Friday, March 15, 2013

Weekly Threat Trends March 3-11 2013

Vulnerabilities, Tools, and Tactics

Rogue Apache modules appear to be the source of a surge in iFrame injection attacks targeting legitimate websites like those used in the compromise, to drive traffic to the Blackhole exploit kit. How the rogue modules are being injected is still unknown:

Malicious Java applet uses certificate stolen from Clearesult Consulting to exploit trust and install automatically:

A report released from Cenzic claims 99% of web applications remain vulnerable to attacks, calling for increased emphasis on mitigation:

Free malicious Java applet generating tool discovered in the wild. The tool can clone a legitimate website, creates a malicious java applet, then redirect victims to a site of the attackers choice:

Web browser proxy auto-configuration tactic used in recent banking campaigns in Brazil to capture and redirect certain user traffic, expected to increase in use globally.

Example of Android mobile malware commoditization found in an ad for the tool “perkele lite,” used to intercept and forward SMS messages.

Adversary Activity & Campaigns

Bank DDoS attacks resume: Izz ad-Din al-Qassam, believed to be directly supported by the Iranian government, announced and began execution of a new phase of attacks targeting US banks. ,

Emerging phishing campaigns, exploiting payroll and banking trustADP TotalSource Payroll Invoice: Bank of America:

Targeted attack against Australia’s central bank, Reserve Bank of Australia (RBA) succeeded in compromising at least one system. Target of the attack was information which included Group of 20 negotiations. China is implicated.

Kaspersky discovers AlbaBotnet being used to target Chilean banks in an emerging campaign.

APT-1: Industry reporting attribution of past campaigns to APT-1, including US, Japan, and India victims, thanks to indicators from Mandiant’s report. One example: , ,

Surge in reports of hacktivism

Czech central bank, stock exchange, banks hacked: defaces Time Warner Cable: Gulf Oil Company (Agoco) by QuisterTow: Aramco Twitter account hacked: Israeli sites hacked and defaced: 180 Egypt sites hacked by P@khTuN:

Defense and Response News

China, in response to Mandiant and related APT-1 claims, begins a response campaign claiming they are the victim of repeated US sourced intrusions, calls for new international agreements on cyber: ,

Deutsche Telekom unveils real-time map of global cyber-attacks detected on their global infrastructure:

Microsoft launches new Cybercrime Center to combat piracy and malware:

New cyber security, forensics center formed by UMASS to advance research on cyber security and forensics theory:

Prolexic successfully defends against large scale DDoS against utility:

No comments:

Post a Comment