The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 2 December 2015
AUSTRALIA BUREAU OF METEOROLOGY HACKED
FROM THE MEDIA
According to the Australia Broadcasting Corporation (ABC), Australia’s Bureau of Meteorology (BoM) has been hacked. According to the ABC, the hack was massive and will cost millions of dollars to fix. Furthermore, ABC noted that unnamed officials have blamed China for the alleged hack. There are currently no details around whether any data was stolen or exactly what systems were hacked.
Read the Story: BBC
iSIGHT PARTNERS ANALYST COMMENT
There are currently no shared indicators or other details regarding the incident, although we are continuing to actively search for more information. However, public reporting regarding the intrusion describes plausible circumstances. Furthermore, media reports claim that actors with ties to China are suspected in what appears to be similar activity affecting a supercomputer associated with New Zealand’s National Institute for Water and Atmospheric Research. Though we have not tied the following instances to attempts to directly exploit meteorological supercomputers, iSIGHT Partners has previously reported on Chinese-nexus activity targeting weather related government entities, such as activity conducted by actors leveraging the “Dragon OK” and “Pitty Tiger” Trojans to target Taiwan’s Central Weather Bureau.
RELATED iSIGHT PARTNERS REPORTS
13-24713 (DragonOk Trojan Targets Central Weather Bureau in Taiwan), 12 March 2013
13-23842 (Analysis of the PittyTiger Trojan), 28 Jan. 2013
GREEK STATES HIT BY BITCOIN RANSOM DEMAND
FROM THE MEDIA
Three Greek banks have been targeted for a third time in five days. The attackers, known as “Armada Collective,” have demanded a 20,000 bitcoin ransom from each bank. Armada Collective has threatened to shut down the banks’ websites if the ransom is not paid.
Read the Story: CNBC
iSIGHT PARTNERS ANALYST COMMENT
The group purporting to be Armada Collective has demonstrated characteristics inconsistent with previously observed Armada Collective activity, indicating this might be a case of impersonation. The demanded ransom far exceeds the typical 10 to 40 bitcoins Armada Collective has consistently demanded in prior attacks. Further, these attacks appear to be more persistent than previously observed Armada Collective attacks. Malicious actors would benefit from impersonating Armada Collective because it has a significant reputation that might lend more credibility to their threats than newly created alias would.
RELATED iSIGHT PARTNERS REPORTS
15-00012330 (Recent Extortion-Linked DDoS Attacks Target Multiple Organizations; Many Attackers Likely Inspired by DD4BC), 1 Dec. 2015
15-00013004 (Cyber Crime Threats During the 2015 Holiday Season), 23 Nov. 2015
15-00004760 (DD4BC Extortion Campaign May Inspire Copycat Attacks; Additional DD4BC TTPs Identified), 29 May 2015
USING HTTPS ON YOU WEBSITE? WE’LL SEE YOU IN COURT
FROM THE MEDIA
A Texas-based firm, CryptoPeak, holds a US patent that they claim includes the widely used elliptic curve cryptographic (ECC) key. Many websites use ECC to implement encryption to safeguard data transactions. Organizations such as Netflix and Yahoo, among others, have already been named in legal cases.
Read the Story: ZDNet
iSIGHT PARTNERS ANALYST COMMENT
While iSIGHT Partners has not reviewed CryptoPeak’s complaint in detail, we surmise that the lawsuit, if successful, could result in significant reparations to CryptoPeak. However, even if successful, we doubt the case will discourage the growing use of encryption by major websites. It is plausible that CryptoPeak is little more than a so-called “patent troll,” an organization that exists solely to sue other organizations for patent infringement, as media reports hint.
RELATED iSIGHT PARTNERS REPORTS
ThreatScape Media Highlights (Gmail to Snitch on Unencrypted Mail Servers), 17 Nov. 2015
14-00000120 (Free Automated HTTPS Certificate Issuing Process ‘Let’s Encrypt’ Likely to Encrypt Malicious and Legitimate Web Traffic), 18 Dec. 2014
15-00006238 (‘Grunt’ Advertises Encrypting Ransomware with Capabilities Similar to CTB-Locker/OphionLocker), 21 July 2015
OVER 70 PERCENT OF INDIAN COMPANIES HAVE FACED CYBER-ATTACK
FROM THE MEDIA
Almost 72 percent of Indian companies have faced cyber attacks in 2015, according to KPMG. Furthermore, espionage and financial gain were the main motives for the attacks. KPMG’s Cyber Crime Survey Report found that 94 percent of respondents reported believing that cyber crime is a major threat.
