It is currently 23-10-2017 01:50

High-profile events and current hacker trends Jun. meganews #210

High-profile events and current hacker trends Jun. meganews #210

by sigismund » 2016-07-11 22:35:27

The first summer month showed that the "high season" exists not only in tourism industry but in the industry infobezopasnosti. June was unimaginably rich "plum" variety of information from databases of popular web services and databases, it would seem have no relation to the Internet. Increased also the activity of botnets, many of which have upgraded their structure and method of distribution. Not far behind botnets and phishers, began in June to develop new topics for themselves.

hard times

24 June 2016, the Russian state Duma adopted in the second and third readings the so-called "anti-terrorism package" of laws (No. 1039149-6) developed by the MP Irina Yarovaya and Senator Viktor Ozerov. The media has called these laws "the toughest in many years".

For example, one of the bills implies that all applications that work with the use of encryption, are required to provide the keys to decrypt the data the secret services — and it's not just instant messaging and mail, and almost all web services. How can we be MIME, financial systems (e.g. SWIFT) and HTTPS in General, it is in General unclear. Another amendment relates to appeals to the "justification of terrorism" in social networks: they are equal to the statements in the media, and the punishment is up to seven years of imprisonment. Another requirement imposed on Telecom operators: they will be obliged within six months to keep records of phone calls and the messages exchanged between users. The metadata will be retained for three years.

Industry representatives generally agree with the opinion of the journalists. Criticizing the "anti-terrorism package" was already made by the company Mail.Ru Group and "Yandex", the profile of the Association the RAEC and the ROCIT and even the working group "Communication and it" at the government of Russia. The operators, members of the "big four" ("MegaFon", MTS, "Vympelcom" and Tele2), also sent a letter to the Chairman of the Federation Council Valentina Matvienko with a request to reject an anti-terrorism package of bills. Edward Snowden said that "Russian law Big Brother's unhealthy, it's an unnecessary violation of rights, which should never be signed". And Pavel Durov told the newspaper Izvestia that his company engaged in the development of Telegram messenger is not going to fulfill the requirements of the "Spring package", regardless of any possible fines.

Suspicious attitude of Russian authorities towards the it industry is evident not only in lawmaking but also in trying to interact with network resources. For example, the head of Roskomnadzor Alexander Zharov has called Wikipedia "a resource that promotes drugs and suicide" after the failure of "Wikimedia RU" from cooperation when editing content encyclopedia. "They are against cooperation with any authorities and they make a consensus was impossible", — said the press-Secretary of Roscomnadzor Vadim Ampelonskiy. Given that technically make changes to Wikipedia can be anyone, and the number of existing independent editors has 1.8 million people, it's really hard to understand what to look for such cooperation, and what exactly it should be.

However, we cannot say that the actions of the Russian authorities is something special: information security this year one way or another attended to all countries of the world. In the U.S., for example, Customs and border protection jointly with the Ministry of internal security are going to require aliens entering the country to include their accounts in social networks Twitter, Instagram, Facebook or LinkedIn.

Creative hacking

In darknet seen a device that can clone Bank card fifteen per second from a distance of 8 cm Device called Contactless Infusion X5 collects the card number, expiry date, and — if the chip stores the expanded data set, the name of the owner, his address and a statement of recent transactions on the account. The device has dimensions of 98 x 65 x 12.8 mm and weighs only 70 grams, so that to detect an intruder who tries to steal data from your card, easy.

Researchers from the University of Michigan figured out how to embed the processor in the system of invisibility and even created this chip. A backdoor can be embedded directly in the manufacturing process, without the knowledge of the developer, and to detect it almost impossible.

Researchers from the University of Illinois came up with a hardware exploit-oriented smartphones: the attack is called VibraPhone transforms the ordinary vibration motor of a smartphone in analogue microphone that is able to capture and record all the surrounding sounds. However, it first had to replace the hardware circuit, working with the vibration motor, and the sound quality is not very good. But it can be made out and, therefore, this is the real hardware vulnerability.

The experts at Pen Test Partners in early June reported the successful hacking of systems elektrovagonniy Mitsubishi. It turned out that the model the Mitsubishi Outlander PHEV is vulnerable to the simplest technique of attack — brute force. The car comes with a seven-digit security key (Wi-Fi), which you can pick up a maximum of four days. Having access to a Wi-Fi module, the researchers were able to take control and disable the car's alarm. It seems that in the near future we can expect a massive car theft hacked via Wi-Fi.

The specialists of "Doctor Web" found Trojan cryptomanager 1C.Drop.1, which infected computers with installed accounting applications 1C and demanded a ransom. Trojan was distributed via mailings to contractors "infected" accounting. Specialists claim that malicious files for 1C periodically since 2005, but a full Trojan Trojan they met for the first time.

