now browsing by tag


North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors

North Korean hackers are using Android apps with malware to target the country’s defectors, according to researchers from security software firm McAfee.

The Android apps, which were detected as Google Play Store malware, go beyond the usual unwanted advertisements and attempted scams. The apps track and blackmail the targets for escaping North Korea.

North Korea Launches Targeted Malware Attacks
A North Korea hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee.

The team behind the attacks was Sun Team, instead of the more infamous Lazarus, which was previously linked to the WannaCry ransomware from a year ago. This was not Sun Team’s first attempt at this kind of attack though. In January, McAfee spotted the same attempt, but it required the targets go out of their way and download the apps with malware outside of the Google Play Store.

The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store. Compared to the first attempt, the new method of attack may have been more convincing, as the apps were downloaded from the official app store for Android devices.

Google Play Store Malware Harasses North Korea Defectors
The three apps were uploaded to the Google Play Store between January and March. The first app was Food Ingredients Info, which offered information on food, true to its name. The second and third apps were FastAppLock and Fast AppLock Free, which functioned as security tools.

The apps, however, were laced with malware. Once installed, the malware used Dropbox and Yandex to upload data and issue commands. The hackers were able to steal their targets’ personal data, which could then be used to track, threaten, and blackmail them.

It is unclear, however, how effective the apps were. They have now been removed from the Google Play Store after McAfee contacted Google, but only after recording about 100 downloads. McAfee said that it was able to identify the malware early on, and that there have been no public reports of being infected with them.

Being careful in downloading apps does not only apply to North Korean defectors though. Targeted malware attacks may come in any form, so users will need to be very cautious with the apps that they install, even if they come from the Google Play Store.


The post North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

A new #way to #spread #malware and #problems with a #programmable #credit #card

A new way to use Microsoft Office to spread malware, hackers move fast to leverage another Adobe Flash exploit, and problems with a programmable credit card.

Criminals often try to trick users into infecting themselves by opening a zipped Microsoft Office document attached to an email. The document has a link to a malicious website. Barracuda Networks said this week the latest scam is to disguise that link so it fetches the website not through a web browser but through a communications protocol called Samba. Then malicious code is downloaded. Often it starts with victims get a message with something like ‘Your bill is attached.’

One thing you can do it beware of web page links in messages that start with “file://” rather than the expected “http://”

Barracuda says employees also should be regularly trained and tested to increase their security awareness.

Adobe Flash has long been a favoured way for attackers to get malware onto your computer. You download what’s supposed to be a Flash update or a Flash-based presentation, and instead you’re infected. A new hole was just discovered and patched by Adobe. However, Security Affairs reports that a researcher has discovered the popular ThreadKit exploit kit used by hackers is already now trying to use that exploit.

What can you do? A lot of these exploits are spread through email, so you’ve got to be wary of opening messages with attachments. Savvy criminals may target you, so don’t assume that because a message is from your boss, a friend or a relative that it’s valid. Many people disable Flash as a precaution. Those who don’t make sure their Flash is updated from a reputable site.

Finally, a California company named BrilliantTS has a problem with its Fuze Card, a smart card with a programmable security chip that looks like a credit card. The idea is you program the chip with data from several of your credit cards so you only carry the Fuze Card. However, Ars Technica reports two researchers have discovered a way that uses Bluetooth to impersonate the Android app that loads credit card data onto the smart cards. BrilliantTS says a fix will be released April 19th.

I don’t know if the card can be used in Canada. Your local bank or organization behind credit and debit cards has to approve its use for their processes. But it’s another lesson that there’s no quick fix for any problem in your wallet.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, your Alexa Flash Briefing or wherever else you listen to podcasts. Thanks for listening.


The post A new #way to #spread #malware and #problems with a #programmable #credit #card appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Like most of government and private sectors and industries around the world, organisations in Oman also face the same cyberthreats, including ransomware, malware attacks as well as data privacy and protection challenges.

The primary cybersecurity threat to Oman is email-borne malware. Ransomware and phishing attacks are also on the rise, says an expert.

Speaking exclusively to Muscat Daily, Raj Sabhlok, president of ManageEngine, the brand known for making efficient and thoughtful IT management software and a division of the popular Zoho Corporation said, “Going forward, one of the key challenges Oman will face is risk that Internet of Things (IoT) and Artificial Intelligence (AI) pose to enterprise data and IT security. In the IT departments, those external threats compound the internal threat of poor IT management practices. The internal threats range from lax endpoint management such as failure to containerise enterprise data on employee-owned devices to inconsistent application patching, weak password management, and more. Healthcare and financial services are top targets of cyberattacks.”

Speaking on the integration to the role of IT management and cybersecurity in addressing the latest technology developments in global cloud, networking, and security management, he added, “Recent security breaches have made it clear that just about any IT element can become an attack vector, and improper IT management just paves the way for cybercriminals. With latest technology developments in cloud and elsewhere, organisations need to be proactive in IT management, so that the opportunities and benefits do not come at the cost of breaches, data theft, and other cyberattacks.

