Trickbot malware hits more than 40 countries – and your bank account is at risk
A notorious computer Trojan which can be used by cybercriminals to drain bank accounts is now active in more than 40 countries across the world, researchers have found. At current count, experts found that it is targeting banks in more than 40 countries spanning Asia, Europe, North America, South America, Australia and New Zealand. The number of infections in Latin America remains small, but IBM researchers believe that such a strategy is run-of-the-mill for the cybercrime gang responsible, which is known to “test the waters” before adding local banks to its list of official targets. In its research, IBM said Trickbot has spread quickly to dozens of countries and language zones. The research also suggested that the cybercriminals behind the attacks have been “experimenting with other ideas,” These include serving up the Trojan directly from fake banking websites and using new types of malicious code to illicitly mine cryptocurrency from victims’ machines. “Its targets are mostly business banking, wealth management and private banking services, which means that the malware’s operators are after corporate money and hefty illicit profits. The malicious software – known as “Trickbot” – was most recently spotted infecting machines across Latin America including Argentina, Chile, Colombia and Peru, according to Limor Kessem, a security expert at IBM’s X-Force division, in an analysis this week (11 October. That hasn’t happened yet, but that doesn’t mean the Trojan is not a threat, IBM said. “The TrickBot Trojan is an evolving malware project that appears to have funding and alliances in the cybercrime arena,” Kessem wrote in a blog post. Targeted individuals – if duped – enter their usernames and passwords into the fake websites which, in reality, send their credentials straight to the criminals.
New Netflix phishing campaign sees hackers targeting business emails to steal your credit card data
“The attacker hopes that you reuse the same password for your personal email account or, if the attacker is very lucky, for your work email account. The cybercriminals behind the campaign are targeting users’ personal as well as business emails, in hopes of harvesting their personal and corporate credentials. The cyebrcriminals have been sending out a phishing email, which purports to be coming from Netflix, requesting users to update their account details. Security experts at PhishMe, who uncovered the recent Netflix phishing campaign, say that the cybercriminals operating this scam have also been targeting customers of Wells Fargo, Comcast Chase Bank and TD Bank since June. “The Netflix phish works to trick those busy people into giving up login information,” PhishMe researchers said in a blog. Targeting corporate emails may be a clever move on the attackers’ part because typically, people try and handle minor issues as quickly as possible. The cybercriminals have been using the same email address (associationpresident3 at gmail dot com) in five different phishing toolkits. The phishing campaign also tricks users into divulging their credit card data, which can then be used by the scammers to steal money. Netflix users beware — a new phishing scam targeting users of the popular streaming app has been spotted by security experts. The stolen credentials can be used by the cybercriminals to access other accounts, in case victims have reused passwords.
Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions
Hackers hit Pizza Hut earlier in October and reportedly stole customers’ financial information. Pizza Hut said that its website was hacked and some of its customers who used the fast food chain’s website and app were affected by the breach. Although Pizza Hut reportedly sent out emails notifying its customers of the breach, the alerts came two weeks after the company’s website was hacked. Some users took to Twitter to complain about the delayed notification. Some customers also reported fraudulent card transactions, which they suspect may have occurred due to the Pizza Hut hack. “Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” the company said in an email sent to affected customers, Bleeping Computer reported. What’s causing so many data breaches and leaks? 7% of all Amazon S3 servers exposed online “Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the fast food chain added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.” It is still unclear as to how many users may have been affected by the breach and whether the hackers were able to get their hands on any corporate data.
Subaru key fobs can be ‘hacked’ and used to unlock cars for just $25
A computer engineer called Tom Wimmenhove said on GitHub, an online code repository, that he found the Subaru key fob’s rolling code – the internal system used to securely lock and unlock car doors – was “predictable” because it was sequential, rather than random. “An attacker can ‘clone’ the key fob, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user’s key fob unusable,” he wrote alongside the source code. The exploit has only been tested on a 2009 Subaru Forester but the researcher said it would work on a range of models because the fob used is the same. Key fobs linked to multiple models of Subaru cars in America are reportedly vulnerable to hacking using components costing as little as £19 ($25. In London, UK, investigators from Scotland Yard’s Organised Vehicle Crime Unit are currently probing numerous cases of BMW thefts where tech-savvy criminals appear to be using electronic key fobs to launch so-called “relay attacks. In June, it emerged that some models of Mazda vehicles were open to hacking by inserting a modified USB drive into the car dashboard. “This technology used to be confined to more high-end vehicles but it is becoming more widespread and therefore there is a potential for ‘relay attacks’ to become more common,” commented police detective sergeant Pete Ellis this week (13 October. Wimmenhove said he that previously attempted to contact Subaru to responsibly disclose the vulnerability, however said the company “didn’t seem to care. To combat such attacks, key fobs should be kept in Faraday wallets to jam radio signals. In September, experts managed to hack a Tesla Model S.
