April 27, Help Net Security – (International) DDoS aggression and the evolution of IoT risks. Neustar released its findings after conducting a survey on over 1,000 information technology (IT) professionals across 6 continents which revealed that 76 percent of companies are investing in distributed denial-of-service (DDoS) protection as DDoS attacks are continuing to evolve from single large attacks to multi-vector attacks. Forty-seven percent of attacked organizations were participating in information sharing on threats and counter measures to mitigate future assaults. Source
April 26, SecurityWeek – (International) Information stealer “Fareit” abuses PowerShell. Security researchers from Trend Micro discovered a new variant of the Fareit malware was stealing login details, Bitcoin-related data, and other personal information from victims after the malware was delivered via spam emails and executed through two different tactics including Word documents and malicious macros, and PDF documents and Windows PowerShell. Attackers could use PDF files to execute PowerShell via the OpenAction event that allows Fareit to download onto a victim’s machine and collect information. Source
April 26, Softpedia – (International) The Pirate Bay malvertising campaign pushes Cerber ransomware. Security researchers from Malwarebytes and RiskIQ reported that malicious ads on The Pirate Bay torrent portal were redirecting victims, using older Windows and Internet Explorer software to another Uniform Resource Identifier (URL) where the Magnitude exploit kit (EK) would leverage a Flash zero-day flaw to compromise vulnerable personal computers (PCs), install the Cerber ransomware, and install potentially unwanted software (PUP). Source
April 27, SecurityWeek – (International) Android ransomware dropped via Towelroot, hacking team exploits. Security researchers from Blue Coat Labs discovered that a ransomware named “Cyber.Police” was able to install malicious programs onto a mobile device without user interaction after finding that at least 224 devices running Android versions 4.0.3 to 4.4.4 were communicating the malware’s command and control (C&C) server since February and that the malicious programs were on devices running Cyanogenmod 10 version of Android 4.2.2. The malware was delivered via two known exploits including the Towelroot exploit and a JavaScript exploit. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report