“Of course, the IT management tools must support that proactive posture, both as individual products as well as an integrated suite.”

On the safety of cloud, Sabhlok said, “Over the years, cloud companies have invested heavily in the security of their cloud infrastructure and applications. The investments include the resources needed to create redundant copies of data, encrypt data, authenticate users, and more. Amazon Web Services (AWS) has more than 1,800 security controls for its services, the BBC reports. And the exponential adoption of cloud technologies in the recent past is a testament to the overall security of the cloud.

“Meanwhile, cloud vendors continue to enhance the security of their offerings so that they comply with the growing array of data protection and data privacy laws such as EU’s General Data Protection Regulation, and South Africa’s Protection of Personal Information Act. Going forward, cloud vendors will have to scale their IT to accommodate relentless growth: Gartner predicts worldwide public cloud services revenue will reach US$411.4bn in 2020 compared to the 2017 revenue of US$260.2bn. Mobility will be another challenge for cloud vendors as well as keeping operating and capital expenses in check as demand for their services grow.”


The post PRIMARY #CYBERSECURITY #THREAT TO #OMAN IS #EMAIL-BORNE #MALWARE, SAYS #EXPERT appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How can you #protect your #website from #malware and #cyberattacks?

Source: National Cyber Security News

From defacements to backdoor files, what kinds of malware should you be aware of?

Cybersecurity is at the forefront of many businesses’ strategies for 2018, as the breaches, malware incidents and disclosure of many vulnerabilities last year showed just how weak the defences of some of the world’s largest firms really are.

Website owners are at an elevated risk of compromise and, with nearly every business required to have an online presence, the dangers could affect everyone from SMEs to large corporations.

Threats come in all shapes and sizes

Malware comes in a deceptive amount of incarnations, from phishing kits to simpler, flat HTML files. SiteLock was able to examine its categorisation data to find that cyber-criminals are seeking out long-term access to targets in order to facilitate complex malware that steals traffic, spreads more malware and lines the pockets of additional malware.

General malware

General malware or unique encoded malware accounts for 44.04pc of all instances detected by SiteLock’s scanners. Although this type of content can be heavily obfuscated and is often generated at random, there are key indicators that give it away, such as the context of the file’s location based on how the website is structured, file behaviours and how exactly the file is obfuscated.

Read More….


View full post on National Cyber Security Ventures

Forever 21 #POS #Devices Contract #Malware #Infections

Source: National Cyber Security – Produced By Gregory Evans

Apparel retailer Forever 21 said in the end-week of December 2017 that malware infection on its point-of-sale machines resulted in hacking of data related to payment cards from a few specific stores during the year. Reportedly, the attack got aggravated due to encryption absent on those machines.

The $4bn retail firm based in Los Angeles published one news release on December 28 to confirm that some party with sinister intentions gained admission into data from the credit and debit cards of a section of customers during the period April 3-November 18, 2017. The attacker could do so via a malware-laced assault combined with inadequate POS security.

With a cyber forensics company that Forever 21 hired, investigation into the problem started. Initially when concrete details couldn’t be obtained, the retail firm cautioned about a few POS devices within certain Forever 21 stores as being impacted where there was little utilization of encryption. posted this dated January 2, 2018.

It got determined from the investigation that encryption was halted while malicious software was loaded onto certain devices within a few stores in USA at different times from 3rd April-18th November, 2017.

In addition, Forever 21 stated that a machine which logged entire transaction authorizations on payment cards too had malicious software planted onto it within a few of the outlets.

And while it isn’t yet known about the data hack’s intensity it’s also still not clear about the number of outlets and customers impacted albeit Forever 21 is presently having suppliers of POS machines and cyber-security experts with whom it’s working for enhancing its future security.

‘Forever 21’ was as well working with the hacked point-of-sale device manufacturer, the payment processors along with law enforcement for additional probe into the online infiltration, the business firm stated.

Meanwhile, the apparel shop isn’t alone in being victimized with the kind of attack. Point-of-sale contaminations are an increasingly frequent mode by which crooks carry out big-scale seizures of credit and debit card information. Among the targets so far, the Hilton hotel chain, Target the big-box retailer as well as restaurant chains are also included.

The post Forever 21 #POS #Devices Contract #Malware #Infections appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

Source: National Cyber Security – Produced By Gregory Evans

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.

The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.

The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.

The post Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Attackers #hijack #state agency #server for #malware

Source: National Cyber Security – Produced By Gregory Evans

Attackers #hijack #state agency #server for #malware

Cybercriminals are always upping their game. One of their latest gambits, a sophisticated phishing attack that involved hosting malware on at least one state’s government servers, shows that they may be outpacing the good guys.

The multistage targeted attack, discovered and announced last week by researchers at the Cisco Talos threat intelligence group, began with the bad actors creating a realistic-looking “spoof” email that purported to be from the Securities and Exchange Commission. This spear-phishing email was sent out to a number of government agencies in a highly targeted scheme, which the researchers deduce came from a motivated threat actor or group that continues to operate.

