Weekly Threat Report 9th December 2016

Infected routers vulnerable to further attacks?

A small number of TalkTalk and Post Office domestic Wi-Fi routers are reportedly vulnerable to a new variant of the Mirai malware known as ‘Annie’. The denial of service experienced by TalkTalk and Post Office customers last week is said to have been an unintended consequence of the attacker, who goes by the name ‘BestBuy’. The attack sought to infect vulnerable routers with ‘Annie’.

Recently, BestBuy also…

Link: Weekly Threat Report 9th December 2016
Source: NCSC Reports

Weekly Threat Report 2nd December 2016

Mirai targets router vulnerability

On Sunday 27th November 900,000 Deutsche Telekom customers were impacted by an attack from an adapted version of the Mirai worm. The attack resulted in customers being unable to connect to the Internet. This was followed by reports on Thursday 1st December that 100,000 Post Office customers had been similarly impacted as were UK customers of the Internet Service Provider (ISP) TalkTalk. The attack used the Mirai code, which scans and comprises IoT devices…

Link: Weekly Threat Report 2nd December 2016
Source: NCSC Reports

Weekly Threat Report 25th November 2016

ATMS in Europe targeted by cyber criminals

The cyber security firm, Group-IB, recently published a report on Cobalt, a suspected criminal group, that has been using a novel method to steal money from banks across Europe, including the UK, via ATMs.  According to Group-IB, Cobalt target banking organisations by using spear-phishing emails with malicious attachments that exploit software vulnerabilities. Once an attachment is opened the attackers can move through a bank’s network and…

Link: Weekly Threat Report 25th November 2016
Source: NCSC Reports

Weekly Threat Report 18th November 2016

Carbanak is Back

It is being reported that the hospitality sector is being targeted by the cyber-crime group Carbanak (also known as Anunak). The Carbanak gang were first identified by Kaspersky and are best known for a campaign in 2014 where they allegedly stole $1 billion from over 100 financial institutions worldwide. Security researchers at Trustwave have reported that Carbanak are now targeting the U.S. hospitality and restaurant industry’s point of sale systems.

The campaign…

Link: Weekly Threat Report 18th November 2016
Source: NCSC Reports

Weekly Threat Report 11th November 2016

Threat assessment and trend analysis

Old Tricks, New Bot

In September, the National Cyber Security Centre was made aware of a new banking Trojan called TrickBot, targeting the customers of online financial institutions in Australia and New Zealand. The latest version has added functionality and has primarily targeted the UK. Once infected, the attackers use web browser injects and redirection attacks to harvest banking credentials. TrickBot is distributed through both malvertising and spam…

Link: Weekly Threat Report 11th November 2016
Source: NCSC Reports

Weekly Threat Report 4th November 2016

The use of social media for cyber-enabled fraud is on the increase

Social media is increasingly used to commit cyber-enabled fraud according to recent reporting (by cyber security company Easy Solutions). Many of the 80 million fake social media profiles are reportedly used to facilitate cyber attacks. According to cyber security company, Proofpoint, 19% of accounts with top global brands are fake.

Social media attacks also recently tricked major UK banks’ customers into revealing…

Link: Weekly Threat Report 4th November 2016
Source: NCSC Reports

Weekly Threat Report 28th October 2016

Malware-infected ATMs compromise Indian debit cards

Indian media have reported that 3.2 million debit cards may have been compromised by ATM malware in what has been described as the “biggest ever cyber security breach” in the Indian banking sector. The Economic Times reported that debit cards belonging to large banks such as the State Bank of India (SBI), HDFC Bank, Yes Bank and ICICI Bank may have been compromised.

Although some reports indicate that the breach may have…

Link: Weekly Threat Report 28th October 2016
Source: NCSC Reports

Weekly Threat Report 24th October 2016

Threat assessment and trend analysis

Online Shoppers getting more than they bargained for.

A recent study has revealed an increase in the number of e-commerce websites infected with card-‘skimming’ malware.

Attackers have reportedly been exploiting unpatched software vulnerabilities in commonly used e-commerce software to modify the site’s source code. The modified JavaScript code then exfiltrates card details in real-time. These details are transferred to an off-shore…

Link: Weekly Threat Report 24th October 2016
Source: NCSC Reports

Weekly Threat Report 17th October 2016

New Trojan used in financial attacks

Symantec recently reported on a malware variant ‘Trojan.Odinaff’ which has been involved in a number of discreet campaigns targeting global financial organisations since January 2016. Organisations involved in banking, securities, trading and payroll appear to be the primary targets, with organisations providing the support services to these industries also of interest.

According to the report, US institutions have been most frequently targeted, followed…

Link: Weekly Threat Report 17th October 2016
Source: NCSC Reports

Weekly Threat Report 10th October 2016

Threat assessment and trend analysis

 

Dresscode Masquerading as Legitimate Android App

Risk of Trojanised Android apps

A family of mobile malware known as ‘Dresscode’ has been masquerading as legitimate Android apps since April, according to cybersecurity researchers. Over 3000 apps with embedded Trojans, including games, skins and phone optimisation tools, have been identified on sale from Android app stores, including 400 in the Google Play store alone.

How dresscode works

Once…

Link: Weekly Threat Report 10th October 2016
Source: NCSC Reports