InfoSec Week 3, 2017

Posted on 21 January 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Trustwave released the Carbanak gang campaign threat report called "Operation Grand Mars". The paper explains the modus operandi of the Carbanak group, malware distribution techniques, attack vectors. The interesting point is that the group uses Google Apps, Sheets and Forms as a part of their Command & Control infrastructure. But Trustware is not the only one reporting about this.
https://www2.trustwave.com/rs/815-RFM-693/images/Operation%20Grand%20Mars.pdf https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control

After unsecured MongoDB, cyber-criminals have taken control of and wiped the data from CouchDB and Hadoop databases as well.
https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit-couchdb-and-hadoop-servers/

Xylitol malware researcher discovered new Ransomware as a Service platform named Satan. Satan admin page is a Tor hidden service accepting Bitcoins. The administration panel also contains Droppers section, where the affiliates can create malicious Microsoft Word macros or CHM installers.
https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/ https://twitter.com/Xylit0l/status/821757718885236740

Blog post about the Ursnif banking trojan recent email campaign. It pretends to be DHL package notification email.
https://benkowlab.blogspot.ch/2017/01/a-journey-inside-ursnif-campaign.html

Proofpoint researchers discovered infection technique which is trying to trick users into downloading a font update package - malware - for their browser.
https://www.proofpoint.com/us/threat-insight/post/EITest-Nabbing-Chrome-Users-Chrome-Font-Social-Engineering-Scheme

Members of the Hamas Palestinian militant group have posed as women and tricked Israeli soldiers into installing malware on their phones.
https://www.bleepingcomputer.com/news/government/israeli-military-tricked-into-installing-malware-by-hamas-agents-posing-as-women/

Brian Krebs links young man named Paras Jha, owner of a distributed denial-of-service (DDoS) attack mitigation company ProTraf Solutions, to the Anna-Senpai pseudonym, creator and admin of the Mirai IoT worm.
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

Iranian OilRig malware is using digitally signed malware and fake University of Oxford domains targeting government agencies, financial institutions and technology companies in Saudi Arabia, Israel, the United Arab Emirates, Lebanon, Kuwait and Qatar, the United States, and Turkey.
http://securityaffairs.co/wordpress/55145/apt/oilrig-apt-itan.html


Comments !