Silobreaker Daily Cyber Digest – 9 March 2016
360 SkyEye Labs have announced the detection of OnionDog, an espionage APT that has been targeting the infrastructure, energy and transportation industries of Korean speaking countries for over three years.
OnionDog uses two methods to compromise targets. The first is a phishing email containing a malicious .HWP file – the format for Hanword/Hangul, a popular Korean Office-type program. The file contains an embedded trojan downloader that will trigger when the document is opened. The second method uses a USB worm and the ‘sneakernet’ to target isolated or air-gapped infrastructure systems.
OnionDog is believed to be well organised and exhibits strict and relatively clear naming conventions for files and pathing. The trojans used by the group have a lifecycle averaging 15 days, making them harder to detect by the organisations they target.
Point of Sale compromise at Rosen Hotels & Resorts
The company, which operates 6,300 rooms across seven properties, has discovered POS malware on its systems.
Card numbers, names, expiration dates and verification codes were all collected over the course of at least a year; the infection was only discovered in February 2016, when Rosen began hearing reports of card fraud from previous guests.
Home Depot offers to settle breach lawsuit
$19.5 million has been offered to those taking part in the class-action lawsuit; a response to the 2014 POS breach that compromised the credit card information of as many as 56 million Home Depot customers.
The retailer’s attackers used stolen third-party credentials to access network systems, before installing custom malware on self-service payment terminals. The hack was swiftly followed by numerous other breaches that year.
Home Depot maintains that its settlement offer is not an admission of liability.
The Silobreaker Team