Page 4 of 6 FirstFirst ... 23456 LastLast
Results 61 to 80 of 112

Thread: Malware & other nasty IT / cyber things

  1. #61
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    http://www.reuters.com/article/us-ru..._medium=Social

    Technology News | Mon May 22, 2017 | 5:00am EDT

    Exclusive: Hackers hit Russian bank customers, planned international cyber raids


    Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters.
    Their campaign raised a relatively small sum by cyber-crime standards - more than 50 million roubles ($892,000) - but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations.

    "Cron's success was due to two main factors," Volkov said. "First, the large-scale use of partner programs to distribute the malware in different ways. Second, the automation of many (mobile) functions which allowed them to carry out the thefts without direct involvement."
    Last edited by davidbfpo; 06-16-2017 at 09:12 AM. Reason: Quote rduced due to ToR

  2. #62
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    Patriarch of Russian Orthodox church making sure that the Ministry of Internal Affairs computers won't get affected by WannaCry virus attack
    Russia suffered the highest number of registered WannaCry attacks globally and now suddenly they did not.....

    Deputy secretary for Russia's National Security Council says WannaCry ransomware caused minimal damage in Russia.

    That is not the story carried by their state media in the first days of the attack....

    Over 100K computers got hit....as Russian runs largely illegal MS XP copies ......and illegal copies of MS Server 2003....

  3. #63
    Council Member
    Join Date
    Dec 2009
    Posts
    115

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    Russia suffered the highest number of registered WannaCry attacks globally and now suddenly they did not.....

    Deputy secretary for Russia's National Security Council says WannaCry ransomware caused minimal damage in Russia.

    That is not the story carried by their state media in the first days of the attack....

    Over 100K computers got hit....as Russian runs largely illegal MS XP copies ......and illegal copies of MS Server 2003....
    Average Russian OS's are XP and MS Server 03?

    That's crazy.

    I think I also read that Russian banks only invest a fraction of that spent by major US/Western banks on IT/Cyber security.

    Is the Russian banking sector seriously vulnerable to a non attributable proxy attack campaign?

  4. #64
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by flagg View Post
    Average Russian OS's are XP and MS Server 03?

    That's crazy.

    I think I also read that Russian banks only invest a fraction of that spent by major US/Western banks on IT/Cyber security.

    Is the Russian banking sector seriously vulnerable to a non attributable proxy attack campaign?
    Answer to the question is...yes they are example..Morgan Stanley invested over 600M USDs in IT security in 2016 for their global network........

    Entire Russian banking system 25M USDs.....

    BTW...a lot of MS W7 was hit inside Russia......
    Last edited by OUTLAW 09; 05-23-2017 at 03:41 PM.

  5. #65
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware.

    The security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular WannaCry ransomware.
    Stampar#discovered the EternalRocks after it infected his SMB honeypot, he called the malware ‘DoomsDayWorm.’

    Stampar#discovered that the EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks.

    The researcher decompiled an older sample (start of May) of EternalRocks and published it on Github.

    Unlike the WannaCry Ransomware that leverages the two NSA hacking tools EternalBlue and DoublePulsar, EternalRocks exploits seven exploits leaked by Shadow Brokers and its code doesn’t include a kill-switch.

    EternalRockswas developed to avoid detection and to remain undetectable on the target system, it uses the following NSA exploits:

    EternalBlue — SMBv1 exploit tool
    EternalRomance — SMBv1 exploit tool
    EternalChampion — SMBv2 exploit tool
    EternalSynergy — SMBv3 exploit tool
    SMBTouch — SMB reconnaissance tool
    ArchTouch — SMB reconnaissance tool
    DoublePulsar — Backdoor Trojan

    EternalRocks downloads all the above SMB exploits to the infected computer, then it scans the internet for open SMB ports on other systems to compromise.

