CyberSecurity Pulse 2016-09-15
|“It’s easier to fool people than to convince them that they have been fooled.”|
The World Anti Doping Agency Is Again in the Spotlight
In middle August 2016, a hacktivist group leaked, apart from more than 537 MB in 62 files, the email and personal data of the Russian athlete in an incident that we have already discussed in this section. The information exposed was relevant for Yuliya taking into accoutn that the affected platform stores the current location of the athlete to fasten the conduct of doping controls. In August 19, Threat Connect reported that it had recorded a running spear phishing campaign against WADA stakeholders with the aim of harvesting credentials in the framework of different operations taken against the domain tas-cas.org.
This week, the group Fancy Bear Hack Team has released of a number of personal documents linked to different renowned athletes like Venus and Serena Williams sisters on September 13 and cyclists Chris Froome and Bradley Wiggins on September 15. The leaked documents include personal information and certificates of exemption of certain therapeutic drugs that otherwise would be positive in doping controls. You can visit ElevenPaths blog so as to check the technical analysis performed by our analists team about this information leak.
ISPs in UK Concerned about Government Surveillance
According to a report released by the UK Internet Services Providers Association (ISPA), the most common concern among companies is that government surveillance will weaken network security and make providers a target of attackers. The report, released on September 6, found that 54 percent of respondents were attacked at least every week. Currently, denial-of-service attacks and SQL injection attacks are their main types of cyberthreats: 91 percent of respondents have already suffered a denial-of-service attack, 64 percent an SQL injection attack and up to 36 percent a phishing attack.
Google Will Pay You $200,000 to Hack Android OS
Google has launched its own Android hacking contest with the first prize winner receiving $200,000 in cash, the second $100,000 and the third $50,000. Starting on September 13 and ending on March 14, 2017, the contest will only award cash prizes to contestants who can successfully hack any version of Android Nougat on Nexus 5X and 6P devices. However, the catch here is that Google wants experts to hack the devices by knowing only the devices' phone numbers and email addresses. Besides cash prizes, winners will also be invited to write a short technical report describing their entry, which will then be posted on the company's Project Zero Blog.
Rest of the Week´s News
Thousands of Infected FTP Servers Net Attackers $88k in Cryptocurrency
Although mining Bitcoins is no longer profitable, there are plenty of other digital currencies that are quite new and are significantly less difficult to mine like Monero. Criminals has recognized this and started to spread a new malware payload that uses infected machines to mine this coin at the expense of the system owner’s CPU and GPU resources.
Google Chrome to Label Sensitive HTTP Pages as "Not Secure"
Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as "not secure". This is the first step in Google's plan to discourage the use of sites that don't use encryption at all to protect sensitive information.
GovRAT 2.0 continues to target US companies and Government
Vxers recently released a new version of the RAT, so-called GovRAT 2.0 that has been used by cybercriminals to target the US Government and other organizations in the country. The new strain of GovRAT 2.0 includes several new features, including improved detection evasion methods, remote command execution, automatically mapping hard disks and network shares.