ransomware demanding a quick payment or malicious mining code consuming their limited computing resources. From wallet stealing malware to large scale bitcoin exchange heists, we can find just about anything in the cryptoworld, and this is just the beginning. Nowadays, we talk about malware and cybercrime as two sides of the same (bit)coin, usually referring to organized crews of criminals with clearly defined roles engaging in illegal activities with the sole purpose of financial profit. It makes sense then, to observe the correlation between the number of malware samples in the wild targeting bitcoin users and the price of the currency being exchanged on global markets.

More users, more attacks: Kaspersky Lab stats show a surge in Bitcoin cybercrime

As mentioned in 2013's Kaspersky's Security Bulletin, our predictions for the cybercriminal bitcoin ecosystem came true – and then some: "Attacks on Bitcoin pools, exchanges and Bitcoin users will become one of the most high-profile topics of the year.  Attacks on stock exchanges will be especially popular with the fraudsters as their cost-to-income ratio is very favorable.

As for Bitcoin users, in 2014 we expect considerable growth in the number of attacks targeting their wallets. Previously, criminals infected victim computers and went on to use them for mining. However, this method is now far less effective than before while the theft of Bitcoins promises cybercriminals huge profits and complete anonymity."

It's a long time since we got through a week without one of the major bitcoin exchanges making headline news. We can attribute the success of some attacks to faulty technical implementations of bitcoin wallets, others relied on clever social engineering approaches, and the rest can be blamed on bad business practices and simple negligence about adhering to already proven security standards. There are just too many incidents to list, but there is a common thread uniting them all, which makes them a great body of experience for future generations of bitcoin exchanges to build on.

We have only recently seen why countries like Argentina and Brazil have become a fertile ground for the adoption of a cryptocurrency economy, and as we realize this, so have too cybercriminals. With a whole new set of frauds, scams and threats facing bitcoin holders, citizens need to be aware that keeping their savings secure in no easy task in today's hyper connected world. Because there are no borders for cryptocurrencies, there are none for criminals either, and following the money trail means landing in Latin America, where the general audience is still widely vulnerable to many attacks seen in other parts of the world.

After the Mt. Gox incident we have witnessed targeted phishing campaigns, bitcoin community members moonlighting as private investigators, localized ransomware samples, scams, mobile miners, internet of things devices participating in botnets, and everything else that this digital bitcoin gold rush has brought upon us.

Analysis of, Malware from the Mt. Gox Leak Archive

Being your own bank is more difficult than it seems

Alchemy proved possible for cryptocurrency enthusiasts, turning energy into capital, betting on the success and global adoption of their favorite choice. Seen by outsiders as a hobby for geeks, bitcoin is more than a currency, it's a community that has certain values ingrained and it's revolutionizing the financial world as we currently know it.

Collective but anonymous, organized yet decentralized, this ordered chaos is beginning to make sense after all the problems it has faced. The culling of the excess exchanges that used to be available brings a Darwinian equilibrium to the bitcoin ecosystem, forcing the ones left to implement better business practices and security measures.

Malware trends indicate that cybercriminals are migrating from mining botnets and pools to more direct wallet stealing and exchange credential hijacks. The inefficient mining Trojans working on mobile devices proved that accessing the funds stored in the victim's digital wallet can be much more straightforward than putting the effort into building a massive network of miners that reap minimal gains.

Debit Cards linked to bitcoin wallets are starting to appear and this brings another enticing entry point for criminals. With "bitwashing" services becoming more common, tracking stolen funds will prove much more difficult in the future, exposing the true anonymous nature of cryptocurrencies.

Once the de-facto choice for drug dealers and illegal markets, bitcoin is aiming to gain the global trust of other merchants, hoping that it will have a ready-made community to support it when it becomes the default standard for online and offline transactions. You can read the full paper presented at Virus Bulletin here.

Researchers Work to Predict Malicious Domains

Threatpost for B2B - Wed, 09/24/2014 - 16:42
Some researchers are trying to stay a step ahead of the game by predicting which domains will be used for malicious purposes.

As Bug Bounties Become the Norm, Challenges Remain

Threatpost for B2B - Wed, 09/24/2014 - 15:31
While bounties have now become commonplace, simply offering one doesn't guarantee any level of success for a vendor.