Hyatt Hotels data breach: Hackers accessed visitors’ credit card info from 41 hotels in 11 countries
“While we estimate that the incident affected a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period, the available information and data does not allow Hyatt to identify each specific payment card that may have been affected,” Floyd said, noting that the Chicago-based company has taken measures to prevent this from happening in the future. Hyatt Hotels discovered that its payment systems were breached, exposing visitors’ payment card information from 41 hotels in 11 countries earlier this year. The hospitality giant said its cybersecurity team found signs of unauthorized access to customers’ payment card data from cards manually entered or swiped at the front desk of some Hyatt-managed locations between 18 March and 2 July. In late 2015, Hyatt said its payment processing system was infected with a malicious card-stealing malware that impacted 250 hotels in around 50 countries. Hyatt said it launched a “comprehensive investigation” into the breach and is working with leading third-party experts, payment card networks and authorities. “Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems,” Hyatt’s global president of operations, Chuck Floyd, said in a statement. The compromised customer information included cardholder names, card numbers, expiration dates and internal verification codes. The largest number of Hyatt properties impacted were based in China with 18 hotels and Mexico with 4 hotels. The company has not specified how many customers were potentially affected in the breach. Hyatt has advised all customers who visited one of their hotels for any unauthorized charges or suspicious behaviour.
We Heart It hacked: Personal data of more than 8 million accounts compromised in data breach
“Since 2013 we have made significant upgrades and improvements to our systems, security protocols, password security, and database,” We Heart It said in a blog post. We Heart It, the once-popular image-bookmarking site used by millions of teens said it suffered a data breach that compromised the data of more than eight million accounts. The company said it was alerted by Troy Hunt, security expert and founder of the data breach notification website Have I Been Pwned, of the security breach that took place “several years ago. Although the passwords were encrypted, the company noted that the encryption algorithms used to encrypt them back in 2013 “are no longer secure due to advancements in computer hardware. The compromised data included usernames, email addresses and encrypted passwords for We Heart It accounts created between 2008 and November 2013. It also recommended that users update their passwords on other platforms and services if they happen to use the same login credentials across different sites. “We would like to apologise to all of our users who were affected by this breach,” the We Heart It team said. “The company is currently contacting all affected users via email and has advised them to change their We Heart It password if it has not been updated since 2013. “Additionally, we have taken immediate action to further protect all We Heart It account passwords with additional encryption using the secure bcrypt algorithm. “We are in the process of updating all user passwords with this additional encryption as expeditiously as possible.
‘All modern WiFi networks’ now vulnerable to hackers, millions of Android devices at risk
The Krack attack – which needs attackers to be in close range of a target – takes advantage of WPA2’s “4-way handshake” system which devices joining a network use to communicate securely. He said any information previously thought to be encrypted is currently at risk, adding that the technique – branded Key Reinstallation Attack, or “Krack” – is able to bypass the security of devices running Android, Linux, Windows, MediaTek, OSX and more. “If that no longer works, it makes the devices on your network a lot more vulnerable – attackers in proximity will now be able to talk to them. “Any device that uses WiFi is likely vulnerable,” the security expert warned – a shocking assertion as so much of modern technology relies on the networks. The WPA2 protocol that secures all modern WiFi networks used by smartphones, routers, laptops and internet-of-things (IoT) devices has been cracked, meaning that all data transmitted over such connections is open to hackers and cybercriminals, research suggests. The WiFi Alliance, a US body which oversees security of devices using the protocol, said the issues should be able to be resolved with “straightforward software updates.”Alex Hudson, a security researcher, said on his website that the only answer for some Android devices was to switch off the WiFi function completely. Vanhoef said that it was “trivial” to intercept Android data and that 41% of devices running the OS are at risk to one variant of his key reinstallation attack. Changing your WiFi network password will do nothing to stop the attack, the research said. To prevent the attack, users must update all affected products as soon as security updates become available – but in some cases this may take weeks.”
