Category Archives: ESET

ESET

ESET

Android security mystery – ‘fake’ cellphone towers found in U.S.

[There have been many comments to this story from people who are assuming that these ‘towers’ are physical installations. There’s no reason to assume this is the case: it’s far likelier that they are mobile installations of the kind used not only by law enforcement and government agencies, but also by scammers and other criminals. (David Harley)]

Seventeen mysterious cellphone towers have been found in America which look like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose, according to Popular Science.

The fake ‘towers’ – computers which wirelessly attack cellphones via the “baseband” chips built to allow them to communicate with their networks, can eavesdrop and even install spyware, ESD claims. They are a known technology – but the surprise is that they are in active use.

The towers were found by users of the CryptoPhone 500, one of several ultra-secure handsets that have come to market in the last couple of years, after an executive noticed his handset was “leaking” data regularly.

Its American manufacturer boasts that the handset has a “hardened” version of Android which removes 468 vulnerabilities from the OS.

Android Security: Towers throughout the US

Despite its secure OS, Les Goldsmith of the handset’s US manufacturer ESD found that his personal Android security handset’s firewall showed signs of attack “80 to 90” times per hour.

The leaks were traced to the mysterious towers. Despite having some of the functions of normal cellphone towers, Goldsmith says their function is rather different. He describes them as “interceptors” and says that various models can eavesdrop and even push spyware to devices. Normal cellphones cannot detect them – only specialized hardware such as ESD’s Android security handsets.

Who created the towers and maintains them is unknown, Goldsmith says.

Origin of towers ‘unknown’

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says.  “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip.  We even found one at South Point Casino in Las Vegas.” [Editor’s note: Goldsmith has asked us to stress that the tower was actually in the vicinity of the casino, not within the casino itself.]

Their existence can only be seen on specialized devices, such as the custom Android security OS used by Cryptophone, which includes various security features – including “baseband attack detection.”

The handset, based on a Samsung Galaxy SIII, is described as offering, a “Hardened Android operating system” offering extra security. “Baseband firewall protects against over-the-air attacks with constant monitoring of baseband processor activity, baseband attack detection, and automated initiation of countermeasures”, claims the site.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith.  “Whose interceptor is it?  Who are they, that’s listening to calls around military bases?  The point is: we don’t really know whose they are.”

Baseband attacks are considered extremely difficult – the details of the chips are closely guarded. “Interceptors” are costly devices – and hacking baseband chips is thought to be technically advanced beyond the reach of “ordinary” hackers, ESD says. The devices vary in form, and are sold to government agencies and others, but are computers with specialized software designed to defeat the encryption of cellphone networks. The towers target the “Baseband” operating system of cellphones – a secondary OS which sits “between” iOS or Android, for instance, and the cellular network.

Goldsmith says that the devices cost “less than $100,000” and does not mention what level or type of device his team has detected. Most are still out of reach of average hackers, although freely advertised. One model is the VME Dominator, which is described as, “a real time GSM A5.1 cell phone interceptor. It cannot be detected. It allows interception of voice and text. It also allows voice manipulation, up or down channel blocking, text intercept and modification, calling & sending text on behalf of the user, and directional finding of a user during random monitoring of calls.”

What has come as a surprise is how many “interceptors” are in active use in the U.S., and that their purpose remains mysterious.

The post Android security mystery – ‘fake’ cellphone towers found in U.S. appeared first on We Live Security.

ESET

Google dorks – FBI warning about dangerous ‘new’ search tool

The FBI has issued a warning to police and other emergency response personnel about a lethal new tool which ‘malicious actors’ have been using to deadly effect against American government institutions – Google dorks.

The warning, reported by Ars Technica, refers specifically to ‘Google dorks’  or “Google dorking” – ie the use of specialized search syntax,  using terms such as “filetype:sql”.

