Search the Community
Showing results for tags 'Malicious'.
Reefa posted a topic in Security & Privacy NewsTechnology giants such as Yahoo and Google need to do more to protect consumers from hackers infiltrating their advertising networks to deliver malicious adverts – or even point users to sites that serve malware, the U.S. Senate has warned, according to CNBC’s report. The Senate Permanent Subcomittee on Investigations said that punishments needed to be targeted not merely at hackers, but also at advertising networks that failed to prevent them taking advantage of their online promotions. “Consumers can incur malware attacks [through online ads] without having taken any action other than visiting a mainstream website,” the subcommittee said, according to PC World’s report. The subcommittee referred to two incidents in which Yahoo and Google’s advertising networks were used to deliver malicious adverts, according to Network World’s report. The report said that some advertising networks scanned for malicious advertising, but “malvertisers” scanned for this and refrained from serving ads when in danger of detection, according to Network World. “We successfully block the vast majority of malicious or deceptive advertisements with which bad actors attack our network, and we always strive to defeat those who would compromise our customers’ security,” a representative from Yahoo said, according to Phys.org. The panel said that Yahoo or Google were not singled out as vulnerable – and that the industry as a whole was vulnerable to attacks. The use of malware to misdirect users means that the economics of such scams can be quite complex – with ESET’s Joan Calvet analyzing the techniques by which the Win32/Boaxxe BE malware family drive traffic to the “wrong” advertising networks in a post here. “Boaxxe.BE, is an impressive malware family with numerous sub modules, which takes lots of precautions to stay stealthy,” says Calvet, “For example, it won’t redirect users to ads when the user clicks on common websites (Wikipedia, Facebook…), or the maintenance of its own DNS cache in order to avoid relying on the too-noisy Windows cache.” A We Live Security guide to how to detect if your PC is infected, and avoid infection with “adware” and “badware” can be found here. Source
Reefa posted a topic in Security & Privacy NewsCriminals will not let any way to cheat an ATM machine out of its cash, as it’s one of the easiest way for them to get the hands on cash. ATM skimmers have now discovered a new and high-tech approach to target cash machines directly by inserting a physical notorious device into it instead. According to the Chinese press, two Ukrainian men arrested in Macau for reportedly planting the malicious software program in the seven Macau bank ATMs. This could came out as the quickest method to hack the cash machines. HACKING ATM MACHINES The two accused were arrested this week by the authorities in Macau, a Chinese territory approximately west of Hong Kong, but the two are from Ukraine and had successfully stolen almost $100,000 by corrupting more than seven ATMs with a computer virus. According to the authorities, the men allegedly used a green object device (as shown in the image) to carry out the money fraud. They first connected the device to a laptop and then inserted it in the card slot on the ATMs. The device used by the criminals resembles a circuit strip wider as credit card but much longer than it. After inserting the device physically into the ATMs card slot, the criminals successfully installed the malware that has ability to fetch customer’s credit card information, including PINs. Sources at the bank said once the device is inserted in the cash slot, it caused the malicious program running on the ATM machines to crash leaving the cash machine black. The machine would then restart, as soon as the device is removed. Now whosoever used the compromised ATM machine, became victim of the card fraud, as the hidden virus program started recording the cash card number, PINs and other information entered by customers. CONVERTING COLLECTED INFORMATION INTO CASH The suspects then returned to the ATMs after few days to gather the card information by using the same kind of green strips and then another special chip to destroy the evidence of the crime program. It is believed that the prisoner has accumulated at least 63 stolen card information. The skimmers then used this cash card information to clone the cash cards. They primarily used to “write” the stolen data obtained from the magnetic stripe on the back of a card onto a new blank card to develop a cloned cash card and once a card has been cloned it is recognized by machines as the original card. MALICIOUS USB ATTACK Using physical device on Banks ATMs is not something new that the criminals have adopted. At the beginning of the year, a team of researchers at the Chaos Computing Congress in Hamburg, Germany has presented that how skimmers have been targeting cash machines directly using infected USB sticks. BLUETOOTH