Researchers from the University named after Ben-Gurion had created a program that can steal information through normal computer cooler. The program GSMem can transmit data from an infected PC, even for the most old push-button telephone, adjusting the fan speed and transmitting the audio noise in a code on the GSM frequency. The researchers write that in one minute you can pass from 3 to 15 bits of information, depending on the capabilities of the cooler. During the tests to "catch" the result is a regular phone at a distance of 8 m.


Security Intelligence Report: threats of our time

Researchers from Microsoft published a concise report that is a distillation of a huge 198-page report published in may this year. A stripped-down version of the annual report are briefly outlined today's network threats.

Vulnerabilities become more serious. 41.8% of bugs were critical, with a marked increase in this number is caused by numerous problems the IoT devices. 44.2 percent of vulnerabilities last year were found not in the browsers and OS, but cloud platforms, IoT hardware, routers and other network equipment.

The number of Trojans increased by 57% over the year. 40% of hacking attempts originate from the same sets of exploits, and it is the result of the popularity of the scheme malware-as-a-service, which is increasingly used by attackers.

Content of Adobe Flash found on 90% of the threat to users of the web pages. Exploitation of bugs Java goes out of fashion, now the undisputed leader is Adobe Flash.

Phishers on vacation

Researcher Alex Maccaw discovered a new malicious campaign, having received a suspicious text message, supposedly written by Google. The attackers are ingenious in advance and prepare the victim to receive the one-time code for two-factor authentication. Looks like the good old social engineering never goes out of fashion.

Symantec experts found that in June we had fans of pirate games: potentially hazardous soft began to spread through the sites that are disguised as torrent trackers for gamers. The attackers approach the masking creatively: use the logo of uTorrent and publish a special manual to bypass the protection mechanism of the game, but the manual helps them to disable UAC protection mechanism of Windows accounts.

Phishers are seriously interested in bitcoins: researchers from the OpenDNS team has identified more than a hundred resources that mimic the websites of various bitcoin wallets and services. To attract victims, fraudsters use is the Google AdWords. Many of such sites are hosted on IP addresses that have previously been used to phishing sites, banking portals and spam. According to researchers, the blockchain and cryptocurrency are now in the Zenith of his fame, so that attack clearly will continue, and users should carefully verify domains and addresses.

Botnets of the month

Necurs is one of the largest botnets in the world, in early June, simply disappeared from radar. It was discovered by the researchers of a number of companies, independently from each other to pay attention to a sudden halt the spread Dridex malware and Locky. Dridex is a banking Trojan known long, and Locky is one of the most dangerous to date cryptographers. It is not surprising that the specialists noticed their disappearance very quickly. Careful joy experts, as many had expected did not materialize: Necurs returned and resumed their activities. The researchers note that Necurs goes offline is not the first time, and in the past, these periods usually meant that the operators of the botnet carry out an upgrade of infrastructure. Yet Concern continues to distribute and Locky Dridex, so it is unclear what unpleasant surprises are prepared for industry operators of the botnet.

The company's specialists Imperva in early June found advertising the botnet, which is automatic finding and hacking websites through SQL injection. The system bombards the victim with HTTP requests whose fields are filled with code T-SQL is an extended version of SQL for Microsoft and Sybase. If the injection is successful, in the various text fields in the database are added to the HTML frame that displays up to 45 optimizatorskih links. Most of them wind the rating link-farms. Links are periodically updated by the botnet.

Analysts Sadbottrue found a large botnet, which consists of about 3 million Twitter accounts. Bots generate reports on a variety of topics (a total of more than two and a half million messages) and spam. The researchers note that the accounts of the botnet were registered in one day, that is created at a rate of about 35 registrations per second. Usually check a large number of new accounts immediately attracts the attention of the administration of the service and subject to investigation, but somehow, in this case this did not happen. Who controls the botnet is still unknown.

The researchers of the company Sucuri found the botnet, consisting of surveillance cameras. According to the company, the botnet comprises 25 thousand units and is used for DDoS attacks, Layer 7 (35-50 thousand HTTP requests per second) that can bring down almost any server. Almost a quarter of the infected devices are located in Taiwan. Also, a large number of infected devices was seen in the United States, Indonesia, Mexico and Malaysia.


the history of the development ransomware

the Specialists of "Kaspersky Lab" presented an interesting analytical material, which summarized the result of the evolution of ransomware and ransomware over the years. Today cryptofirewall are a real scourge, and a new malware of this type appear almost every day. The figures presented in the report allow us to understand how bad it really is.

From April 2014 to March 2015, the most actively spread CryptoWall Cryakl, Scatter, Mor, CTB Locker, TorrentLocker, Fury, Lortok, Aura, and Shade. They attacked a total of 101 568 users worldwide, it has been responsible for 78% of attacks of this kind. In 2015-2016, the situation has changed: now the top positions belong to All, CTB-Locker, Scatter and Cryakl responsible for the attack on 79,21% of users.