    Miroslav Stampar @stamparm
    Info on (new) EternalRocks worm can be found on
    https://github.com/stamparm/EternalRocks/#
    …. Will keep it updated, along with @_jsoo_

    Update on #EternalRocks. Original name is actually "MicroBotMassiveNet" while author's nick is "tmc" https://github.com/stamparm/EternalR...trings#…

    If I will be asked to choose a name, let it be a DoomsDayWorm c52f20a854efb013a0a1248fd84aaa95

    P.S. there is no kill-switch. Everything goes through Tor. Initial infection by MS17-010 drops Tor binaries for further communication

    Somebody actually used complete Shadowbrokers dump (SMB part) and made a worm out of it. Uses WannaCry names (taskhost/svchost) to distract

    Seems to be just spreading at the moment and getting further commands from C&C

    Whole EternalRocks campaign (first and second stage malware) uses Mutex: {8F6F00C4-B901-45fd-08CF-72FDEFF}
    Last edited by davidbfpo; 06-16-2017 at 09:22 AM. Reason: Edited quote to fit ToR

  6. #66
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    URGENTLY IMPORTANT

    It is just a matter of time until common malware through phishing bad guys will incorporate SMB exploits for synergistic attack.

    Then, we all die.........

  7. #67
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    WARNING to US Military and SWJ commenters and readers.....

    Kremlin troll @Noclador
    was right @hardhouz13
    Attached Images
    Attached Images Attached Images

  8. #68
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Recent on BRZbank hack. Bank hasn't owned up. Incl US accts. Never "exploited [on] such a big scale."Hacked 10/22/16 https://www.wired.com/2017/04/hacker...e-operation/#…

  9. #69
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    The economic impact of cybercrime will reach $8 Trillion by 2022

    According to a report published by Juniper Research, the economic impact of cybercrime is expected to reach $8 trillion price tag over the next five years. According to a report published by Juniper Research, the number of data records that will be compromised...

    We are only 5 years away from achieving this......

  10. #70
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Vault7: CIA Pandemic implant turns file servers into malware infectors

    Wikileaks released a new lot of documents belonging to the Vault7 dump that details the CIA project codenamed 'Pandemic implant' Wikileaks released a new batch of documents belonging to the#Vault7 archive related to#the CIA project codenamed 'Pandemic.'

    https://twitter.com/wikileaks/status/870332839270780928
    Attached Images Attached Images

  11. #71
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    13,352

    Default Moderator Warning

    There are a number of posts here and on other threads which: a) have quoted text in excess of the 'Fair Use' principle, which opinion suggests 400-600 words can be cited; b) lack any citation to their origin / source.

    The Forum relies on the guidance from Stanford University Libraries via:http://fairuse.stanford.edu/

    It refers to 'Fair Use' as:
    The less you take, the more likely that your copying will be excused as a fair use.
    Within:http://fairuse.stanford.edu/overview.../four-factors/

    SWJ has had encounters with copyright before and it is an area we wish to steer clear of - for very simple reasons.

    If the recent posts can have attribution they will have to be deleted, please update them or send them via a PM with the Post Number to me.

    Updated 16th June 2017: ten posts deleted which lack any cited source after no response from author.
    Last edited by davidbfpo; 06-16-2017 at 09:26 AM. Reason: Added update
    davidbfpo

  12. #72
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware.



    Miroslav Stampar @stamparm
    Just captured 406ac1595991ea7ca97bc908a6538131 and 5c9f450f2488140c21b6a0bd37db6a40 in MS17-010 honeypot. MSIL/.NET #WannaCry copycat(s)

    Miroslav Stampar @stamparm
    Info on (new) EternalRocks worm can be found on
    https://github.com/stamparm/EternalRocks/#
    …. Will keep it updated, along with @_jsoo_

    Update on #EternalRocks. Original name is actually "MicroBotMassiveNet" while author's nick is "tmc" https://github.com/stamparm/EternalR...trings#…

    If I will be asked to choose a name, let it be a DoomsDayWorm c52f20a854efb013a0a1248fd84aaa95

    P.S. there is no kill-switch. Everything goes through Tor. Initial infection by MS17-010 drops Tor binaries for further communication

    Somebody actually used complete Shadowbrokers dump (SMB part) and made a worm out of it. Uses WannaCry names (taskhost/svchost) to distract

    Seems to be just spreading at the moment and getting further commands from C&C

    Whole EternalRocks campaign (first and second stage malware) uses Mutex: {8F6F00C4-B901-45fd-08CF-72FDEFF}
    http://securityaffairs.co/wordpress/
    Who then rewrote the researchers published in public domain notes....
    #
    Last edited by OUTLAW 09; 06-12-2017 at 01:32 PM.