Major Bash Vulnerability Affects Linux, UNIX, Mac OS X

Threatpost for B2B - Wed, 09/24/2014 - 15:30
A critical remote code execution vulnerability in Bash, present in almost all Linux, UNIX and Mac OS X deployments, has been discovered. Experts advise immediate patching.

David Jacoby on Hacking His Home

Threatpost for B2B - Wed, 09/24/2014 - 15:12
Dennis Fisher talks with David Jacoby of Kaspersky Lab about the research he did on the security of electronics gear in his home, including his smart TV, game console and storage devices, and what the vendors need to do to respond.

More Trouble For jQuery As Second Compromise Reported

Threatpost for B2B - Wed, 09/24/2014 - 14:40
The website for JavaScript library jQuery is under attack for the second time in a week.

Travel Site Viator Announces 1.4 M Implicated in Breach

Threatpost for B2B - Wed, 09/24/2014 - 14:08
Travel website Viator.com is in the middle of notifying approximately 1.4 million of its customers that their personal information – payment card data included – may have been compromised.

Health Insurance Marketplaces Could Improve Information Security

Threatpost for B2B - Wed, 09/24/2014 - 12:18
The marketplaces set up to provide health insurance to Americans under Obamacare are generally doing a good job of protecting personally identifiable information but can also improve security practices.

September's 3x CON: Part 2

Secure List feed for B2B - Wed, 09/24/2014 - 12:00

What, Where & When: The 0x07th edition of SEC-T, an annual Stockholm-based conference, was held on 18-19 September at the stunning Anrika Nalen venue, just a 15 minute walk from the famous Gamla Stan.

The Schedule
This conference features only one track of presentations, which – in my opinion – is quite a good thing, because you don't have to make any difficult choices This year, besides the regular full-time presentations, the agenda included a couple of 30-minute long "small talks" as well as a bunch of lightning talks of 10-20 minutes each.

SEC-T badge

The Talks
The conference kicked off with an excellent speech given by the founder of Recurity Labs, Felix "FX" Lindner, who has proven that an opening keynote doesn't necessarily have to be boring. After lunch, Andreas Lindh presented some really cool attacks on broadband modems, including DNS poisoning and attacks that exploit CSRF vulnerabilities to send or manipulate SMS messages. This was certainly one of my favourite talks, together with the really scary presentation given by Hugo Teso on aviation security. It's terrifying how easily an experienced hacker can exploit aviation protocols and avionics systems to change the on-board system configuration, including changes to the flight path!

The keynote

Amongst other talks, Meredith L. Patterson highlighted some pressing issues concerning the APIs of popular software, but, apparently, not everybody agrees with her highly-critical point of view. At the beginning of the second day, my colleague, David Jacoby, gave an entertaining presentation on how he hacked his home, including successful attacks on his NAS storage, ISP provided router, smart TV and other devices he found connected to the Internet.

Last, but not least, there were also some short but interesting lightning talks from a number of speakers (including myself :)) on topics such as URL parsing, hard drive cryptography and breaking out of the AngularJS sandbox. I did a short presentation about my background research on the current threat landscape for SOHO devices, which turned out to be quite in line with the conference's theme, featuring research on vulnerabilities in the so-called Internet-of-Things.

The Crew

In conclusion, this was a really nice conference, profiting from its one-track only schedule, very high-quality presentations and unique atmosphere. Congrats to the whole SEC-T crew – really good job, guys! And see you all next year!

Mozilla Latest to Part Ways With SHA-1

Threatpost for B2B - Wed, 09/24/2014 - 11:30
Mozilla announced that it will begin phasing out support for SHA-1 certificates, and will no longer trust them after Jan. 1, 2017.

Microsoft Starts Online Services Bug Bounty

Threatpost for B2B - Tue, 09/23/2014 - 15:52
Microsoft today launched the Microsoft Online Services Bug Bounty Program which will pay out a minimum of $500 for vulnerabilities found in its cloud services such as Office 365.

High-Volume, High-Rate DDoS Attacks Persist

Threatpost for B2B - Tue, 09/23/2014 - 15:12
A new report illustrates the continued proliferation of both high-volume and high-rate distributed denial of service attacks, like the ones executed via NTP amplification, over the last few months.

