The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 20 January 2016
Linux Kernel Flaw Puts Millions of Devices at Risk
From The Media
Tens of millions of Linux PCs and servers are at risk due to a local privilege escalation vulnerability that was introduced into the Linux kernel in 2012. The vulnerability, CVE-2016-0728, also affects about two-thirds of Android tablets and phones. The flaw affects Linux kernel version 3.8 and later, giving actors the ability to gain root privileges through kernel code execution.
Read the Story: Security Week
iSIGHT Partners Analyst Comment
As of now, we have no indication that CVE-2016-0728 is being exploited in the wild and have yet to observe any actor interest in targeting this vulnerability. Since exploit code is publicly available, we judge it would be relatively easy for an actor to exploit. However, since it is a privilege escalation vulnerability, an actor would need to pair it with an exploit for another vulnerability to achieve full code execution on a vulnerable system.
Related iSIGHT Partners Reports
16-00000804 (Linux Kernel Vulnerability CVE-2016-0728), 19 Jan. 2016
16-00000742 (Weekly Vulnerability Exploitation Report), 19 Jan. 2016
New Linux Trojan Takes Screenshots Of Desktop And Records Audio
From the Media
Antivirus company Doctor Web has detected a new Linux Trojan dubbed Linux.Ekocms.1. The Trojan is designed to take a screen shot of the victim’s computer every 30 seconds and save the image as a JPEG to a temporary folder. According to an examination of the Trojan, its developers are also working on a feature that allows the malware to record audio.
Read the Story: Tech Worm
iSIGHT Partners Analyst Comment
As described, this malware’s most notable feature is that it targets Linux devices, which is uncommon. Screen and audio capturing are commonly observed features and have been for some time. Such a tool could be used for reconnaissance purposes, but it almost certainly represents a minor threat due to its limited feature set and the large volume of images the actor would have to manually view to get any use out of the tool.
Related iSIGHT Partners Reports
15-00008734 (Advertisement Highlights Interest in Android RATs in the Chinese eCrime Underground), 3 Sept. 2015
Intel-1234226 (Overview of Common Types of Mobile Malware), 10 Sept. 2014
Intel-962423 (Actor ‘GFF’ Offers SMS and Voice Interception Malware for Android and BlackBerry), 4 Oct. 2013
‘Teens Who Hacked CIA Director Also Hit White House Official
From The Media
A hacker linked to Crackas With Attitude (CWA) recently targeted John Holdren, US President Barack Obama’s senior advisor on science and technology. The hacker, allegedly called “Fearz,” spear phished Holdren’s wife claiming to be Holdren, requesting the password for their joint Xfinity account. Holdren’s home phone was then forwarded to the Free Palestine Movement, similarly to the attack against US Director of National Intelligence, James Clapper.
Read the Story: Motherboard
iSIGHT Partners Analyst Comment
Although we have not observed any additional evidence of this latest social engineering attack by members linked to Crackas With Attitude, we believe it was successful given the similarities to CWA’s previous attacks. We have also previously seen Cracka and his close associates target close family members of high-level executives and US officials, almost certainly by leveraging readily available open-source information
Related iSIGHT Partners Reports
15-00013272 (‘Cracka’ Threatens Bank Executives; Other Commercial Sectors at Risk), 3 Dec. 2015
15-00013346 (‘Cracka’ Releases Chicago Police Officers’ Data Almost Certainly Obtained from Previously Compromised FBI Database), 2 Dec. 2015
15-00013104 (‘Crackas with Attitude’ Disbands Amid Discord; New Group Announced, Threat Activity Likely to Continue), 25 Nov. 2015
Twitter Outage Gets The Day Off To A Rough Start
From The Media
Twitter suffered a widespread outage on Tuesday, affecting countries worldwide. Both the web-based and mobile versions of Twitter were affected by the outage. Twitter has commented on the cause, claiming that it was not the result of malicious activity and that service has resumed.
Read the Story: NYTimes
iSIGHT Partners Analyst Comment
Twitter claimed the outage was a result of an internal code change rather than malicious activity. While there are no apparent security implications from this outage, it demonstrates the importance of accessibility to services like Twitter and the organizations that depend upon it.
Related iSIGHT Partners Reports
15-00014652 (Multiple Hacktivist Groups Threaten to Target Video Game Networks or Providers on Dec. 25, 2015), 8 Jan. 2016
15-00012868 (Update: Hacktivist Reactions to Paris Attacks-#OpParis and #OpISIS Attract Interest; Cracka to Target U.S. Governors), 18 Nov. 2015
Survey Shows Many Business Are Not Encrypting Private Employee Data
From The Media
Companies encrypting customer data are not encrypting employee data to the same extent, says a recent study by Sophos. Sophos surveyed 1,700 IT decision-makers and found that only 53 percent of organizations storing employee healthcare information encrypt them. The survey further found that only 57 percent of organizations storing HR records encrypt them. Stolen employee data is ideal for attacks against both other employees and their employers.
Read the Story: Naked Security
iSIGHT Partners Analyst Comment
Organizations may be more likely to prioritize new and incoming consumer data that needs to be secured while neglecting to treat employee data with the same concern. Stolen employee data, like data about individuals stolen from other sources, can easily be used to conduct or facilitate additional malicious activity, including phishing and financial fraud.
Related iSIGHT Partners Reports
15-00012148 (Threats to the Health Care Sector), 13 Nov. 2015
15-00000310 (TEMP. Zombie Actors Target Financial Sector Using E-Mail Address Later Leaked to Pastebin), 19 Feb. 2015
The post ThreatScape Media Highlights Update – Week Of January 20th appeared first on iSIGHT Partners.