‘Google dorks’ refers to search syntax which allow users to search within a specific website (using the term in:url) or for specific file types, and can thus be used to search databases. Such search terms are widely known, and legal – the warning alerts units who may not be aware of the technique to secure databases properly.

Google dorks: Weapon of the ‘malicious’?

“In October 2013, unidentified attackers used Google dorks to find websites running vulnerable versions of a proprietary internet message board software product, according to security researchers,” the FBI warning says.

“After searching for vulnerable software identifiers, the attackers compromised 35,000 websites and were able to create new administrator accounts. ”

“For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.”

The warning refers to several online resources commonly used to automate “Google dork” queries – and offers advice on the scope of such search terms.syntax.

Shock as web users employ ‘search’

The warning also offers a useful link to Google’s own testing centre for pre-empting such attacks, the Google Hacking Database. Webmasters can use this to check whether files are “visible” to Google dorks, then hide them if they wish.

Ars Technica points out that the warning refers to “malicious cyber actors” and refers to a notorious case in which reporters were accused of “hacking” a website by using freely available information and an automated tool, GNUGet.

However, as Ars explains, the warning is not really meant to highlight a “new” technique, i.e Google dorks, but to warn webmasters to make their websites more secure.

“This warning from the DHS and the FBI was mostly intended to give law enforcement and other organizations a sense of urgency to take a hard look at their own websites’ security,” Ars comments. “Local police departments have increasingly become the target of “hacktivists.” Recent examples include attacks on the Albuquerque Police Department’s network in March following the shooting of a homeless man and attacks on St. Louis County police networks in response to the recent events in Ferguson, Missouri.”

The warning says, “Ensure sensitive websites are not indexed in search engines. Google USPER provides webmaster tools to remove entire sites, individual URLs, cached copies, and directories from Google’s index.”

The post Google dorks – FBI warning about dangerous ‘new’ search tool appeared first on We Live Security.

ESET

Data breach in South Korea hits 27 million – half the population

A data breach of staggering proportions has hit South Korea – involving 27 million people and 220 million private records – and affecting 70% of the population between the ages of 15 and 65, according to Forbes.

Sixteen hackers were arrested for the attack, which targeted registration pages and passwords for six online gaming sites – with the aim of selling game currency. South Korea has a strong online gaming culture, and people of all ages indulge in the hobby.

South Korean authorities said that the gang had stolen 220 million items of personally identifying information, with the goal of breaking into online game accounts. A 24-year-old man, surname Kim, bought these records from a Chinese hacker he met in another online game in 2011, according to the Korea JoonGang Daily.

Data breach hit 70% of adults

According to police, Kim reportedly received 220 million personal information items from a data breach of unknown origin, including the names, resident registration numbers, account names and passwords, of the 27 million people from a Chinese hacker he met in an online game in 2011.

Kim and his associates are thought to have used a hacking tool known as an “extractor” to log in to accounts and steal virtual currency to and items to sell – earning in the process 400 million won ($390,919).

The Register reports that, “Kim bagged almost $400,000 by hacking six online games using the details and gave the Chinese cracker a $130,000 cut. The buyer used the creds to steal items from gaming accounts and sold off to other players.”

Hacking tool known as ‘extractor’

Police estimate that secondary damages from the data breach cost at least $2m.

When Kim’s gang could not break into accounts, they bought yet more personal information including identity cards from a cellphone retailer in Daegu, and then changed passwords to gain access.

Kim is also accused of having sold his hoard of personally identifying information to mortgage fraudsters and illegal gambling advertisers.

 

The post Data breach in South Korea hits 27 million – half the population appeared first on We Live Security.

ESET

Surveillance fears over systems which ‘follow’ cellphone users

Concern is growing over the export of surveillance equipment which can track the movements of anyone carrying a cellphone – from town to town and even into other countries.  Such technologies are freely on sale not only to oppressive regimes, but also to criminal gangs, according to a report by the Washington Post.