Read the Story: NDTV
iSIGHT PARTNERS ANALYST COMMENT
While we cannot confirm the specific claims regarding the amount that cyber crime has increased in India, we continue to observe numerous cyber crime operations originate from India and have no reason to doubt the continued growth of Indian cyber crime over the past year. The results of this survey reinforce the importance of developing security measures that go beyond traditional technical defenses for enterprises. User education, incident response and intelligence all play important roles in preventing and effectively responding to modern cyber crime operations.
RELATED iSIGHT PARTNERS REPORTS
15-00013082 (Cyber Criminal Targeted Intrusions as a Threat to Financial Institutions in the Asia-Pacific Region), 24 Nov. 2015
Intel-1258323 (CryptoWall Ransomware Primarily Infects Victims in India, South Africa and Europe During Late September 2014), 14 Oct. 2014
Intel-1146794 (Country Threat Profile: India), 27 June 2014
UNPATCHED FLAWS ALLOW HACKERS TO COMPROISE BELKIN ROUTERS
FROM THE MEDIA
Security researcher Rahul Pratap Singh has published details for several unpatched vulnerabilities in Belkin’s N150 wireless home router. A session hijacking issue and HTML/script injection flaw are among the issues disclosed. According to Singh, the issues reside in the latest firmware version, version 1.00.09.
Read the Story: Security Week
iSIGHT PARTNERS ANALYST COMMENT
We would consider these vulnerabilities to be low- to medium-risk and pose a low threat to enterprise environments. The affected routers are intended for home use, but it is possible that some companies have implemented them into their corporate environment, especially in smaller offices. Further, employees that work remotely or utilize mobile devices over their home networks could unintentionally expose enterprise resources to such attacks, but we believe that level of targeting and exploitation is unlikely.
RELATED iSIGHT PARTNERS REPORTS
15-00003250 (Home Routers Located in Western Countries Continue to be Exploited En Masse), 28 April 2015
ThreatScape Media Highlights (600,000 Cable Routers Found to Have a Backdoor within a Backdoor), 27 Nov. 2015
ThreatScape Media Highlights (Cisco Router Break-Ins Bypass Cyber Defenses), 16 Sept. 2015
EU AGENCIES BOOST EUROPOL FOWERS TO FIGHT TERRORISM AND CYBER CRIME
FROM THE MEDIA
The European Parliament and Council has agreed to extend Europol’s powers to combat cyber crime and terrorism. The new regulation will enable Europol to establish units for immediate response to emerging threats. Furthermore, the regulation will allow Europol to contact social media organizations directly and inquire about profiles potentially used by terrorist organizations, or request to have the profiles shut down.
Read the Story: Computer Weekly
iSIGHT PARTNERS ANALYST COMMENT
While iSIGHT Partners has not yet reviewed the draft regulation in detail, we surmise that it will prove difficult to significantly boost Europol’s effectiveness in combating cyber crime emanating from beyond EU borders. In April 2014, a Europol spokesman noted that 85 percent of cyber crime cases Europol handled centered around Russian-speaking organized cyber crime groups. Russia’s generally poor record on cooperating with international cyber crime investigations has often stymied law enforcement efforts. If passed by the full EU Parliament, the regulation will take effect on April 1, 2017.
RELATED iSIGHT PARTNERS REPORTS
ThreatScape Media Highlights (Europol and Spanish Police Team up in Cyber Crime Bust), 14 July 2015
Intel-1295446 (eCrime Marketplaces Taken Down in ‘Operation Onymous’ Almost Certainly Being Replaced by Alternatives), 24 Nov. 2014
Intel-1267317 (Europol Claim Regarding Russian Cyber Criminal Heist Would Likely Indicate Shift in Traditional Operations), 23 Oct. 2014
The post ThreatScape Media Highlights Update – Week Of December 2nd appeared first on iSIGHT Partners.
