March 31, Softpedia – (International) Anonymous proxies used for “Shotgun DDoS” attacks. Security researchers at Incapsula released findings from a one-month study revealing that 20 percent of all application layer (Layer 7) distributed denial-of-service (DDoS) attacks from January – February were “Shotgun DDoS” attacks carried out through anonymous proxies to bypass mitigation systems by spreading across multiple internet protocols (IPs) and multiple geo-locations. Approximately 45 percent of the incidents originated from addresses in the Tor anonymity network, and 60 percent of them employed Tor’s Hammer denial-of-service (DoS) tool, which carries out low-and-slow power-on self-test (POST) attacks. Source
March 31, Softpedia – (International) Trojan Laziok used for reconnaissance in the energy sector. Security researchers from Symantec identified new malware designed for stealing information, dubbed Laziok, that was observed targeting users in the petroleum, gas, and helium industries worldwide, and is delivered via a malicious Microsoft Excel file that exploits a buffer overflow/security glitch that allows remote code execution, and downloads custom variants of Cyberat and Zbot malware from servers in the U.S., United Kingdom, and Bulgaria. Source
March 31, Network World – (International) Lebanese cyberespionage campaign hits defense, telecom, media firms worldwide. Security researchers at Check Point Software Technologies discovered that a cyberespionage group has hacked into hundreds of defense contractor, telecommunications operator, media group, and educational organization networks from at least 10 countries in ongoing attacks that began in late 2012. The attackers detect vulnerabilities and use Web shells to compromise affected servers, including a sophisticated custom-made trojan on servers running Microsoft’s IIS software, called Explosive, that can infect servers and systems on networks, and can spread via USB mass storage devices. Source
March 30, Threatpost – (International) eBay fixes file upload and path disclosure bugs. eBay addressed two security vulnerabilities on its Web site that allowed attackers to upload malicious files, including executables, disguised as images that could be used in drive-by download attacks by leveraging poor header checks and eBay server return messages with exact file paths. Source
March 30, USA Today – (International) Former feds charged with stealing Silk Road bitcoin. A former U.S. Secret Service agent surrendered to authorities March 30 and a U.S. Drug Enforcement Administration agent was arrested March 27 in connection to allegedly stealing over $1.5 million in bitcoins while investigating the Silk Road, a shutdown underground site that traded in illegal drugs, counterfeit IDs, and computer hacking software. The pair, based in Maryland, stole proceeds from the site and hid the funds in offshore accounts, often utilizing their positions in the government to obtain the bitcoins. Source