  13. #73
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    At least 3 different groups have been leveraging the NSA EternalBlue exploit weeks before the WannaCry attacks, here’s the evidence.
    http://securityaffairs.co/wordpress/
    Who then rewrote the researchers published in public domain notes....
    #
    Last edited by OUTLAW 09; 06-12-2017 at 01:32 PM.

  14. #74
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    Experts killed tens of thousands of subdomains used by crooks to host the RIG Exploit Kit that were set up with a domain shadowing campaign.

    http://securityaffairs.co/wordpress/

    Who then rewrote the researchers published in public domain notes....

  15. #75
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    It's just getting a bit worse every day... New @wikileaks documents reveal how the CIA is hacking into your router
    https://www.wired.com/story/wikileaks-cia-router-hack/#

    BTW...routers were never ever that secure......to begin with...

  16. #76
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Ether Thief Remains Mystery Year After $55 Million Digital Heist
    https://www.bloomberg.com/features/2...-ether-thief/#

    Well worth reading as a number of malware and or other exploits result actually from poorly written code....and or IEEE issues not recognized by computer engineers...

  17. #77
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    US-CERT‏#@USCERT_gov 13. Juni

    TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
    http://bit.ly/2sxPRAT

  18. #78
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    The 3 Biggest Lies About the Internet of Things https://safeandsavvy.f-secure.com/20...t-of-things/#…

  19. #79
    Council Member
    Join Date
    Dec 2009
    Posts
    115

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    The 3 Biggest Lies About the Internet of Things https://safeandsavvy.f-secure.com/20...t-of-things/#…
    Talking to a couple cyber security SMEs recently it would appear one of the biggest threats are high volume, low cost IoT devices like IP security cameras that have very short product development and sales life cycles(measured in months rather than years).

    Lots of persistent vulnerabilities in cheap IoT hardware's firmware that can result in very large and easy to build attack arrays.

    Moore's Law combined with commercial market forces means that this environment of large volume vulnerabilities occurring with each cheap IoT device generation is unlikely to be mitigated without intervention.

    I would suspect that some form of intervention will be required, possibly along the lines of public/private partnership such as certification.

    CE or UL are symbols used to identify compliant appliances for categories like electrical/fire safety.

    I suspect we will need some form of IoT device compliance through certification or litigation.

    Or in emergencies, the ability to remotely identify, locate, and negate them.

    Ralph Nader's "Unsafe at any speed" but instead of targeting the Corvair and greater car industry in terms of safety standards and features, but for the IoT age.

    This is not an original thought as I found it elsewhere first, but there's also the potential for some jurisdictions to "conscript" devices.

    We have moved beyond conscripting humans to work on behalf of sovereign government in most instances, but our devices being conscripted is an entirely different story and not beyond the realm of believability to preempt a crisis and enhance national resilience.

  20. #80
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Cited in part:
    Quote Originally Posted by flagg View Post
    Talking to a couple cyber security SMEs recently it would appear one of the biggest threats are high volume, low cost IoT devices like IP security cameras that have very short product development and sales life cycles(measured in months rather than years).
    This IMHO is one of the most serious points of internet security that urgently needs an answer as it is virtually impossible to constantly update all the various built-in firmware issues for literally thousands of IoTs...down to your for IoT enabled refrigerator.....or TV or baby monitoring device....
    Last edited by davidbfpo; 06-19-2017 at 08:40 AM. Reason: brevity

Similar Threads

  1. Russo-Ukraine War 2016 (April-June)
    By davidbfpo in forum Europe
    Replies: 1088
    Last Post: 07-01-2016, 08:44 PM
  2. Leadership of Cyber Warriors: Enduring Principles and New Directions
    By SWJ Blog in forum Media, Information & Cyber Warriors
    Replies: 0
    Last Post: 07-11-2011, 02:41 PM
  3. USAF Cyber Command (catch all)
    By selil in forum Media, Information & Cyber Warriors
    Replies: 150
    Last Post: 03-15-2011, 09:50 PM
  4. Replies: 51
    Last Post: 01-08-2011, 07:42 PM
  5. Question 5: Cyber space (oh you know I had to ask at least one of these)
    By selil in forum TRADOC Senior Leaders Conference
    Replies: 7
    Last Post: 08-14-2009, 03:27 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •