Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. The implant, named Skygofree includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators. Skygofree, named after one of the domains used in the campaign, is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device. It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop…
ISBuzz Team
Following the news of Mirai Okiru: the new DDoS botnet that’s targeting ARC-based IoT devices. Mike Schuricht, VP of Products at Bitglass commented below. Mike Schuricht, VP of Products at Bitglass: “This new botnet, as with the recent Spectre bug, demonstrates the challenges with securing low-level hardware and the threat posed by uncontrolled endpoints. Where endpoints are vulnerable, sensitive corporate data is also at risk. Organizations can do little to prevent these attacks, but can take steps to encrypt, track, and protect data when it flows to any endpoint, managed or unmanaged.”
Following the news that fake Metldown and Spectre patches have been discovered, Gary Cox, Technology Director for Western Europe at Infoblox commented below. Gary Cox, Technology Director for Western Europe at Infoblox: “This is an illustration of a particularly alarming form of malware, used to deliver payloads behind the firewalls of the victim’s company or service provider. From here, the malware can spread to other devices, and can use the internet to communicate with its command and control (C&C) server from which it is able to download further malicious software or exfiltrate data. In most cases, the communication between device and C&C…
Given the waves of new connected devices that debuted at CES last week, cybersecurity experts with Corero expect to see in 2018 is a sharp uptick in a specific type of cyberattack that takes advantage of non-secured IoT devices, hijacking them for botnet attacks, the ” Distributed Denial of Service attack (DDoS). Stephanie Weagle, Vice President, Corero Network Security: “As the debut of ‘connected everything’ at CES shows, we’re now more connected than ever – perhaps perilously so, and the implications reach deeply, and not surprisingly, into the enterprise. “A tidal wave of connected smart home devices and low-cost Internet connected gifts, both from trusted…
Check Point’s latest Global Threat Index reveals the rise of crypto-mining malware targeting enterprises SAN CARLOS, CA – Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber-security solutions globally, has revealed a steep rise in crypto-mining malware during December 2017. Check Point’s researchers found that cryptominers had impacted 55% of organizations globally during December, with ten different variants in the top 100 list of malware, and two variants in the top three. Using crypto-miners, cybercriminals hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency. Furthermore, Check Point found that cryptocurrency miners have intentionally been injected into some top…
With the overnight news on hackers stealing $400,000 (£290,000) of crypto-currency, IT security experts commented below. David Kennerley, Director of Threat Research at Webroot: “This latest crypto-currency hack shows how virtual currency has become a new business model for cyber criminals. We’re still exploring the blockchain space and wallet security is more important than ever. The multi-sig wallets in question are popular among companies because they have multiple key-holders and require a majority to sign off on transactions, making it trickier for fraudulent payments to be made. With more and more coins are appearing and alternative uses for blockchain being discovered it’s…
Following the news that Xcel and other utility companies increase security operations to guard against cyberattacks by hiring more highly trained security analysts, Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “In light of increasing cyberthreats on critical infrastructure, the decision of utility companies to increase cyber security through employing more security experts indicates that power companies are taking the rising threat seriously. Indeed, monitoring for cyber threats within utilities is prudent and thankfully new advances in technology, can help ensure infections don’t affect system operations. The advent of real-time ICS monitoring, process anomaly and intrusion detection, combined with tools…
Hancock Regional Hospital in Indiana has been forced to operate with pen and paper after a ransomware attack on Friday. IT security experts commented below. Joseph Carson, Chief Security Scientist at Thycotic: “Sometimes a simple click on a harmless looking email could bring critical systems to a standstill and doctors staring at blank screens. Hospitals are exposed to ransomware and need to seriously consider the consequences of not prioritising cybersecurity effectively. Hospital’s face the challenge of deciding whether to upgrade systems to the latest version of the patched software or more doctors and nurses, this is the crucial decision that the leaders must decide.…
Researchers have discovered vulnerabilities in messaging apps (for example WhatsApp) that allow intruders to infiltrate private group chats. Victor Chebyshev, security researcher at Kaspersky Lab commented below. Victor Chebyshev, Security Researcher at Kaspersky Lab: “Vulnerabilities have been found in the infrastructure of messenger services such as WhatsApp, Signal, and Threema, providing intruders with an opportunity to add new members to group chats without this being immediately apparent to other members. Thus, messages sent by other group members as well as their personal information (names and phone numbers) might leak to intruders. Exploitation of these security flaws can represent a serious threat, especially to those…
Let’s Encrypt has had to disable a vulnerability that allowed hackers to get certificates – the digital identities that every website relies on for authenticity – for domains they don’t own. Certificates can be a powerful weapon in the wrong hands – and while Let’s Encrypt has provided a short-term fix, it’s only expected to be a stopgap measure until proper mitigations are in place. More detail is available here and Hari Nair, Director of Cryptographic Research at Venafi commented below. Hari Nair, Director of Cryptographic Research at Venafi: “Let’s be clear — this is really about weak security practices by some hosting providers.…