The total number of users, faced with extortionate AT in the 12 months from April 2015 to March 2016), increased by 17.7% compared to the same period in 2014-2015: from 1 to 2 967 784 315 931 users worldwide. The number of users attacked with the use of blockers of the screen decreased by 13.03% (1 836 673 in 2014-2015 to 1 597 395 in 2015-2016).

93,2% of people faced with extortionists were users of home security products. Corporate users ransomware attacked 13.13% of the cases, that is, the number of victims has doubled over the years.

Big plum

Hacker Peace_of_mind sells information about more than one hundred million accounts "Vkontakte". He had previously put up for sale information about hundreds of millions of accounts on LinkedIn, MySpace and Tumblr. Peace appreciated the information in one bitcoin (about $ 570 at current exchange rates). Simultaneously with Peace_of_mind data VK managed to get representatives of the aggregator leaks LeakedSource. The leak contains information about 100 544 934 accounts "Vkontakte": name of user, email, phone numbers, passwords. 92 out of 100 checked by journalists email addresses still belong to the active users of the social network.

A few days later, representatives LeakedSource reported that the number of compromised services joined Twitter: darknet for sale information about 379 million accounts. Twice unknown well-wisher, hiding under the pseudonym Tessa88, provided the resource LeakedSource copy fresh dumps with database accounts MySpace and Facebook. Now Tessa88 shared database of Twitter accounts, which, on assurances of the hacker, the data contain 379 million users. The monthly number of active Twitter users is around 310 million, so we can assume that the dump also contains information about the inactive users. In darknet database sell for 10 bitcoins (about $ 5820).

The notorious hackers GhostShell leaked the information about about 36 million users, extracted from 110 different MongoDB servers that were configured incorrectly and disclose the data to anyone who knows how to use Shodan. Hackers posted on Pastebin links to the archive volume 598 MB (5.6 GB uncompressed), which contains 110 folder with screenshots proving the penetration of the server, a text file that describes the configuration of the server, and dump the stored information. GhostShell write that publish all these data in order to draw attention to the problem of negligent attitude to safety.

The project team uTorrent warned their users about the compromise of the uTorrent forums, which was more than 388 thousand people. Apparently, it's in the platform Invision Power Board (IP.Board) to run the forums projects. According to Vice Motherboard, managed to get a sample of the leakage, compromise has been 34 thousand users: leaked email addresses, IP addresses, user names, and salted password hashes (SHA-1).

Experts of the company Rapid7 has prepared a study, which found more than 20 million open FTP and almost 8 million of MySQL databases. Also was seen by 14.8 million devices open to Telnet connections. Telnet traffic is not encrypted so the cyber criminals can easily intercept the credentials. On the basis of the collected information the researchers also compiled an "index of disclosure", which the Russian Federation is located at the nineteenth place out of fifty.

The specialists of "Kaspersky Lab" published a report on underground activities of a trading platform xDedic. They sell the hacked servers from around the world. Unknown well-wisher has shared with the researchers references to lists of cracked servers, posted on Pastebin (a total of 176 thousand records). The information was genuine.

Researcher Chris Vickery found unprotected CouchDB database with the data of the 154 million American voters, compromised in a hacker attack. The base was placed in the cloud, Google Cloud and contains comprehensive data on every citizen: address, city, state, postcode, phone number, age, gender, race, name, approximate size, monthly income, data on electoral activity and so on. Some reported even more detail — for example, whether children (or whether) a license for the weapon and the weapon itself, pointed out ' its social media accounts.

Hacker TheDarkOverlord, put in darknet data on health insurance 9 278 352 Americans. For this database, the attacker plans to earn 750 bitcoins (about 490 thousand dollars at the current exchange rate). According to the announcement of the hacker, the database includes name of user, address, city of residence, zip codes, email addresses, home numbers and mobile phone numbers, dates of birth, social security numbers and insurance policy. This dataset may be used for the different types of fraud — from opening a Bank loan to fiddling with the substitution of the personality.

The Network got a copy of the database World-Check — information about terrorists, "high-risk" individuals and organisations suspected of money laundering or linked to organized crime, corruption and so on. The database contains categories such as terrorism, legal entities, politicians, the military, crime and drugs. The researcher is of the firm MacKeeper Chris Vickery reported that the database contains information on more than 2.2 million entities. Officially, it is known that this database is regularly used by more than six thousands of customers from 170 countries, nine of the ten largest law firms, 49 of the 50 largest banks in the world, and more than three hundred governments and intelligence services.
Сообщений: 788
Депозит: 0 BTC

Rating: 5