VK.com Breached & New Malware Targeting Industrial Systems

In this edition of the Weekly Threat Report, the Alert Logic ActiveIntelligence team highlights Russian ‘Facebook’ counterpart VK.com breached and how new malware discovered targeting industrial systems. Read the full report to learn more and get access to the week’s Top 20 Malicious IP addresses.

Breach

Russian 'Facebook' Counterpart VK.com Breached

Another data dump of sensitive users’ information was posted to the Real Deal Dark Web marketplace by user Peace_of_Mind, this time coming from over 100 Million users of Russian social media site VK.com. The breach, which most likely occurred sometime in 2012 or 2013, has resulted in the names, addresses, phone numbers, emails, and plain text passwords being available to the public. User Peace_of_Mind insists that the passwords were stolen in plain text and were not cracked at a later date, which should alarm users of VK.com.

Peace_of_Mind is currently selling the data set of over 100 Million users’ information for 1 Bitcoin (approx. $570) and he claims to have another 71 Million users’ information that he has not released yet. This user is the same person who has dumped the information from Tumblr, LinkedIn, and other high-profile breaches recently.

References: Another Day, Another Hack: 100 Million Accounts for VK, Russia's Facebook  | VK.com Data Breach Includes 100 Million Cleartext Passwords  | Over 100 Million VK.com Customer Records for Sale

Mitigation Strategies:

Malware

New Malware Discovered Targeting Industrial Systems

Researchers at FireEye Labs have discovered a new mysterious malware, dubbed ‘Irongate’ which can disrupt Siemens industrial systems and trick operators into thinking everything is running normally. Irongate has many similarities to the Stuxnet malware that was co-engineered by the United States and Israel to destroy Iran’s uranium enrichment centrifuges in 2010, but seems to be less sophisticated. Irongate has the ability to mimic normal activity, tricking operators into thinking the system is running normally, as well as being able to avoid sandbox environments.

The fact that Irongate’s origins are unknown worries researchers, even though the version they found only worked in simulation environments. Irongate could be a research project, a test, or a proof-of-concept for a new malware, but FireEye is hoping the Internet community can figure out who its creators might be.

References: Researchers have discovered a mysterious malware that can dupe operators at an industrial plant  | Irongate – New Stuxnet-like Malware Targets Industrial Control Systems Irongate malware targets industrial systems, avoids detection

Mitigation Strategies:

Top 20 IP Addresses

46.109.168.179 118.170.130.207
81.183.56.217 188.118.2.26
80.82.65.219 94.242.255.196
173.254.236.30 93.174.93.94
114.44.192.128 87.222.67.194
188.165.157.176 103.55.25.75
93.190.143.42 93.190.143.55
114.215.155.227 58.185.36.27
114.35.148.9 192.185.77.66
121.18.238.11 212.217.54.61

*IP addresses provided by Recorded Future.