Does your
organization use a data base on-line for information sharing or on-line order
taking through your web site or other external portal? A new variant of the now “classic”
CryptoLocker Trojan is now screwing with corporate on-line data bases. Hackers are infecting web sites that have
on-line data bases in an insidious new scheme to extort money from
companies. The short explanation of how
it is done is that the hackers embed an encryption module in your web site that
encrypts data as it is written to your data base and for a period of time the
program also de-crypts it for viewing to
mask the fact that they are slowly corrupting your data over a period of about
6 months. They do this long enough for
your backup system to build a history of encrypted data in your data base in your backups so that when
they pull the plug on the decryption module, you’re stuck with a corrupted data
base AND a corrupted backup so you can’t easily recover. In the past, your escape from a ransom attempt
was your ability to recover using your backed up data. They’re now trying to screw with that too!
Security
experts warn that this attack method could ensure denial of service on mission
critical web apps more effectively than a DDoS. Traditional back-ups won’t help
if typical retention intervals are used and it’s almost impossible, once
infected, to recover without paying the ransom.
This exploit
is still very new and there isn’t a clear direction yet on how to prevent
infection but some experts think that file integrity monitoring tools might at
least give you greater visibility into whether you’ve been infected. If nothing else, we suggest making sure that
your backup system has extended historical versioning that goes back at
least 6 months and preferably a year.
We’ll keep you posted on any new developments on this new exploit.
Here’s another chilling thought. While this is affecting on-line data bases only at present, it could be considered an early indicator that infecting internal data bases may be on the horizon for these hackers as they work out the details in this early “proof of concept” effort.
Here’s another chilling thought. While this is affecting on-line data bases only at present, it could be considered an early indicator that infecting internal data bases may be on the horizon for these hackers as they work out the details in this early “proof of concept” effort.
Apple iOS Now Targeted In Cyber Espionage Campaign
Kelly Jackson Higgins of Dark Reading reports – “Operation Pawn Storm, which has been tied to Russia by at least one security research firm, is using a specially crafted iOS app to surreptitiously steal from the mobile device text messages, contact lists, pictures, geo-location information, WiFi status of the device, lists of installed apps and processes -- and to record voice conversations, according to new Trend Micro research.
“The Cold War has returned in cyberspace, and Apple has become the gateway to western elites," says Tom Kellermann, chief cyber security officer with Trend Micro. "Pawn Storm has evolved to now incorporate proximity attacks against Western victims."”
Kelly Jackson Higgins of Dark Reading reports – “Operation Pawn Storm, which has been tied to Russia by at least one security research firm, is using a specially crafted iOS app to surreptitiously steal from the mobile device text messages, contact lists, pictures, geo-location information, WiFi status of the device, lists of installed apps and processes -- and to record voice conversations, according to new Trend Micro research.
“The Cold War has returned in cyberspace, and Apple has become the gateway to western elites," says Tom Kellermann, chief cyber security officer with Trend Micro. "Pawn Storm has evolved to now incorporate proximity attacks against Western victims."”
Trend Micro
researchers reported that they found two malicious iOS applications in
Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other
one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B).
You can read
the whole article here: (Click
here)
Another New Adobe Flash Zero-Day Exploit Used in Malvertising
Researchers
have discovered another new zero-day exploit in Adobe Flash used in
malvertisement attacks. The exploit affects the most recent version of Adobe
Flash. It appears to be executed
through the use of the Angler Exploit Kit.
This is not the first exploit of Flash player this month. Adobe has confirmed that this is a zero-day
exploit and a patch should be available this week.
There’s a new security update available for Google Chrome
Google has
released Chrome 40.0.2214.111 for Windows, Mac, and Linux to address multiple
vulnerabilities.
If you haven’t updated your Chrome browser lately, now is the time.
Follow-up on last week’s article about click-fraud entitled “Click-fraud malware benefits YouTube scammers
using your computer”
This week we had to
help 2 clients who were infected by this malware so it is real and it is active
in our area. If your browsing appears to
be sluggish, you may want to check for hidden browser sessions running behind
your active window that are busily clicking on videos or ads to run up “pay per
click” business activity outside of your view.
Thanks,
Jeff
Jeff Hoffman is a network security and information protection consultant with ACT Network Solutions. He can be reached at jhoffman@act4networks.com
No comments:
Post a Comment