IO General Correspondent – Sam Rosenthal
China Behind Ransomware Attacks
14 March 2016
Reuters (BEIJING) – Security researchers at Dell SecureWorks, Attack Research, InGuardians and G-C Partners identified similar tactics used in several attacks since December. The researchers believe the attacks originated from China. The firms do not have conclusive evidence, but the similar tactics used across many cases indicates a high amount of organization and skill. The researchers believe that a state-actor is likely involved in the attacks. Source: http://www.reuters.com/article/us-china-ransomware-idUSKCN0WG2L5 (Reliability: High)
11 March 2016
Softpedia (BUCHAREST) – On Thursday, 10 March 2016 hackers infiltrated the servers of Staminus, a cyber protection firm. Staminus provides DDoS attack protection for businesses with a hybrid server system making it difficult for hackers to attack and cause damage to their clients’ sites. In the breach, hackers accessed the company’s backbone servers used to store their clients’ information for backups and remotely shut down the servers and stole information. The hackers criticized Staminus’s weak measures to protect their client’s information including keeping credit card information in plaintext files, single password locking, and lack of updates.
Source: http://news.softpedia.com/news/hackers-breach-ddos-protection-firm-staminus-501625.shtml (Reliability: High)
Advertising-Based Cyberattacks on Major News Sites
16 March 2016
PCWorld (SAN FRANCISCO) – On Sunday, 14 March 2016 hackers coordinated “malvertising” attacks on the BBC, The New York Times, Newsweek, and MSN tricking the site into posting malware infected advertisements. The hackers submitted the infected advertisements to major advertising companies which then distributed them to the major publications. The advertisements were infected with malware and ransomware that would attack users that clicked on them. While malvertising is common, an attack on this scale is out of the ordinary.
Source: http://www.pcworld.com/article/3044874/security/large-advertising-based-cyberattack-hit-bbc-new-york-times-msn.html (Reliability: High)
Cyberespionage Groups Stealing Digital Certificates to Sign Malware
16 March 2016
CIO (FRAMINGHAM) – Symantics researchers discovered a Chinese hacking organization, now given the name “Suckfly,” used stolen digital certificates to sign malware to make the program appear legitimate. The researchers found several of the digital certificates had been used to sign malware since 2014. Suckfly used the malware to create a backdoor into the networks of companies and governments. The group used nine certificates stolen from South Korean companies to conduct attacks. Several other malicious groups have used stolen certificates for malware before.
Source: http://www.cio.com/article/3044801/cyberespionage-groups-are-stealing-digital-certificates-to-sign-malware.html \ (Reliability: High)
BlackEnergy Malware Identified
17 March 2016
CIO (FRAMINGHAM) – Researchers from Cisco’s Talos group say that the ransomware program named TeslaCrypt 3.0.1 is, for the time being, impossible to decrypt. Developers of the malware performed several updates on the program to close security gaps. Previously to the updates, researchers developed several tools to decrypt files from the malware but the gaps these programs are now closed. The FBI and several cyber security groups state that ransomware is a growing threat and malware developers are pushing out frequent updates to fill weaknesses in the scripts.
Source: http://www.csoonline.com/article/3045294/security/teslacrypt-ransomware-now-impossible-to-crack-researchers-say.html?token=%23tk.CSONLE_nlt_cso_salted_hash_2016-03-17&idg_eid=358f6d9e1cf6d0bcc452789380d3722e&utm_source=Sailthru&utm_medium=email&utm_campaign=CSO%20Salted%20Hash%202016-03-17&utm_term=cso_salted_hash#tk.CSO_nlt_cso_salted_hash_2016-03-17 (Reliability: High)