Breach
SURVEILLANCE FIRM HACK EXPOSES 400GB OF DATA
The Italian Internet surveillance firm Hacking Team was the target of a massive hack, resulting in 400GB of source code, exploits, emails and documents dumped on to the BitTorrent network for anyone to download.
Since the breach, researchers and journalists have been poring over the cache to reveal lists of clients, details of contracts, and methods of exploitation. This includes publishing details of zero-day exploits that vendors are now rushing to patch.
Initially, no one took responsibility for the breach and there are no details about how the breach occurred. However, a cyber criminal under the alias “Phineas Fisher” has taken credit via Twitter. Fisher’s claim has credibility since a hack on a similar surveillance company called Gamma Group was widely attributed to him.
“Phineas Fisher” has promised to release information of how he gained access “once they’ve had some time to fail at figuring out what happened and go out of business.”
This story underlines the case for continuous network monitoring. With companies having access to sophisticated intelligence-gathering techniques and zero-day exploits, even fully patched systems are not immune to exploitation. With companies having access to sophisticated intelligence-gathering techniques and zero-day exploits, even fully patched systems are not immune to exploitation.
Reference: ZD Net
Mitigation Strategies:
- 24×7 security monitoring to provide anomaly detection
- Log management could detect any suspicious user account activity.
Malware
AD FRAUD MALWARE DECEIVES USERS WITH AUTO UPDATES
A Trojan called Kovter is distributed by exploit kits and generates fraudulent revenue from pay-per-click schemes by simulating users clicking on ads.
A French researcher named Kafeine analyzed a new version of Kovter that attempts to apply updates after it has infected its host. For example, after being delivered by an Adobe Flash exploit and targeting an outdated version of the software, it attempts to run the Flash auto-updater in order to patch the system against further exploitation.
The motivation for this new behavior is unclear but the most popular theory is that the exploit wants “exclusivity” on target, meaning no other malware can coexist and potentially disrupt its operations.
This highlights the importance of continuous log review to detect unsanctioned software installations as well as network monitoring to detect known command and control traffic.
Reference: Malware – Don’t Need Coffee
Mitigation Strategies:
- 24×7 security monitoring to provide anomaly detection
- Log management could detect any suspicious user account activity.
- File integrity monitoring solution to monitor software installed
Top 20 IP Addresses
63.123.72.11 – NEW | 80.242.123.207 – NEW |
113.106.93.203 | 123.57.77.111 – NEW |
144.76.139.19 | 118.98.104.21 |
82.221.128.206 | 69.30.236.34 – NEW |
61.160.212.27 – NEW | 95.141.31.14 – NEW |
209.41.163.23 – NEW | 43.255.188.156 – NEW |
193.238.152.34 – NEW | 111.74.238.8 |
91.219.237.193 – NEW | 5.152.192.10 – NEW |
174.127.66.146 – NEW | 79.141.172.10 – NEW |
67.192.122.132 – NEW | 79.141.165.44 – NEW |