Newly-discovered Trojan uses unsuspecting Android device users as tools to redirect traffic from WiFi-connected devices to websites controlled by the attackers Kaspersky Lab experts have uncovered a remarkable evolution in Android OS malware: the Switcher Trojan. It treats unsuspecting Android device users as tools to infect Wi-Fi routers, changing the routers’ DNS settings and redirecting traffic from devices connected to the network to websites controlled by the attackers, leaving users vulnerable to phishing, malware and adware attacks and more. The attackers claim to have successfully infiltrated 1,280 wireless networks so far, mainly in China. Domain Name Servers (DNS) turn a…
ISBuzz Team
Several States across the nation are reviewing Cyber Security for Critical Infrastructure after the Burlington Electric Department found a laptop containing the Grizzly Steppe malware some attribute to Russian Hackers. It security experts from Tripwire and Plixer commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “The Department of Homeland Security (DHS) report included ‘indicators of compromise’ specifically to allow other organizations to identify this malware and similar malicious activity. States and other organizations should use the indicators released by DHS to search their systems for evidence of the Grizzly Steppe malware.Malware is meant to be…
New research highlights opportunity for hackers to exploit employee trust Office workers are putting organisations at risk by being overly trusting of online scammers, according to new research from global security software firm, Avecto. After questioning 1,000 people whose jobs require them to use the internet on a daily basis, the company revealed 65% of workers would be wary of clicking a link in an email from an unknown sender. However, if that email appeared to be from a colleague, supplier, or friend over 68% would have no concerns about downloading content or clicking on links. This highlights a security…
In a new blog post, Imperva researchers reveal they mitigated one of the largest DDoS attacks ever seen, which reached a huge 650 Gbps and had absolutely nothing to do with the Mirai malware. As we enter 2017, it’s natural to contemplate the future and look for signs of things to come. Sometimes, however, you don’t have to search too hard. Sometimes, these “signs” hit you like a ton of bricks. This is how it was for Imperva when, just ten days before the year’s end, they found themselves mitigating a 650 Gbps (Gigabit per second) DDoS attack—the largest on record…
In a new blog post researchers from Proofpoint have tracked a phishing campaign leveraging the concept of “Twitter Brand Verification”. Because the actors in this case are relying on paid, targeted ads on Twitter, users don’t need to do anything to see the phishing link. Attackers are increasing the sophistication of social engineering approaches and extending them across social channels. Users and brands need to be increasingly savvy to avoid getting snared by ads, accounts, and messages that initially look legitimate. While this attack was observed on Twitter, such a scam could be implemented on any social media platform that implements…
Scammers are increasing the number of calls where they claim ‘our records show you’ve been in a car accident’, according to call-blocking and caller ID Company, Hiya. These types of calls were the most reported scams of 2016, says Hiya, closely followed by PPI calls, and calls claiming you’ve won a prize. The car accident scam peaked in October – the worst month of the year for mobile phone scams overall – with growth of 84% in the period January to November. PPI scam claims peaked in November and saw an 81% growth over the year. The UK leads Europe…
What is the Most Underestimated IT Security Threat for 2017, and Why? “IoT will become another ‘shadow IT’ headache” IoT and firmware exploits will prove to be highly effective against both consumers and organizations. DDoS attacks such as the Mirai powered attack on Dyn and Krebbs will continue to plague organizations, but the attacks will become more intelligent and focused, successfully executing data theft and escalation of privilege of enterprise systems. IoT systems lack many of the protections that are commonly found in data center and Commercial Off-the-Shelf (COTS) systems. The systems are often low powered, meaning that advanced encryption…
An increase in hybrid attacks A hybrid cyberattack involves more than just a single threat vector. For example, it can include deceptive email to deliver malware, and then DDoS to complicate recovery from a malware attack. This type of attack enables online criminals to carry out their crimes and then hide their tracks. We’ve seen this type of attack used within the last year on multiple occasions, including the attacks on the Ukranian power grid and Bangladesh Bank. These types of hybrid attacks are now ‘trickling down’ and we expect to see them used much more often by cybercriminals for…
Insider threats and the danger they pose are both extremely publicized and well covered topics. Apart from the famous NSA leak by Edward Snowden, there are also strong rumors that several high profile data breaches and leaks of the past couple of years have involved malicious insiders (Ashley Madison and Mossack Fonseca, to name a few cases). Logic dictates that all of this awareness should translate into actions. And while cyber security software companies keep creating new solutions and cyber security providers keep developing best practices to effectively combat such threats, companies are not in a hurry to adopt these…
In a new blog post, Imperva researchers reveal they mitigated one of the largest DDoS attacks ever seen, which reached a huge 650 Gbps and had absolutely nothing to do with the Mirai malware. As the end of the year approaches, it’s natural to contemplate the future and look for signs of things to come. Sometimes, however, you don’t have to search too hard. Sometimes, these “signs” hit you like a ton of bricks. This is how it was for Imperva when, just ten days before the year’s end, they found themselves mitigating a 650 Gbps (Gigabit per second) DDoS attack—the…