Wednesday, March 20, 2013

Weekly Threat Trends March 11-18 2013

Vulnerabilities, Tools, and Tactics

Android app developer licenses being sold in malware black market for $100 each, providing buyers “unfettered access to the official Google Play app store.” At least one purchase, accredited to a banking Trojan author has been leaked.

Malware authors using fictitious business created legally in Brazil to generate application certificates, using them to sign malware to evade detection.

According to a report by Websense, 85% of websites used in attacks during 2012 were “legitimate sites.”

Related: Israeli website for “international institute for counter-terrorism used in wateringhole attack to deliver malware.

Seagate blog website used to serve malware

Fake Bank of America Online Digital Certificate themed emails used in phishing attack.

Travnet Trojan implicated in APT campaign

Blackhole, Sweet Orange, and Cool exploit kits named top weapons for cyber crooks

ArchiveLock Trojan used in France and Spain targeted attacks to encrypt the files of users, demanding $5,000 ransom

Adversary Activity & Campaigns

Decoy ICS/SCADA Water Utility Networks hit by attacks

Warning of vulnerabilities among California energy providers

US Department of State and Pentagon’s Army National Guard websites hacked through SQL injection and XSS scripting attacks by Tunisian Cyber Army with assistance from Al Qaida Electronic Army. Purpose appears to be to gain information for upcoming OpBlackSummer, which the attackers claim us being coordinated with Chinese hackers.

APT1 Watch: Royal Bank of Australia (RBA), documents released in 2012 acknowledge victim status of at least two breaches in 2011 with close connections to APT1.

ADP Package Delivery Notification phishing attack directs victims to Blackhole Exploit Kit websites

Cyber Attack heads-up: campaign announced to “wipe Israel from the Internet on April 7, 2013.

Bank watch: JP Morgan Chase website taken down through denial-of-service

US NIST National Vulnerability Database hacked and taken offline for days

Continued in reports of hacktivism

42 Russian websites hacked by SiR Abdou

Celebrity financial information and social security numbers leaked following hack of free credit report provider

OpBlackSummer: US Govnerment sites hacked - Possible preparation for larger event

Toshiba Turkey Website defaced by reMin hacker

Anonymous takes down political party website in Italy

Indian Hacker “Godzilla” infiltrates Pakistan government websites and leaks information

Service Center Website of Acer Thailand defaced by Turkish hacker

Anonymous attacks Philippines President and related government websites

Poland Sergianist hackers destroy popular Traditionalist website

Syrian Cyber Eagles defaces Saudi General Authority for Tourism and Antiquities website

Anonymous defaces Philippines National Telecommunications Commission website

152 Spanish websites hacked in protest against the deaths of 7 Moroccan immigrants    

Defense and Response News

Pentagon creating new teams to launch cyberattacks

UK develops global cyber security capacity, supported by the ICSPA;Z1DVQo

HBGary releases virtual classroom for incident response professional

Cyber-attacks eclipse terrorism in impact according to US leaders

No comments:

Post a Comment