Category: Cyber Threat

Cyber defence: We’ll hack back at attackers, says US

The military must be prepared to disrupt hacking attacks before they reach US computer networks, according to a new strategic vision from the Pentagon. The Department of Defence (DoD) has updated its cyber strategy for the first time since 2015, advocating a more aggressive approach than the previous document.

Perhaps most controversially, under the new strategy the US should be ready to “defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict”.

Read more about the more aggressive cyber strategy adopted by the US Department of Defence and the implications thereof, on ZDNet.

Account takeover attacks ramping up, leading to explosion of phishing

Account takeover attacks (ATO), in which a person’s credentials are stolen and used to send emails from their real account, often result in phishing attacks being sent from the victim’s account, according to a Barracuda Networks report. Out of the 60 total ATO incident recorded, 78% led to phishing emails, said the report.

Barracuda randomly selected 50 organizations to study from April to June 2018. The goal of the study was to analyze ATO attacks, which are much less likely to be blocked by security systems that filter for domain, sender, or IP reputation, said the report.

Read more about the findings of the new Barracuda report on TechRepublic.

3 Drivers Behind the Increasing Frequency of DDoS Attacks

According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year.

For those who experienced an attack, more than 40% lasted longer than 10 hours. This statistic correlates with ATLAS findings, which show there were 7.5 million DDoS attacks in 2017 — a rate, says Cisco, that is increasing at roughly the same rate as Internet traffic.

Read more about why DDoS attacks are on the rise on DarkReading.

Why voice fraud rates continue to rise with no signs of slowing down

Pindrop released its annual report detailing developments in fraud, the future of voice and the impact to customer service across various industries. In the report, Pindrop reveals the rate of voice fraud climbed over 350 percent from 2013 through 2017, with no signs of slowing down.

Additionally, between 2016 and 2017, overall voice channel fraud increased by 47 percent, or one in every 638 calls. The year-over-year increase can be attributed to several causes, including the development of new voice technology, the steady uptick in significant data breaches, and acts of fraud across multiple channels.

Read more about the findings of the Pindrop report on Help Net Security.

This Russian botnet mimics your click to prevent Android device factory resets

A new “swiss army knife” botnet originating from Russia has emerged in the Malware-as-a-Service (MaaS) arena, touting Android-based payloads to potential cybercriminal clients.

According to researchers from Check Point, the botnet has been developed by a group of Russian-speaking hackers known as “The Lucy Gang,” and demos have already been provided to potential subscribers to the system looking for MaaS solutions. Black Rose Lucy appears to be a specialist system for compromising devices operating on Google’s Android operating system.

Read more about the Russian botnet dubbed “Black Rose Lucy” on ZDNet.

AdGuard resets all user passwords after credential stuffing attack

AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, has reset all user passwords, the company’s CTO Andrey Meshkov announced. The company took this decision after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords. Meshkov said the attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies.

This type of attack –using leaked usernames and passwords to hack into accounts at other services– is known as credential stuffing. The AdGuard CTO said attackers were successful in their assault and gained access to some AdGuard accounts, used for storing ad blocker settings.

Read more about the AdGuard credential stuffing attack on ZDNet.

How credential stuffing contributed to 8.3B malicious botnet logins in early 2018

Nearly 300,000 malicious login attempts by one type of botnet occur every hour, according to a new Akamai report. The specific attack vector the study focuses on is credential stuffing, a cyberattack in which botnets try to log into a site and steal a person’s identity, information, or money.

Credential stuffing attacks have been on the rise this year, according to the report. Akamai found 8.3 billion malicious login attempts from bots between May and June 2018, a sharp increase from 6.4 billion in March and April 2018. The US, Russia, and Vietnam are the biggest sources of credential stuffing botnet attacks, said the report.

Read more about the findings of the Akamai report on TechRepublic.

Mirai Masterminds Helping FBI Snuff Out Cybercrime

The three masterminds behind Mirai – the infamous botnet known for taking down internet services in a 2016 DDoS attack – will work with the FBI in future cybercrime investigations as part of their sentencing for creating and operating the botnet.

The three hackers were sentenced Tuesday in Alaska, after each pleaded guilty to violating the Computer Fraud and Abuse Act in operating the Mirai botnet. As part of their sentencing, the Chief U.S. District judge mandated the three each serve a five-year probation – and part of that involves cooperating with the FBI on cybercrime and cybersecurity investigations.

Read more about this story on Threatpost.

Hackers swipe card numbers from local government payment portals

A previously unknown hacker group is behind a rising number of breaches that have been reported by local governments across the US. A new FireEye report reveals that this yet-to-be-identified hacker group has been breaking into Click2Gov servers and planting malware that stole payment card details.

Click2Gov is a popular self-hosted payments solution, a product of US software supplier Superion. It is sold primarily to US local governments, and is used to handle payments for utility bills, permits, fines, and more.

Read more about the Click2Gov hacks, the news of which follows the disclosure of a similar incident affecting the GovPayNow portal, on ZDNet.

Cryptojackers Grow Dramatically on Enterprise Networks

Cryptojacking — threat actors placing illicit cryptocurrency miners on a victim’s systems — is a growing threat to enterprise IT according to a just-released report from the Cyber Threat Alliance (CTA). CTA members have seen miner detections increase 459% from 2017 through 2018 and there’s no sign that the rate of infection is slowing.

The joint paper, written with contributions from a number of CTA members (including Cisco Talos, Fortinet, McAfee, Rapid7, NTT Security, Sophos, and Palo Alto Networks), points out that there is little unique in the methods cryptojackers use to infect their victims; defending against cryptojackers is identical in almost every respect to defending against other threats.

Read more about the findings of the new report on DarkReading.