MP police cyber cell busts Indo-Pak gang involved in credit card fraud
Busting an international gang of credit card hackers, the cyber wing of Madhya Pradesh Police has arrested two persons on Monday who are accused of making large-scale online purchases by hacking information on credit cards. The two accused, both residents of Mumbai, are suspected to be associated with a gang of international cyber criminals, run by Pakistani citizen Shaikh Afzal aka Shozi. Speaking after the arrest of credit card hackers, Superintendent of Police (SP) of State Cyber Cell of Indore unit, Jitendra Singh said that two Indian members of this gang, identified as Ramkumar Pillai and Ramprasad Nadar, were arrested following a complaint made by a bank official from Agar Malwa district. “We have learnt that Shozi is a native of Lahore and got married only last year. Shozi visits different countries across the world. He was in Uzbekistan when Nadar and Pillai talked to him last time through Skype. We are trying to confirm these details,” the Superintendent of Police said. The duo purchased hacked credit card details from some websites on the dark web and later paid for the information through Bitcoin. “If this payment is measured in terms of Indian currency, it costs only Rs 500 to Rs 800 to buy details of every credit card,” Singh added. The gang members bought air tickets and travel packages of Bangkok, Thailand, Dubai, Hong Kong and Malaysia by using this information of hacked credit cards. They also shopped costly items online using the hacked details, said the official. Singh said the accused also used to send half the amount, they spent by misusing the credit card details, to Shozi by secret online methods. The accused also used to select the online e-commerce website, where they do not need a one-time password (OTP) to make a purchase. So, the holders would get the information about the misuse of credit cards only after the payment. Singh said initial investigation revealed that both the accused have made purchases of about Rs 20 lakh by misusing the details of 17 credit cards so far. However, this figure may go up after further investigation. He said that the police have been searching for a resident of Jabalpur, who is also learnt to be connected with this gang.
Taxpayers targeted by spam emails posing as HMRC to take control of computers
“These phishing attacks lure their victims into downloading malware disguised as fake VAT return documents using spoofed messages appearing to have been sent from the government tax department,” Abbasi continued. “Motivated by lucrative returns and equipped with modern malware, these cybercriminals capitalise on events to launch phishing attacks targeting global victims,” said Fahim Abbasi, a researcher at Trustwave, in a blog post dated 13 October. UK taxpayers have been warned to be on high alert after a wave of booby-trapped emails was recently caught posing as tax return messages from Her Majesty’s Revenue & Customs (HMRC. “They are also aware of various deadlines such as those used by governments for tax returns and use this information to instil a sense of urgency. “The phishing messages contained the subject line “VAT Return Query” and went on to inform recipients that a recent tax filing had a series of vital errors. According to cybersecurity firm Trustwave, the HMRC scam was found to be in circulation on 6 September this year, with the fraudsters deploying spoofed email messages containing links to the “JRat” Trojan, which can give hackers full control over targeted computers. Abbasi noted: “Scammers exploit the simplicity provided by email to further their cause. “These cybercriminals are well aware of online processes and dependence of online mechanisms used by both public and private sector organisations. Users need to be particularly careful since such scams are quite active during tax return season. “It remains unclear if any of the phishing emails were successful at infecting victims.
Adobe Flash vulnerability exploited by BlackOasis hacking group to plant FinSpy spyware
The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities,” Anton Ivanov, lead malware analyst at Kaspersky Lab, said. Once the Flash vulnerability has been exploited and the FinSpy malware is installed on the targeted computer, the spyware “establishes a foothold on the attacked computer and connects to its command and control servers located in Switzerland, Bulgaria and the Netherlands, to await further instructions and exfiltrate data,” researchers said. Security researchers have discovered a new Adobe Flash vulnerability that has already been exploited by hackers to deploy the latest version of FinSpy malware on targets. Kaspersky said BlackOasis used the previously unknown Flash flaw in an attack on 10 October. Kaspersky Lab researchers said a hacker group called BlackOasis has already taken advantage of the zero-day exploit – CVE-2017-11292 – to deliver its malicious payload via a Microsoft Word document. Researchers believe that the BlackOasis group also targeted another zero-day exploit – CVE-2017-8759 – in September. “This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another,” Kaspersky said. In 2016, researchers said they observed heavy interest in Angola “exemplified by lure documents indicating targets with suspected ties to oil, money laundering and other activities. “According to Kaspersky’s assessment, BlackOasis targets various figures involved in Middle Eastern politics, including key people in the United Nations, opposition bloggers, activists and regional news correspondents. The malware used in the attack is the most recent version of FinSpy, equipped with multiple anti-analysis techniques to make forensic analysis more difficult.