Millions stolen from banks through sophisticated malware

February 14, 2015 – 7:05 PM

Hackers infiltrated over 100 banks in several countries, stealing millions of dollars in possibly the largest bank theft the world has seen, according to a report published by the New York Times on Saturday.

The Times said it received an advance copy of an upcoming report by Moscow-based Kaspersky Lab that details how banks in Russia, Japan, the United States, and other countries fell victim to malware starting in late 2013 that allowed the hackers to watch video feeds, view daily operations, and impersonate bank officials.

The malware apparently allowed the hackers to transfer money from the banks to fake accounts. According to the Times, Kaspersky Lab said the total theft could be more than $300 million, although the cybersecurity firm has not nailed down an exact figure. Each transaction was limited to $10 million and some banks were hit more than once, according to the publication.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, of Kaspersky’s Boston office, told the Times.

Kaspersky Lab does not name the banks involved in the massive theft operation in its report, and no banks have revealed that they have been hacked, according to the Times.

Source:
http://arstechnica.com/security/2015/02/report-millions-stolen-from-banks-through-sophisticated-malware/

Ninite – Install and Update All Your Programs at Once

February 12, 2015 – 9:19 PM

I just recommended this to a Windows user out of sympathy and noticed that I’ve never actually blogged about it, so I would like you to meet Ninite (if you haven’t met already – it’s been around for a while now).

It’s simple to use and has a large selection of popular freeware and open source applications. Just choose the applications that you want to install, download the Ninite installer, then walk away and do something fun while it does all the work for you. The service installs the software with default settings and says “no” to any extra crapware (like browser toolbars) the installers might try to sneak in.  Run the installer again later and it updates the applications to the latest versions for you.  Supports both Windows and Linux.

Features:

  • start working as soon as you run it
  • not bother you with any choices or options
  • install apps in their default location
  • say no to toolbars or extra junk
  • install 64-bit apps on 64-bit machines
  • install apps in your PC’s language or one you choose
  • do all its work in the background
  • install the latest stable version of an app
  • skip up-to-date apps
  • skip any reboot requests from installers
  • use your proxy settings from Internet Explorer
  • download apps from each publisher’s official site
  • verify digital signatures or hashes before running anything

Site:
https://ninite.com/

Simplocker Android ransomware variant identified, tougher to decrypt files

February 10, 2015 – 5:50 PM

A new and improved variant of Simplocker ransomware for Android devices is currently being distributed, according to Avast.

When Simplocker was first identified in June 2014, it was considered possibly the first ransomware for Android devices that encrypts files. However, the encryption key was hardcoded inside the malware and was not unique for each device, meaning the so-called “master key” could simply be used to unlock any infected device without paying the ransom.

That is not the case anymore.

“This new variant has a more sophisticated way to encrypt the files inside the device,” Nikolaos Chrysaidos, Avast mobile malware analyst, told SCMagazine.com in a Tuesday email correspondence. “It generates a unique key for each device that it infects, making it more difficult to decrypt the files on each device.”

The latest variant of Simplocker infects users when they navigate to less-than-reputable websites and are alerted that they have to download a “Flash Player” to watch videos, a Wednesday post indicates. Once the app is installed and opened, the “Flash Player” requests administrator privileges that, when granted, activates the ransomware.

Source:
http://www.scmagazine.com/simplocker-variant-generates-unique-key-for-each-infected-device/article/397470/

DDoS malware for Linux systems comes with sophisticated custom-built rootkit

February 6, 2015 – 7:54 PM

A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that’s custom built for each infection.

The malware, known as XOR.DDoS, was first spotted in September by security research outfit Malware Must Die. However, it has since evolved and new versions were seen in the wild as recently as Jan. 20, according to a new report Thursday from security firm FireEye, which analyzed the threat in detail.

XOR.DDoS is installed on targeted systems via SSH (Secure Shell) brute-force attacks launched primarily from Internet Protocol (IP) addresses registered to a Hong Kong-based company called Hee Thai Limited.

The attacks attempt to guess the password for the root account by using different dictionary-based techniques and password lists from past data breaches. FireEye observed well over 20,000 SSH login attempts per targeted server within a 24-hour period and more than 1 million per server between mid-November and end of January.

When the attackers manage to guess the root password they send a complex SSH remote command — sometimes over 6,000 characters long — that consists of multiple shell commands separated by semicolons. These commands download and execute various scripts as part of a sophisticated infection chain that relies on an on-demand malware building system.

Source:
http://www.csoonline.com/article/2881134/malware-cybercrime/ddos-malware-for-linux-systems-comes-with-sophisticated-custombuilt-rootkit.html#tk.rss_news

US health insurer Anthem suffers massive data breach

February 5, 2015 – 5:20 AM

Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals.

Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company’s CEO Joseph Swedish in a public statement, in which he says they were the victims of a “very sophisticated external cyber attack.”

“These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data,” he shared, and added that, as far as they can tell for now, “no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”

“Anthem’s own associates’ personal information – including my own – was accessed during this security breach,” he noted, and promised that they will notify each of the affected customers in writing (via a letter), and provide credit monitoring and identity protection services free of charge.

The breach impacted customers of all their product lines: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. But, the final number of affected individuals is still to be determined.

Source:
http://www.net-security.org/secworld.php?id=17917

Page 30 of 351« First...1020...2829303132...405060...Last »