Third-party surveillance apps are, of course, widely available which allow suspicious spouses and more nefarious individuals to track the owner of a phone by surreptitiously installing and hiding such an app. Such ‘domestic spyware’ is often involved in domestic violence cases.

The technology used by repressive regimes is much higher-level surveillance: specifically, the governments, gangs and other individuals monitor telecoms networks for their location records.

Surveillance systems map people for weeks

“Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology,” the Washington Post reports.

The use of such equipment is highlighted in a report, Big Brother Inc, by Privacy International, which claims that the surveillance industry has grown to be worth $5 billion per year, and that export control regulations have not kept pace with developments in such technology.

Capabilities of surveillance have grown hugely

“The capabilities of surveillance technology have grown hugely in the past decade – in the hands of a repressive regime, this equipment eradicates free speech, quashes dissent and places dissidents at the mercy of ruling powers as effectively as guns and bombs, if not more so,” Privacy International says in its report.

Mark James, security specialist at ESET, says there is a broader issue about the ownership of the data generated by such devices, and in particular the rights of the end user.

“The main concern here is the lack of international laws to protect the end user,” says James. “Without a global policy in place there will always be some countries that can be used to track people’s locations and activity.”

“With users now requiring the latest technology advancements in their mobile devices which include GPS location, mobile internet and the ability to be contacted wherever they are, it is often overlooked that this technology is two-way.

“Even if in your contract there were to be a paragraph stating that you can be monitored whenever and wherever, the likelihood of you reading it and acknowledging it exists is remote, and let’s be honest would you refuse to have the phone if this were made clear to you when you purchased it in the first place? I honestly think not.”

“This type of surveillance has been around for a while and it’s not going anywhere, all we can do is put measures in place for an independent organization to monitor its use and work harder to have an international  agreement in place to limit where this data ends up.”

Privacy International is now campaigning for more regulation of the surveillance industry, and in particular to restrict the sale of such technologies to repressive regimes. The group points to some limited successes, such as the EU Parliament’s resolution calling for stricter oversight of surveillance technology exports, and President Obama’s  executive order to prevent such exports to Syria and Iran.

The group says, “Export control regulations have not kept pace with this development, nor have companies taken it upon themselves to vet the governments to whom they sell their technology. The situation has now reached a crisis point: countries must enact strict export controls now, or be guilty of a staggering and continued hypocrisy with regard to global human rights.”

The post Surveillance fears over systems which ‘follow’ cellphone users appeared first on We Live Security.

ESET

Online fraud – POS malware has now hit 1,000 U.S. firms

More than a thousand U.S. businesses have been affected by point-of-sale malware – malicious software written specifically for online fraud – to steal information such as credit card details from companies and their customers.

The United States Computer Emergency Readiness Team issued a statement saying that the “Backoff” malware was rife in U.S. businesses, taking over administrator accounts and removing customer data from several hundreds of companies.

POS malware was a footnote in computing history until the Target breach, but the hi-tech online fraud now appears to be a growth industry. Ars Technica points out how quickly the software has evolved during the past two years, and emphasizes the direct impact on American consumers.

ESET Malware Researcher Lysa Myers says, “Malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.” Myers offers a detailed guide for businesses concerned that they may be being targeted with POS malware.

Online fraud: Shop terminals under attack

“Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the ‘Backoff’ malware,” the advisory stated. “Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes.”

The figure of 1,000 businesses comes from a Secret Service estimate, based on figures from vendors of POS software.

“Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected,” the advisory says.

Criminals target makers of software for shops

Ars refers to a recent  attack, where the attackers were able to guess the password to the system,and  installed the Backoff program. The malware disguises itself as an innocent Java component but ‘listens’ for credit card transactions, storing them and transmitting them to criminals, according to  US-CERT’s original advisory.

The US-CERT advisory advises companies, “Organizations that believe they have been impacted should contact their local Secret Service field office and may contact the NCCIC for additional information.”

 

The post Online fraud – POS malware has now hit 1,000 U.S. firms appeared first on We Live Security.

ESET

Google Images hacked? Searches fill with morbid image

An image of a Russian car crash has piled up in Google Images, regardless of what users search for. Time magazine searched for ‘puppy” and instead saw multiple images of the crash – leading to speculation that the service has been hacked. What’s less clear is why, or who might have done it.

One user says that regardless of what he searches for, he sees dozens of images of the same car crash, “Every time I search something in Google images, these creepy images are appearing. It’s apparently a crashed truck or something, but I didn’t look it up. People could say that it had something to do with what I was searching, but if I click on it, a different image appears. I have some screenshots attached.”

Google Images: ‘Creepy images appearing’

The issue is not affecting all users, but Google product forums are full of complaints about the image, which shows a fatal car crash from several years ago.

Time magazine reports that the images vary –  Google’s own support forums tracked back and found the image came from a report on a Ukrainian news site. We’ve not linked to the report as it contains many more grisly images of the crash.

Time also reported that a related Reddit chain say that images of basketball player and occasional actor Kevin Durant have also been reported by some user.

Hours of glitches

Jalopnik says, “In the meantime, Reddit user anvile noticed that the original photos stem from a story about a car crash in Moscow that killed three people. The driver, a 28-year-old woman, was reported to be intoxicated.”

“Weirder still, the crash occurred in November of 2012, according to this Pravda article, so it isn’t recent.”

Google has as yet not offered comment on the images, or their origin.

The post Google Images hacked? Searches fill with morbid image appeared first on We Live Security.

ESET

PSN hacked – Network back after cyber attack and bomb threat

Sony’s PlayStation Network was back online on Monday, and the information of its 53 million users was safe, despite a weekend-long cyber attack which left PSN hacked, and a reported bomb threat by the same group which caused the diversion of a flight carrying a Sony executive, according to Reuters report.

A Twitter user with the handle @LizardSquad claimed responsibility for the attack, according to ITV’s report.

Sony summed up in a blog post, “The networks were taken offline due to a distributed denial of service attack. We have seen no evidence of any intrusion to the network and no evidence of any unauthorised access to users’ personal information.”

One of @LizardSquad’s Tweets said, “”Sony, yet another large company, but they aren’t spending the waves of cash they obtain on their customers’ (PlayStation Network) service. End the greed,”

PSN hacked – and bomb threat issued

The group’s motivation for its attack was unclear. Shack News reported that the group also aimed DDoS attacks at Blizzard’s Battle.net, Riot’s League of Legends and Grinding Gear Games’ Path of Exile.

PSN Hacked

In a series of Tweets, the group also claimed to be aiming similar attacks at Xbox Live. “We don’t comment on the root cause of a specific issue, but as you can see on Xbox.com/status, the core Xbox LIVE services are up and running,” Xbox spokesman David Dennis said in an interview with Reuters.

Vice commented, “Since Lizard Squad’s fake threat of explosives and media coverage citing it as responsible for the ‘hack,’the group has gained over 15,000 followers on Twitter. One of those followers includes Smedley himself.

Gained 15,000 Twitter followers

In a blog post timed for Cologne’s Gamescom this year, ESET Distinguished Researcher Aryeh Goretsky said, “Computer criminals don’t just target gamers: gaming companies themselves can be targeted as well.  Probably the most well-known example of this is the April 2011 breach of the Sony PlayStation Network gaming and Qriocity music streaming service, which resulted in the compromise of the names, addresses and credit card details of 77 million user accounts.

“ESET provided extensive coverage of the Sony data breach in our blog, starting from the initial report of the breach in April 2011 all the way up to the proposed settlement of a week ago.  As a result, I am not going to discuss the details of the Sony breach in this article.

“Readers should be aware that this sort of problem is not unique to Sony, either.  Almost exactly, two years ago, Blizzard Entertainment suffered a data breach themselves, although they responded in a different and — this author thinks — more responsible fashion.

The point here is that computer game companies and their associated services face real threats from criminals: if they charge customers for online play, the purchase of in-game items, or otherwise contain customer billing data in their computers, then those computers systems are targets for financial crime.”

A We Live Security guide to staying safe from cybercriminals while gaming online can be found here.

The post PSN hacked – Network back after cyber attack and bomb threat appeared first on We Live Security.

ESET

Bitcoin wallet phishing scores unlikely hit with crypto-curious

A new tactic where waves of Bitcoin wallet phishing emails are targeted at corporations has proved a success for the criminals behind it – with nearly 2.7% of victims clicking on the malicious link embedded in the two waves of 12,000 emails. Previous Bitcoin wallet phishing campaigns usually targeted known lists of Bitcoin users.

Proofpoint, which monitored the attack, said people who did not use Bitcoin wallets clicked on the emails as well as users of the cryptocurrency, which were sent in two separate waves directed at organizations across various industries.

Proofpoint said that the high success rate proved how much the hype behind the Bitcoin wallet had caught the imagination of the general population.“Unregulated and designed for anonymity, Bitcoin represents an attractive, $6.8 billion target to cyber criminals,” Proofpoint said.

Bitcoin Wallet: ‘Attractive target’

The Register’s John Leyden reported, “This high click-through rate is a concern because crooks could easily switch from Bitcoin scams to targeting curious users with DDoS malware, remote access Trojans, corporate credential phish, or other threats.”

Anti-phishing firm Cloudmark commented on The Register’s report that the relatively low volume campaign had not been effective at avoiding spam filters – and thus was likely the work of “inexperienced spammers.”

The emails took the form of fake “account warning” emails, except using the Bitcoin wallet site Blockchain instead of banks or online payment services. The warning described a failed login attempt “originating in China”. As soon as victims clicked they were directed to a fake version of the Blockchain site, which includes a Bitcoin wallet.

Unlike with many banks and credit cards, there is little protection for Bitcoin users who have had their currency stolen – hence the many, many campaigns targeted at them.

Exploiting human psychology

The phishing campaign follows a fairly straightforward “account warning” template, using the Bitcoin site Blockchain.info instead of the usual bank or online payment service names. Prospective marks were falsely warned about a failed login attempt originating in China, attempting to create a sense of urgency by capitalising on popular fears over Chinese hacking.

Kevin Epstein, vice president of Advanced Security at Proofpoint said, “Cybercriminals are continuing to improve their odds of success by exploiting human psychology as well as technology. Proofpoint’s research team recently observed a startling example of these ‘human factor’ exploit tactics in a campaign nominally targeted at stealing Bitcoin access credentials”

“People who had no Bitcoin accounts – no reason to click on the email solicitation – were clicking anyway. It seems likely that attackers were taking advantage of Bitcoin’s recent popularity in the news to engage targeted users’ curiosity.

“The implications for corporate security teams are significant. Security professionals cannot afford to ignore any phishing emails, even what initially appear to be consumer-oriented campaigns not relevant to professional end users, as such topical phish clearly compels clicks even from users who should have no reason to click.”

The post Bitcoin wallet phishing scores unlikely hit with crypto-curious appeared first on We Live Security.

ESET

How to protect your identity at school

Summer is in full swing, but school season is right around the corner. Young people are targeted for data theft at 35 times the rate of adults – they are considered an easy target for both digital and physical theft. You can make going back to school an easier transition by ensuring your data and devices are secure both at school and at home. Even if you’ll be using the computers provided by your school’s libraries or labs, there are plenty of steps you can take to make your data safer.

Protecting Your Devices at School

If you’re using your own desktop, laptop or smartphone, there are two things to be concerned with: Physical and information theft. There are a few things you can do to minimize the odds of both types of theft, and mitigate the damage if either does occur.

