Silobreaker Daily Cyber Digest – 7 February 2017
Android Ransomware deploys dropper
The Android ransomware LockDroid is being used as the payload on rooted Android devices, utilising a dropper component to scan for rooted devices and achieve infection. Whilst the use of a dropper is a common feature among desktop malware, it is rarely observed in mobile ransomware families. The malware that is used to drop LockDroid is spread through third party apps, and has also been identified lurking on certain forums. More information.
76 Apple apps vulnerable to man-in-the-middle attacks
Researchers at Sudo Security Group have discovered that 76 iPhone apps are vulnerable to man-in-the-middle attacks, and the affected apps have been downloaded over 18 million times. 19 of the applications are deemed to be at high risk, which represents a ‘confirmed ability’ to have financial or medical data intercepted, and session authentication tokens logged. Several of the ‘low risk’ apps were named, including UConnect Access and Cheetah Browser, which leave partially sensitive data such as email addresses vulnerable. These vulnerabilities exist within the app development, meaning it is the app creators, not Apple, who must issue updates. More information.
Leaks and Breaches
Polish Banks Infected with Malware from Financial Supervision Authority site
Kurdish hacker targets Irish organisations
A Kurdish hacker dubbed MuhmadEmad is believed to have carried out several cyber-attacks against the websites of Irish entities, including the National Treasury Management Agency. Emad exploited a vulnerability in the WordPress web publishing system, using it to display the message “Long Live Peshmerga”. It is also suspected that the same hacker targeted other European websites in the past few days, including that of tech website ZDnet. More information.
Cellebrite data leaked online
The hacker believed to be behind last month’s breach of Cellebrite– an Israeli company specialising in extracting data from mobile phones for law enforcement agencies- has released what he claims is 900GB of data stolen from the company. The data reportedly includes files with phone hacking tools for Android and BlackBerry, as well as older Apple devices. The hacker claims to have obtained the data from a remote Cellebrite server, extracting the files from UFED images. More information.
Austrian Parliament website taken down but no data is lost
On Sunday, the website of the Austrian Parliament was taken down for 20 mins via a DDoS attack. A similar attack was seen in November of last year targeted against the Foreign Affairs and Defence Ministry websites as well as the European Commission’s network. No one has yet claimed responsibility for the attack. More information.
Former contractor may have stolen 75 percent of TAOs hacker tools
New information has emerged regarding the charges against Harold T. Martin, a former NSA contractor accused of stealing 50 terabytes of data from the agency. According to the Washington Post, included in the theft was more than 75% of the hacking tools belonging to the Tailored Access Operations (TAO). More information.
The Silobreaker Team
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.