The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 21 October 2015
MALWARE DISGUISES AS GOOGLE CHROME BROWSER CLONE
FROM THE MEDIA
A modified Google Chrome browser is enabling attackers to show unwanted ads and redirect victims to malware infection pages. The browser clone, dubbed eFast, is based on the Chromium open source browser. The eFast browser not only redirects users to malware infection pages but also installs an infected .exe file during installation.
Read the Story: Softpedia
iSIGHT PARTNERS ANALYST COMMENT
The eFast browser is one of several (including Unico Browser, BoBrowser, MyBrowser and others) based on the open-source Chromium browser that purport to be helpful but instead serve ads and collect user information. The infected .exe file dropped installs the adware Eorezo, which initiates advertisement pages in Microsoft Explorer. iSIGHT Partners encourages the use of established legitimate browsers, such as Safari, Firefox or Chrome.
RELATED iSIGHT PARTNERS REPORTS
15-00008802 (Notable Developments in Cyber Crime Tools during July 2015), 27 Aug. 2015
Threatscape Media Highlights (Google Pulls Listening Software from Chromium), 26 June 2015
HEALTH CARE ORGS FALL SHORT ON SOFTWARE SECURITY
FROM THE MEDIA
A recent Cigital study found that, the health care sector is falling behind other large industries in software security. Cigital’s Building Security in Maturity Model (BSIMM) found that health care organizations had lower scores than organizations in the financial services and consumer electronics industries, for example.
Read the Story: CSO Online
iSIGHT PARTNERS ANALYST COMMENT
Reports continue to find healthcare organizations lacking in security, and we continue to observe adversaries targeting the sector for patient health information, personally identifiable information and financial data. Poor software security practices enable adversaries to obtain unauthorized access or information and could result in these organizations facing financial repercussions.
RELATED iSIGHT PARTNERS REPORTS
ThreatScape Media Highlights (Healthcare Sector 340 Percent More Prone to it Security Threats), 25 Sept. 2015
Intel-1141784 (Malicious Mobile Health Applications May Appear as the Use of Mobile Health Apps Grows), 29 June 2014
Intel-1137721 (Recent Service Advertisements Indicate Chinese Actors Expanding Their Targeting of Health Care Data), 20 June 2014
ANONYMOUS ATTACKS TWO JAPANESE AIRPORTS
FROM THE MEDIA
Anonymous launched DDoS attacks against two major Japanese airports’ websites. The attacks were issued in protest over the Japanese dolphin-hunting industry. Airport authorities noted that air traffic was not affected, however Narita airport’s website was down for 8 hours.
Read the Story: SC Magazine
iSIGHT PARTNERS ANALYST COMMENT
While the article attributes the airport attacks to “the hacktivist group Anonymous,” we have only observed the Twitter user “@_RektFaggot_” claim responsibility. It is worth noting that any actor can claim attacks in the name of Anonymous and that the term represents an amorphous movement rather than a cohesive group. We surmise that recent DDoS attacks against the Japanese Government, including against the two airports, are being conducted primarily by the actor @_RektFaggot_ .
RELATED iSIGHT PARTNERS REPORTS
15-00011520 (Recent #OpKillingBay Activity), 19 Oct. 2015
15-00010958 (Overview of these DDoS Attacks Against Two Japanese Airports), 12 Oct. 2015
Intel-1028112 (Report on a Hacktivist Group’s Activity Motivated in Part by Animal Rights), 29 Jan. 2014
INSECURE INTERNET-CONNECTED KETTLES HELP RESEARCHERS CRACK WIFI NETWORKS ACROSS LONDON
FROM THE MEDIA
Researchers with Pen Test Partners discovered a security vulnerability in the iKettle, a WiFi kettle, that allowed them to crack WiFi network passwords. The iKettle allows users to connect their kettle to their home WiFI network and use an accompanying mobile app to activate the device from a location within their home. The researchers were able to use a directional antenna aimed at the target home to force the kettle into disconnecting from the home’s WiFi network and reconnecting to a spoofed network using the home network’s password, thus revealing the password to the researchers.
Read the Story: Softpedia
iSIGHT PARTNERS ANALYST COMMENT
The theft of network credentials as a result of an “Internet of Things” vulnerability demonstrates the risk posed by introducing seemingly innocuous internet-enabled devices into a network. Enterprises considering introducing WiFi-enabled devices should ensure these systems have been tested for vulnerabilities, have a mechanism for receiving security updates, and are recognized as part of the attack surface.
RELATED iSIGHT PARTNERS REPORTS
ThreatScape Media Highlights (Got a Samsung Smart Fridge? Your Gmail Log-In Could be Open to Cyber Attacks), 27 Aug. 2015
15-00001826 (Open Interconnect Consortium Establishes New Liaisons to Advance IoT Interoperability Standards), 23 March 2015
Intel-1234296 (September 2014 Baseline for the ‘Internet of Things’ (IoT): Excitement Continues, but Security Concerns Growing), 15 Sept. 2014
IS IT STILL POSSIBLE TO DO PHONE PHREAKING? YES, WITH ANDROID ON LTE
FROM THE MEDIA
South Korean researchers recently discovered weaknesses in South Korean and US VoLTE networks that could allow an actor to spoof phone calls, overbill customers and conduct denial-of-service attacks. According to Carnegie Mellon University’s Computer Emergency Response Team (CERT), each mobile phone operator’s flaws are different and thus will require tailored updates. According to Google, an Android software patch will be released next month. CERT states that iOS is not affected.
Read the Story: PC World
iSIGHT PARTNERS ANALYST COMMENT
Many of the attacks described in the researchers’ paper involve installing a malicious app on the victim’s device; this app could then perform activities such as placing data or video calls or blocking calls made by the device’s owner. We have not yet noted any examples of malicious apps that abuse VoLTE networks, but it would likely be attractive to some mobile malware developers; for example, an app could place calls to a premium number affiliated with the attackers, in much the same way that current SMS-sending malware operates.
RELATED iSIGHT PARTNERS REPORTS
Intel-1234226 (Common Types of Mobile Malware), 10 Sept. 2014
Intel-1026681 (Russian Premium SMS Malware), 18 Feb. 2014
Intel-1011405 (Android Voice-Call Malware), 19 Dec. 2013
The post ThreatScape Media Highlights Update – Week Of October 21st appeared first on iSIGHT Partners.