  • Minimize the target
    Don’t leave your laptop or phone unlocked and unattended, whether you’re at home or in public – these items are easily grabbed when you’re not looking. And when you take your laptop with you in public, it’s best to carry it in a bag that doesn’t advertise what’s inside; laptop sleeves or carriers let people know exactly what you’re carrying.
  • Minimize the damage
    Installing a Tracker App will help you track down your device, should it be lost or stolen. And if the files on your device are encrypted, even if someone gets access to your computer, they won’t be able to profit from your information.
  • Beef up your security
    Physical loss and thefts are not the only ways to lose information on your phone. Malware and phishing are becoming increasingly common on mobile devices, so be sure to protect yourself. To protect yourself from phishing, make sure you’re using different passwords for all your different accounts, and pick a strong password for each. Using a password manager can help make this an easier task. Once you’ve got a good password, protect it: Don’t share it with others and don’t enter your password into sites you’ve visited via links in email or IM. To protect yourself from malware, install apps only from reputable apps stores, and scan those files with an anti-malware product before installing.
  • Be cautious on public Wi-Fi
    You can never be entirely sure who’s sharing the network with you on public Wi-Fi, so be extra careful when you use public Wi-Fi, like at school or at your local coffee shop. Use VPN software so that your web traffic will all be encrypted – it’ll help keep people from electronically eavesdropping on you.

Securing Your Data When Using Communal Machines

There may be times when you may need to use the computers that are provided by the school. You really have no idea who was using that computer last, or what they were doing before you got there, so you should probably assume the worst. It’s best to act as if anything you type or see on the screen can be recorded and act accordingly:

  • Do not use public machines to log into accounts, especially accounts that store financial information (e.g., bank accounts or credit cards).
  • Avoid online shopping, as someone could get not just your login credentials, but your credit card number.
  • If for some reason you do need to log into an account on a public machine, it is essential to change any passwords you may have used, when you get back to your own machine.
  • Browse in Privacy Mode if you can – if not, be sure to clear your browser history and all cookies.

Younger people may feel that their information is of lesser value than more established adults, because they may have smaller bank accounts or less-juicy data, and may not take security as seriously. Ultimately, it doesn’t matter how young you are – your data and identity are valuable to cybercriminals and correcting the problems caused by loss and theft is a pain, no matter your age. Protecting your data now will help you avoid those headaches.

The post How to protect your identity at school appeared first on We Live Security.

ESET

Week in security: Nuclear attack, scareware back and traffic-light hack

This week in security news saw two of the scariest targets for hacks ever – nuclear plants and city-wide traffic systems. The stories delivered the goods, too — the traffic-light hack could basically have been carried out by anyone, and paralyze any one of 40 American cities, and America’s  Nuclear Regulatory Commission was successfully attacked three times within the past three years, by unknown attackers, some foreign – and largely using standard phishing emails and similar techniques. It is still unknown who the attackers were.

In terms of novel malware, it was a bit of a dry week (always a good thing) bar the return of scareware  – this time armed with an even more annoying method of making you pay up.

In Cologne, gamers gathered for Gamescom – and ESET’s Aryeh Goretsky took a look at how gaming has evolved, and cybercrime along with it, with discussions of gold-farming, theft of virtual goods, and how gaming companies are now fully awake to the threat of cybercrime.

Hackers get a “green” for go!

Often, when one reads a paper behind a cybercrime story, it’s disappointing – not so in the case of the novel attack against city-wide traffic systems described by University of Michigan researchers, which is genuinely terrifying. Little skill was required – radios are unencrypted, or used default passwords, and control units had known vulnerabilities.

An attacker, like the film’s ‘crew’ on robbery, could control a series of lights to give himself passage through intersections, and then turn them red to slow emergency vehicles in pursuit, according to the BBC’s report.

