A modern day Trojan could defeat your Troy
Updated: Aug 10, 2018
This week there were a few troubling breaches that stood out, especially the identity theft company LifeLock. When a company deals with sensitive information like the data LifeLock stores, customer trust is paramount…. so, when a breach occurs it really makes one reevaluate the effectiveness of the organization. A U.S. bank was also breached, with customer accounts drained at hundreds of ATMs across the country: a clear sign of a highly organized and effective attack. Cyber Criminals are becoming smarter and getting better at attacking organisations, and the barrier to entry into this career of crime is getting lower and easier.
Highlights For this week include:
1. Banking Trojan. - Life Unlocked!
2. Cyber Bank Heist.
3. Huge Supply Chain Breach!
In Other News:
This Trojan is Galloping
The increasing popularity of ‘malware as a service,’ which is pre-packaged malware, developed by authors with technical skill and leased to less advanced cybercriminals, has made it easier for cybercriminals to launch advanced attacks on victims across the globe. A top-shelf malware as a service, known as Exobot , has had its code leaked after the author of the malware sold the banking trojan’s source code to interested parties.
Once the source code is sold to enough people, eventually someone posts it publicly or it leaks in other ways. Authors of these ‘service’ malware rarely sell off the source code, that is unless they are finished with the project and moving on to other things.
This is concerning in multiple ways, first being that a new more powerful malware may be in the works by the same author, second being that the sophisticated Android banking trojan is now becoming more available to cyber criminals. Researchers fear that the availability of the source code on underground hacking forums and its inevitable spread across the web will trigger a surge of malicious Android applications. History lends to this conclusion, as the leak of Android banking trojan ‘BankBot’ on the web lowered the barrier of entry into the world of malware and resulted in an explosion of the use of the trojan.
The Best Test to Fail
Penetration testers are useful for assessing the strength and weaknesses in the cybersecurity of an organization, and according to new research these testers are mostly successful. Penetration testers can gain control over the network in question 67% of the time. The study in question was conducted by Rapid7 and examined organizations across industries and sizes, providing a supple sample size for finding two main points of vulnerabilities. The main vulnerabilities proved to be software and credentials. Software has increasingly been used to infiltrate networked resources, and credentials (Usernames & Passwords) have always been a route of entry for cyber criminals. Only 16% of the organisations examined did not have a vulnerability, which is less than last year’s study, where 32% were vulnerability-free.
Aren’t Afraid of No PowerGhost
There is a new cryptocurrency mining malware out in the wild, and instead of using an individual’s devices, this malware has been targeting business PCs and servers. The cryptojacker is fileless, utilising PowerShell and EternalBlue to spread through a business like a disease. PowerGhost is what researchers have begun calling the malware, and it can start on a single system and then spread to other organizations. As of the writing of This Week in Breach, South America is mainly affected by the cryptojacker, but PowerGhost also has a presence in North America and Europe.
Threat Focus - GM, Toyota, Tesla, More – Exposed by Level One Robotics - CANADA
Exploit: Unprotected server/supply chain vulnerability.
Risk to Small Business: Extreme: A breach of this magnitude and depth would more than likely end a small business due to the extremely sensitive information that was leaked. Most companies would not choose to do business with an organization that leaked their trade secrets.
Individual Risk: Extreme: Passport photos and driver’s license scans of some employees were leaked, which puts them at extreme risk for identity theft.
Level One Robotics: Ontario-based business that provides industrial automation services for automotive suppliers.
Date Occurred/Discovered: July 10, 2018 Date Disclosed: July 23, 2018
Blueprints; Factory schematics; Robotic configurations; Non-disclosure agreements; Employee data; Names; ID numbers; Driver’s license scans, Passport scans; ID photos; Invoices; Contracts; Price; Negotiations; Insurance policies; Customer agreements; Banking information for the company; Account; Routing numbers; SWIFT codes.
Customers Impacted: Over 100 manufacturing companies.
Threat Focus - LifeLock - USA
Exploit: Lack of website authentication and security.
Risk to Small Business: High: Email addresses were exposed, which allows bad actors to target customers. The exploit also allowed a hacker to unsubscribe from all communication with the company, which could be devastating to small businesses.
Individual Risk: Low: Due diligence with opening phishy emails and being suspect of unexpected emails will go a long way to combat this breach.
LifeLock: Identity theft protection company.
Date Occurred/Discovered: July 2018 Date Disclosed: July 25, 2018
• Email addresses
Customers Impacted: 4.5 Million.
Threat Focus - The National Bank of Blacksburg - USA
Risk to Small Business: High: The cybercriminals got away with a great deal of money in this hack. Most small businesses would not be able to stay afloat after a hit like the one detailed here.
Individual Risk: Extreme: The money taken was from customer accounts.
The National Bank of Blacksburg: A banking organisation located in Virginia.
Date Occurred/Discovered: May 2016 and January 2017 Date Disclosed: Not disclosed, but discovered when a lawsuit was filed June 28, 2018
• Was able to disable anti-theft systems
• $1,833,984 USD
Customers Impacted: Hundreds of customers’ accounts were used to steal money from the bank.
Threat Focus – COSCO - USA
Risk to Small Business: High: The Company’s email is down, forcing employees to use Yahoo mail to communicate with customers as well as internally.
Individual Risk: Low: Customers of the shipping company are not affected due to the continuing operation of the company, but it may be more difficult to coordinate with them. COSCO: COSCO is an acronym for China Ocean Shipping Company and is a Chinese state-owned shipping services company. It is the 4th largest shipping company in the world.
Date Occurred/Discovered: July 24, 2018 Date Disclosed: July 25, 2018
Data Compromised: A ransomware attack has taken down their American network. The organization is keeping the breach under wraps, for now, so most details are not disclosed.
Customers Impacted: All the organization’s customers are affected by this attack. The difficulty in contacting the company could disrupt its customers’ business.
Threat Focus – Blue Spring Family Care - USA
Risk to Small Business: High: Ransomware would be highly disruptive to any sized business.
Individual Risk: Moderate: There is no indication that any customer’s data was exfiltrated.
Blue Spring Family Care: Family healthcare provider.
Date Occurred/Discovered: May 12, 2018 Date Disclosed: July 26, 2018
Data Compromised: Ransomware attack encrypted the organization’s data. The extent of the attack is not clearly defined.
Customers Impacted: 44,979
WARNING IF YOUR BUSINESS RELIES ON A SUPPLY CHAIN:
Supply chain attacks are extremely prevalent and costly, and most organisations are not prepared for them. A recent study found that less than 40% of organizations in the US, UK and Singapore have properly vetted their suppliers in the last year. Two-thirds of organizations have suffered a supply chain breach within the same time-frame, and almost three quarters (71%) don’t require the same level of security from their suppliers as they do internally. With the global average cost of a supply chain breach at $1.1 million, do you want to take those odds?
Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING
Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication for general information only and has compiled the content from number of sources believed to be reliable. No warranty, implied or otherwise, is given as to its accuracy or fitness for use, no validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.