JQuery Website Redirecting to RIG Exploit Kit

Threatpost for B2B - Tue, 09/23/2014 - 15:01
jQuery.com, website for the popular jQuery JavaScript library, is redirecting visitors to a site hosting the RIG exploit kit, security company RiskIQ said.

Blackphone Gets Bug Bounty Program Off Ground

Threatpost for B2B - Tue, 09/23/2014 - 12:10
Secure smartphone manufacturer Blackphone announced today that it has launched a bug bounty program hosted on the Bugcrowd platform.

Malware-Laced Emails Appear to Come From LogMeIn

Threatpost for B2B - Tue, 09/23/2014 - 11:10
Spam emails pretending to be a security update for LogMeIn users, including a new security certificate countering Heartbleed attacks, are making the rounds, warns the SANS Institute.

September's 3x CON: Part 1

Secure List feed for B2B - Tue, 09/23/2014 - 10:11

What, Where & When: the 4th edition of 44CON, an annual IT Security Conference organized by Sense/Net Ltd, took place on 10-12 September in London, at a venue near the Earl's Court exhibition center. Geeks, who happened to enjoy somewhat spooky historical monuments, could take a five minute walk from the venue to visit an old and impressive cemetery, one of the London's Magnificent Seven.

The Schedule this year was packed with three tracks of (mostly) 1h long presentations within a wide range of topics: from social engineering to exploitation techniques, from crypto-currencies to IoT related threats, to GSM hacking. Some amazing workshops were running simultaneously in rooms that were bearing the familiar names of AES, 2DES and Blowfish.

44CON Badge: BusBlaster v3

This year's Badge is not only extremely handsome, but also may turn out to be very handy, at least for hardware-oriented researchers, as it happens to be a BusBlaster v3 board, especially customized for 44CON (you can find the full specification here). This small cute thingy can be used to program and debug embedded ARM devices.

The Talks
With so many things going on simultaneously, it was impossible to fully attend even a third of them. Moreover, the online schedule didn't include the description of the talks, so in some cases choosing the right track in advance was kind of a lottery. Nevertheless, the overall quality of presentations was so high, that no matter which talks you chose, you always ended up with some new, valuable information.

Joshua J. Drake on the stage

From the selection of very good talks I attended, here are my favourite ones:

  • "Researching Android devices security with the help of a droid army", by Joshua J. Drake (@jduck) in which – in a quite entertaining way – Joshua explained how and why he built his research lab, capable of testing 40+ Android devices at the same time. I was really impressed by the framework Joshua invented for managing his "droid army".
  • "I hunt TR-069 Admins: pwning ISPs like a boss", by Shahar Tal (@jifa). This talk was especially interesting to me, as I'm currently involved in researching threats for small network devices, such as residential gateways (aka SOHO routers), from which a fair share is using the TR-069 protocol to talk to the ISP's Auto Configuration Servers. It turns out (not really surprisingly, if you ask me), that this protocol is poorly secured and highly vulnerable, and might be exploited in a way that could affect a whole set of devices. And the worst thing about it is that the average user can't do much to improve the security of their network, even if they have sufficient knowledge. Most of the responsibility lies with the service providers, together with hardware vendors, who don't seem concerned enough about security issues...
  • "On Her Majesty's Secret Service: GRX and Spy Agency", by Stephen Kho and Rob Kuiters. This quite an intriguing talk on how and why GCHQ hacked the Belgian GRX provider was given by experts from the KPN CISO team and concluded the 2nd day of the conference. The first part of the talk was a technical description of the GRX protocol, it's functionality and weaknesses, and which kind of information can be leaked; in the second part the speakers presented the results of "extensive network scanning" that they conducted during the last several months. It's really scary that there are a lot of devices running vulnerable and *terribly* outdated software on GRX networks.

Socializing at 44CON

The Networking has been made easier with Gin O'Clock, a one-hour break in the afternoon schedule (on both conference days), which was especially dedicated for human interaction and socialization in the intimate atmosphere of the conference bar. A traditional red double-decker bus was there to provide British ale, cider and Pimm's; every attendee was also offered a free glass of gin & tonic.

Some of The Materials have already been published and they are available at Slideshare.

Overall, The Experience was really great and we are looking forward to attending the next 44CON in 2015!

Charney on Trustworthy Computing: ‘I Was the Architect of These Changes’

Threatpost for B2B - Tue, 09/23/2014 - 08:53
Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about the company’s […]
Syndicate content