At the government agencies where the phishing emails succeeded, the online criminals were able to surreptitiously plant malicious code on government servers in at least one state, Louisiana, to create a “malware infection chain” likely to dupe other targets. Representatives from the state of Louisiana had no comment for this story.

According to Craig Williams, senior technical leader at Cisco Talos, this attack is similar to previous so-called DNSMessenger attacks, which have become more frequent this year, whereby sophisticated techniques are used to infect legitimate enterprise and government computer systems with viruses, ransomware, Trojans and other types of malware.

“We have threat hunting techniques specifically designed to detect DNSMessenger,” said Williams, describing how he and his team of researchers tracked this exploit and the infected state government server. “Once we examined the malware sample, that led us to the web server.” He added that it appeared only “a single server” was affected.

While the researchers appear to have exposed this attack before it could gain too much traction (and impact more government servers), the growing creativity and sophistication of both the phishing attacks and hackers’ ability to insert malware into a legitimate government enterprise servers underscores how much more crafty and talented cybercriminals are becoming, according to Williams. “By using ‘known good’ servers, attackers are hoping to go unnoticed,” he said. “No one would normally question someone connecting to a state of Louisiana public web server, for example.”

And the government sector is becoming an increasingly attractive target for such attacks. According to the 2017 U.S. State and Federal Government Cybersecurity Report, released in August 2017 by SecurityScorecard, government organizations received the lowest security scores across multiple sectors, including transportation, retail and healthcare. “It’s clear that cybersecurity incidents are not going anywhere and that government will continue to remain a target,” the report concluded. “But with technology propelling forward and hackers as motivated as ever, government agencies are struggling to put up effective cybersecurity defenses, and hackers are taking advantage.”

Williams agreed. “We will likely see the actors behind DNSMessenger continue to use any public server they can compromise,” he said. “It helps the actors hide their infrastructure and go undetected longer.”

The post Attackers #hijack #state agency #server for #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

FormBook is the new malware from attackers targeting manufacturing, defense, and aerospace firms in the South Korea and the United States.

According to the expert FireEye researchers, Formbook was identified in numerous distribution campaigns attacking the U.S. with emails containing unauthentic XLS, DOC, or PDF files. Even similar attacks from FormBook have been identified in South Korea through emails containing malicious files in ZIP, ACE, ISOS, and RAR formats.

With functional payloads, Formbook creates grabber to steal the data, the same being advertised in various hacking forums since 2016. Keylogging, tracking HTTP/SPDY/HTTPS/HTTP2 forms, network requests, stealing passwords from the browsers, email clients, clipboard monitoring, and taking screenshots are some of the prominent capabilities of FormBook.

There have been wide assortments of distribution mechanisms leveraged by the attackers of such email campaigns to distribute the information from FormBook malware, as posted on 9th October 2017 on the

As confirmed by the FireEye experts, an important and exclusive feature of this malware is that is can read ‘Windows ntdl.dll module’ to memory from the disk. This is the exported function of the FormBook making ineffective the API monitoring and user-mode hooking mechanisms.

There is a self-extracting RAR file that delivers the payload execution to the FormBook. During the instigation of launch,an AutoIt loadersrun and compile the script. This script decrypts the files from FormBook payload into a memory and then carry the execution process, confirm the researchers.

But overtime the researchers have identified that FormBook can also download NanoCore, which is a remote access Trojan or RAT that was first witnessed in 2013 and readily sold on the web. Taylor Huddleston, the author of the same was arrested for this in March 2017.

Besides the United States and South Korea, the malware has targeted other countries, such as United Kingdom, France, Poland, Ukraine, Hungry, Russia, Australia, Germany, and Netherlands.Even the archive campaign has hit the prominent countries of the world like United States, Belgium, Japan, Saudi Arabia, France, Sweden, Germany, and India.

The FormBook holds the potential to hit Windows devices, and hence it has become an urgent need for the high-end institutions to look to a more secure solution and upgrade their Windows operating system. As for now, it is announced strictly to not open any suspicious emails or click on unidentified links or download any unknown attachments from any unrecognized email address.


The post CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Copy-Pasting Malware Dev Made $63,000 From Mining Monero on IIS Servers

Source: National Cyber Security – Produced By Gregory Evans

A malware author (or authors) has made around $63,000 during the past five months by hacking unpatched IIS 6.0 servers and mining Monero. ESET researchers just recently uncovered the attacker’s operation. Experts say the malware author used CVE-2017-7269, a vulnerability in IIS 6.0 servers to take over vulnerable machines and…

The post Copy-Pasting Malware Dev Made $63,000 From Mining Monero on IIS Servers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Malware Attacks Reveal European Cybersecurity Gaps

Source: National Cyber Security – Produced By Gregory Evans

In the wake of two major malware attacks in Europe this past summer, contractors based in the region who wish to do business with the Pentagon and other U.S. government agencies need to ensure proper cybersecurity measures, according to one analyst.  In May, the United Kingdom’s National Health Service and…

The post Malware Attacks Reveal European Cybersecurity Gaps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures