Silobreaker Daily Cyber Digest – 8 March 2016
JRE meets malware
The Java Runtime Environment and Virtual Machine were created with interoperability in mind; they can compile and run programs on any operating system as long as the JRE is installed. It’s not suprising, then, that malware authors have begun to exploit Java to create cross-platform threats.
Currently the threats are simple droppers – programs intended to avoid antivirus and gain a foothold on machines before downloading a malicious payload. Kaspersky has started to detect these JAR (Java archive) droppers emanating from Brazil, where hacking groups are known to compete with their Russian colleagues for new ways to compromise systems.
We can be sure that droppers are just the start, and that true cross-platform malware is in the works. With JRE installed on an estimated 70-80% of computers worldwide, there are certainly enough targets.
21st Century Oncology Breach
21st Century Oncology has released a statement notifying patients that a database breach took place on October 3rd 2015.
On the advice of the FBI, the company has waited until now to report the leak, which may have included patient names and social security numbers, as well as diagnosis, treatment and insurance information.
North Korean spyware
South Korea’s National Intelligence Service (NIS) claims that North Korea has infected the phones of high ranking South Korean officials with malware.
NIS reports that one in every five phones they examined was infected, and that attackers had access to phone conversations and text messages. NIS also confirmed that North Korea had compromised the systems of a major South Korean provider of financial security software.
Pawn Storm target Turkey
Pawn Storm, the infamous cyber espionage group, have begun concerted attacks against a variety of Turkish government and military targets over the last two months. Also known as APT28, the group are incredibly well funded and tend to pursue a highly sophisticated and politicised agenda. Most commentators believe them to have very close ties with the Russian state, and that these attacks are in response to recent geo-political and diplomatic disputes between Turkey and Russia.
In the last six weeks Pawn Storm have set up a number of fake Outlook Web Access (OWA) servers, targeting major newspaper Hürriyet, the office of the Prime Minister and the country’s Grand National Assembly. This style of phishing attack is inexpensive, yet has the potential to steal large quantities of sensitive information, especially when focusing on politically influential targets.
Twitter blocking #OPISIS?
Hacktivists that have been targeting pro-Islamic State social media accounts are in uproar after Twitter’s new anti-harassment protocols resulted in their accounts being blocked.
Twitter has been under pressure recently to do more to prevent its service being used to propagate terrorist propaganda, and as a result began to suspend accounts engaged in activity related to IS. Hacktivists however claim that many of the 125,000 suspended accounts were their own, and they unfairly targeted due to the activities of OpISIS.
OpISIS is the Anonymous hacktivist operation that seeks to expose and disrupt the propaganda spread by IS supporters via Twitter. Senior members of the campaign have demanded Twitter reinstate their accounts, warning that if their activities ceased “Twitter would be flooded with terrorists.”
The Silobreaker Team