Friday, March 15, 2013

Weekly Threat Trends March 3-11 2013


Vulnerabilities, Tools, and Tactics


Rogue Apache modules appear to be the source of a surge in iFrame injection attacks targeting legitimate websites like those used in the NBC.com compromise, to drive traffic to the Blackhole exploit kit. How the rogue modules are being injected is still unknown: http://t.co/29C1kXMLmA

Malicious Java applet uses certificate stolen from Clearesult Consulting to exploit trust and install automatically: http://www.net-security.org/secworld.php?id=14557

A report released from Cenzic claims 99% of web applications remain vulnerable to attacks, calling for increased emphasis on mitigation: http://www.net-security.org/secworld.php?id=14556

Free malicious Java applet generating tool discovered in the wild. The tool can clone a legitimate website, creates a malicious java applet, then redirect victims to a site of the attackers choice: http://t.co/4oDZsDdAL5

Web browser proxy auto-configuration tactic used in recent banking campaigns in Brazil to capture and redirect certain user traffic, expected to increase in use globally. http://t.co/V1s2TB2lCL

Example of Android mobile malware commoditization found in an ad for the tool “perkele lite,” used to intercept and forward SMS messages. http://t.co/10o3vJmrXj

Adversary Activity & Campaigns


Bank DDoS attacks resume: Izz ad-Din al-Qassam, believed to be directly supported by the Iranian government, announced and began execution of a new phase of attacks targeting US banks. http://t.co/E1UVVqamX0 , http://t.co/3oGt2BKE6A

Emerging phishing campaigns, exploiting payroll and banking trustADP TotalSource Payroll Invoice: http://t.co/5n8QilMqqM Bank of America: http://t.co/YlRBbncKJS

Targeted attack against Australia’s central bank, Reserve Bank of Australia (RBA) succeeded in compromising at least one system. Target of the attack was information which included Group of 20 negotiations. China is implicated. http://t.co/iHxZwwwp0W

Kaspersky discovers AlbaBotnet being used to target Chilean banks in an emerging campaign. http://www.securitybistro.com/blog/?p=5524

APT-1: Industry reporting attribution of past campaigns to APT-1, including US, Japan, and India victims, thanks to indicators from Mandiant’s report. One example: http://threatpost.com/en_us/blogs/apt1-themed-spear-phishing-campaign-linked-china-030613 , http://t.co/iQ4DrbJkn0 ,



Surge in reports of hacktivism

Czech central bank, stock exchange, banks hacked: http://t.co/WCA5c3yodYNullcrew defaces Time Warner Cable: http://t.co/yPJ4aK2e1TArabian Gulf Oil Company (Agoco) by QuisterTow: http://t.co/bDCrpnRKQBSaudi Aramco Twitter account hacked: http://t.co/RmQxB532aa54 Israeli sites hacked and defaced: http://t.co/YySGtJhf0GOver 180 Egypt sites hacked by P@khTuN: http://t.co/SJkUTcjq3u


Defense and Response News


China, in response to Mandiant and related APT-1 claims, begins a response campaign claiming they are the victim of repeated US sourced intrusions, calls for new international agreements on cyber: http://t.co/HO1NvvvZ6l , http://t.co/YmGGkZI2QW

Deutsche Telekom unveils real-time map of global cyber-attacks detected on their global infrastructure: http://t.co/We0TJJ6YOk

Microsoft launches new Cybercrime Center to combat piracy and malware: http://t.co/wllk2eJ0cw

New cyber security, forensics center formed by UMASS to advance research on cyber security and forensics theory: http://www.uml.edu/News/stories/2013/Cyber-forensics-center.aspx

Prolexic successfully defends against large scale DDoS against utility: http://t.co/yg6iU0Sx7g

No comments:

Post a Comment