ENABLED CREDIT CARD SKIMMERS Also, in January this year, we reported about the Credit Card fraud in which the criminals stole users' banking information using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. The skimming devices were internally installed in the gas station in such a way that it was undetectable to the people who paid at the pumps. CLONING CHIP-N-PIN PAYMENT CARDS After the largest data breach at the U.S. retailer Target, the payment card companies have become more serious in providing their users a secure credit and debit card. They also have launched Chip-n-PIN payment cards. But, Are they safe? Are they able to protect the financial information from payment card frauds? Simply No! We have reported in our previous articles about two critical vulnerabilities the security researchers found in the Chip-n-PIN smart card payment system that makes EVM vulnerable to “pre-play” attack and the vulnerability could be exploited by the cybercriminals to clone the credit and debit cards in such a manner that even bank procedures won’t differentiate between the legitimate and fraud transactions. Source
Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and others are leading people to malware that encrypts a computer's files until a ransom is paid, Cisco Systems has found. The finding comes shortly after technology companies and U.S. law enforcement banded together in a large operation to shut down a botnet that distributed online banking malware and so-called "ransomware," a highly profitable scam that has surged over the last year. Cisco's investigation unraveled a technically complex and highly effective way for infecting large number of computers with ransomware, which it described in detail on its blog. "It really is insidious," said Levi Gundert, a former Secret Service agent and now a technical lead for threat research and analysis at Cisco, in a phone interview Friday. Cisco has a product called Cloud Web Security (CWS) which monitors its customers web surfing and reports if they are browsing to suspected malicious domains. CWS monitors billions of web page requests a day, Gundert said. The company noticed that it was blocking requests to 90 domains, many of those WordPress sites, for more than 17 percent of its CWS customers, he said. Further investigation showed that many of the CWS users were ending up on those domains after viewing advertisements on high-traffic domains such as "apps.facebook.com," "awkwardfamilyphotos.com," "theguardian.co.uk" and "go.com," a Disney property, among many others. Certain advertisements that appeared on those domains, however, had been tampered with. If clicked, they redirected victims to one of the 90 domains. The style of attack, known as "malvertising," has long been a problem. Advertising networks have taken steps to try and detect malicious advertisements placed on their network, but the security checks aren't foolproof. Occasionally, bad advertisements slip in, which are shown on a vast array of websites that have signed up with the network or its affiliates. The websites where the ads appear are often unaware they're being abused. "It goes to show that malvertising is a real problem," Gundert said. "People expect when they go to a Tier 1 website that it is a trustworthy place to visit, but because there are so many third-party external links, that's not really true." The 90 domains the malicious advertisements pushed traffic to had also been hacked, Gundert said. In the case of the WordPress sites, it appears the attackers used brute-force attacks -- which involves guessing login credentials -- to access the site's control panels. Then, an exploit kit called Rig was inserted, which attacked the victim's computer, Gundert said. The Rig exploit kit, first spotted in April by Kahu Security, checks if users are running an unpatched version of Flash, Java or the Silverlight multimedia program. If someone's computer isn't patched, "you're instantly exploited," Gundert said. In the next stage of the attack, a ransomware program called "Cryptowall," a relative of the infamous Cryptolocker malware, is installed. It encrypts the user's files, demanding a ransom. In another sign of the operation's sophistication, the website where users can pay the ransom is a hidden website that uses The Onion Router, or the TOR network. To navigate to a TOR hidden website, a user must have TOR installed, which Cryptowall helpfully provides instructions for how to install. Those who delay paying the ransom find it increases as time passes. Because of the use of TOR and the technically complex attack chain, Cisco hasn't yet been able to identify a group behind the attacks. Gundert said it is likely that several groups or people with different skills -- such as malvertising, traffic redirection, exploit writing and ransomware campaigns -- are working together. "You could have a threat actor putting together all of these pieces on their own, but there are so many different specialties involved in this attack chain," he said. Source