The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
STOLEN ASHLEY MADISON USER DATA PUBLISHED BY HACKERS
FROM THE MEDIA
The hackers who breached the dating website Ashley Madison recently published the stolen customer data. Allegedly, the stolen data has been leaked on the dark web, which cannot be accessed through conventional search methods such as Google. Released customer data consists of 9.7 GB of personal information, such as credit card information and customers’ names.
Read the Story: CNN
iSIGHT PARTNERS ANALYST COMMENT
The release was expected, as the Impact Team had demanded Ashley Madison be shuttered in exchange for not posting the data—a demand that was almost certainly not going to be met. If they have not already done so in the month since the breach was publicized, Ashley Madison clients should cancel any credit cards and change any e-mail accounts and passwords they suspect have been exposed. The group has previously expressed concern over law enforcement retribution and likely used TOR in an attempt to maintain operational security.
RELATED iSIGHT PARTNERS REPORTS
15-00008538 (Alert: Full Leak of Ashley Madison Data Posted), 18 Aug. 2015
15-00007120 (Impact Team Leaks Sample Data from Ashley Madison), 20 July 2015
CHINESE POLICE ARREST 15,000 FOR INTERNET CRIMES
FROM THE MEDIA
Police in China have arrested around 15,000 individuals for crimes that “jeopardized Internet security.” According to officials, the police have investigated 7,400 cyber crime cases; however, no timeline was provided detailing over what period the 15,000 arrests were made. China initiated a six-month-long campaign last month named “Cleaning the Internet,” which will focus on breaking cases and disrupting online gangs.
Read the Story: NDTV
iSIGHT PARTNERS ANALYST COMMENT
China continues its well-known practice of arresting individuals for failing to adhere to regulations, which include the regulation of political speech. Considering that there was neither a timeline provided nor an outline of what crimes individuals were arrested for, the number may simply be used to promote the image and perceived strength of the Chinese security apparatus.
RELATED iSIGHT PARTNERS REPORTS
15-00007002 (Draft Cyber Security Law Would Codify Existing Policies; Likely to Raise the Cost of Doing Business in China), 15 July 2015
14-00000090 (Country Threat Profile: China), 24 Dec. 2014
NUMBER OF DDOS ATTACKS ARE UP AGAIN, PARTICULARLY ‘MEGA’ ASSAULTS
FROM THE MEDIA
Large-scale “mega” DDoS attacks continue to increase, according to Akamai’s Q2 2015 State of the Internet report. In Q2, 12 attacks exceeding 100 Gbps took place. The largest observed attack (240Gbps) lasted over 13 hours. Akamai also noted a trend of less powerful attacks with longer durations.
Read the Story: IT Pro Portal
iSIGHT PARTNERS ANALYST COMMENT
The growth of DDoS attacks in the last year is likely to due to the continued development of commercial DDoS services and the apparent growth of DDoS extortion campaigns. Commercial DDoS services allow a wider range of actors (particularly gamers) to launch DDoS attacks for a low fee without the time, cost and expertise needed to develop their own DDoS capability. DDoS extortion campaigns create direct financial incentive for the creation and maintenance of extremely powerful DDoS capabilities.
RELATED iSIGHT PARTNERS REPORTS
15-00007358 (DD4BC Attacks Increasingly Affect Small Business Enterprises with an Online Presence), 4 Aug. 2015
15-00007290 (Threats to Cloud Providers), 31 July 2015
15-00007278 (Notable Developments in Cyber Crime and Tools during June 2015), 29 July 2015
“DARKODE” HACKER PLEADS GUILTY TO DISTRIBUTING FACEBOOK MALWARE
FROM THE MEDIA
Hacker Eric Croker, aka Phastman, has been charged with assisting other actors in gaining unauthorized access to over 77,000 computers though Darkcode, an online hacking forum. Croker was among 12 arrested after authorities took down Darkcode in July. He pleaded guilty to the charges, admitting to selling access to a botnet of compromised Facebook accounts.
Read the Story: Trip Wire
iSIGHT PARTNERS ANALYST COMMENT
Law enforcement is generally effective against individual operators or small groups operating in the same jurisdiction, as distributed tactics and tools used across borders can pose difficulties for law enforcement. Croker’s malicious activity will likely be continued by another actor using the same or similar malware given the common nature of similar operations in the underground. Users should be wary of clicking unknown links in Facebook, even those sent by the users’ friends.
RELATED iSIGHT PARTNERS REPORTS
15-00005418 (Group Profile: Lizard Squad), 26 June 2015
15-00005616 (Social Engineering Techniques Being Used Against Consumer Organizations to Facilitate Swatting Attacks), 19 June 2015
ThreatScape Media Highlights (Darkode Forum Resurfaces), 29 July 2015
THE NEW CYBER ATTACKS THREATENING PUBLIC SECTOR COMPANIES
FROM THE MEDIA
Cyber criminals have become more sophisticated, using existing methods of attack in new ways, according to Trend Micro. The company reported a 50 percent increase in the integration of the Angler exploit kit, a 67 percent increase in overall exploit-kit threats. It also reported increasingly specific targeting of the CryptoWall ransomware, with 79 percent of its infections occurring in the US.
Read the Story: Tech Week
iSIGHT PARTNERS ANALYST COMMENT
At the beginning of the year, iSIGHT Partners predicted an increase in the quantity and variety of threats. Researchers and sophisticated adversaries continue to develop novel means of conducting malicious activities. The novel work done by sophisticated actors becomes more widely accessible through education and sharing of techniques in the underground, proliferating them to less sophisticated actors.
RELATED iSIGHT PARTNERS REPORTS
15-00001636 (Wide-Ranging Predictions for 2015 Generally Expect Increase in Quantity and Variety of Adversary Activity), 20 March 2015
15-00001552 (Annual ThreatScape Report 2014—A Comprehensive Analysis of the Global Cyber Adversary Landscape), 18 March 2015
CHINESE RIGHTS WEBSITES HIT BY SUSPECTED HACKER ATTACK, GREAT FIREWALL BLOCKADE
FROM THE MEDIA
Unidentified hackers recently attacked a Chinese journalism website, affecting the site’s ability to allow contributors to upload posts. The website’s founder indicated that the hack did not affect articles or the homepage itself. He further noted the attack may also have affected the registration page, which is currently not functioning.
Read the Story: Radio Free Asia
iSIGHT PARTNERS ANALYST COMMENT
While attribution for this attack is unknown, the most likely culprits include the Chinese government, pro-government hacktivists, or someone whose misdeeds the website was exposing. The site’s coverage has likely earned it many opponents, and DDoS contract services are fairly inexpensive to rent. Additionally, the Chinese economy has recently experienced a number of financial shocks, amidst a general economic slowdown. The Chinese government, anxious about domestic instability, may be prompting these attacks in order to limit the availability of information that could spark unrest and opposition.
RELATED iSIGHT PARTNERS REPORTS
15-00002380 (Anti-Censorship Tools Hosted on GitHub Targeted by DDoS Attack), 3 Apr. 2015
15-00007312 (Turkish Hacktivists Target Chinese Websites), 24 July 2015
The post ThreatScape Media Highlights Update – Week Of August 19th appeared first on iSIGHT Partners.
