CyberSecurity Pulse 2017-01-09

CyberSecurity Pulse 2017-01-09

“Sometimes you win, sometimes you learn.”
John C. Maxwell

Analyst Insight

DHS-FBI Report Details Russian Malicious Cyberactivity

After months of speculation and allegations about Russian hacking activities related to the US elections, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a Joint Analysis Report (JAR) on December 29, 2016, detailing the tools and techniques allegedly used by Russian intelligence services against the US.

cibersecurity_votacion_EEUU_01"The US Government confirms that two different Russian Intelligence Services (RIS) affiliated groups, were involved in an attack against the Democratic National Committee (DNC). The JAR notes that one group identified as APT28, hacked the DNC in the summer of 2015, while APT 29 breached the DNC in Spring 2016", established on the report. But, where's the explanation of attribution?

The public was looking for evidence of the attribution and the White House and the DHS/FBI clearly laid out that this report is aimed on how the DHS/FBI confirms that APT28 and APT29 are RIS groups that compromised a political party. The intelligence community has found itself in this position before, including in attributing a highly destructive attack on Sony Pictures Entertainment in 2014 to North Korea. One out of two, whether there are sources or processes of obtaining information that need to be protected and that have not been fully detailed in such report or this is the perfect excuse to sanction Russia.

» More information at Department of Homeland Security

Top Stories

U.S. Prosecutors Charge Three Chinese Hackers With Insider Trading


US federal prosecutors charged three Chinese nationals with hacking the networks of US-based international law firms so as to use some confidential information from those firms to conduct insider trading, making more than $4 million from the scheme according to a statement by the US Attorney’s Office. After successfully compromising two law firms, the group then allegedly bought shares in companies that were about to be acquired or which planned to acquire some other firms so as to sell afterwards these shares once the M&A deals were publicly announced.

» More information at Eweek

Ransomware Infected an LG Smart TV Again


The latest incident in order of time involved an LG smart TV, the software engineer Darren Cauthon reported the device of one of his family members was infected with ransomware on Christmas day. The TV got the ransomware when the programmer’s wife downloaded an app to the TV promising free movies. However, the claim was just a bait that turned into a ransomware that demanded US$500 to unlock the device. The ransomware appears to be a version of the Cyber.Police ransomware, also known as Flocker and Frantic Locker.

» More information at Security Affairs

Rest of the Week´s News

Recent Power Outages in Turkey Were Also Caused by Cyberattacks

According to Turkish Energy Minister Berat Albayrak, Istanbul and other areas in Turkey have been experiencing power outages since last week. The power outages were caused by sabotage of underground powerlines and cyberattacks originating in the US. "These attacks have been carried out systematically on different parts of the Energy Ministry, but we have repelled them all", explained.

» More information at Security Affairs

Someone Hijacking Unsecured MongoDB Databases for Ransom

Nearly 200 instances of a MongoDB installation that's been erased and held for ransom. A security researcher has discovered that almost 600 Terabytes in MongoDB instances require no authentication to be accessed. MongoDB has resolved the issue in a new release by setting unrestricted remote access by default in the configuration, even if thousands of site administrators have not updated their servers yet.

» More information at The Hacker News

Attackers Use Super Mario Run to Spread Malware

Nintendo recently released Super Mario Run for the iOS platform. In no time, the game became a sensational hit on the iTunes store. However, there is no official Android version yet, something that some actors are exploiting to spread malware that acts as an Android version of Super Mario Run.

» More information at Zscaler

Further Reading

Bitcoin Price Fall to $880

» More information at

Did Someone Hack the Brazilian

» Más información at Security Affairs

KillDisk Ransomware Targets Linuxs But the Key Won't Decrypt Files

» Más información at The Hacker News