The researchers at the University of Michigan, who say that networked traffic systems are left vulnerable by unencrypted radio signals and factory-default passwords, and that access to individual lights – or even a city-wide attack, as in the film, is possible, according to Time’s report.

“This paper shows that these types of systems often have safety in mind but may forget the importance of security,” the researchers write. Technology Review points out that Michigan’s system, which networks 100 lights, is far from unique. Similar systems are used in 40 states.

Scareware II: The return

Over the past months, ‘scareware’ – windows that warn users that their machine is infected, then, ironically, persuade them to download malware – has dropped, says Microsoft, as users wise up.

But a new variant, Win32/Defru has a different and simpler approach on how to trick the user and monetize on it. Basically, it prevents the user from using the internet – it displays warning windows instead of sites. Now that really is cruel.

The malware targets 300 websites, and when a user tries to access them, they instead see the following fake message, ““Detected on your computer malicious software that blocks access to certain Internet resources, in order to protect your authentication data from intruders the defender system Windows Security ® was forced to intervene.”

Rogue AV is still found – indeed ESET has been repeatedly ‘honored’ with fake scareware versions of  of its products such as when ESET researchers discovered a Trojan packaged to look like antimalware products,  – but Microsoft reports that in the past 12 months, scareware had fallen out of fashion.

Microsoft researcher Daniel Chipiristeanu says, “Lately we’re seeing a dropping trend in the telemetry for some of the once most-prevalent rogue families,  It’s likely this has happened due to the anti-malware industry’s intense targeting of these rogues in our products, and better end-user awareness and security practices.”

Chipiristeanu says that “education” has played a part – but new gangs have simply moved on to new methods to target victims.

Pay for privacy? Yes we would!

Silent Circle, makers of Blackphone, are not smarting overly from their handset’s humiliation, it seems – and their mission to stop everyone spying on us continues. They have support, it seems - a poll of 2,000 people found that almost all of us believe we are being spied on, and about a third would pay to stop it.

Privacy issues have become an increasing concern outside the security community – in part thanks to revelations of government surveillance, as discussed by ESET researcher Stephen Cobb. Silent Circle carried out the survey in May this year, via OnePoll and found that 88% of UK workers believe their calls and texts are being listened to, versus 72% of Germans – it’s not clear by whom.

Nearly a third – 31% – of Germans would pay for a service which guaranteed their texts and calls were not being listened to. In Britain, 21% would do so. Germany is traditionally more privacy-conscious – services such as Google StreetView are not permitted there.

The scandal over Facebook’s Messenger app – and the overstated responses of many media outlets, served to highlight this. Cosmopolitan writes, “Basically, it can control your whole phone. And, most scarily of all, CALL PEOPLE.” Cosmopolitan had not been previously known for its concern with online privacy.

Nuclear Armageddon: Virtually here

A report released by America’s Nuclear Regulatory Commission highlighted how depressingly ordinary cyber attacks can still be effective against even the highest value targets.

The spear-phishing attacks against the Nuclear authority were hardly hacker whizkid territory, but nonetheless, hundreds fell for them.

CNET reports that one incident led 215 employees of the nuclear agency to “a logon-credential harvesting attempt,” hosted on “a cloud-based Google spreadsheet.” The information was obtained through a specific request by NextGov. A second spearphishing attack targeted specific employees with emails crafted to dupe them into clicking a link which led to malware on Microsoft’s cloud storage site SkyDrive.

The third attack was a spearphishing attack directed at a specific employee. Once his account credentials were obtained, emails were sent to 15 further employees, with malware-laced PDFs.

“It’s still unclear which country originated the attacks, and whether the attackers were acting independently or as a part of a larger state action.

NRC spokesman David McIntyre said that his security team “thwarts” most such attempts.

Conspiracy theorists, start your engines!

Our last story really is the stuff of conspiracy theorist’s dreams: the very next day after Malaysia Airlines Flightt MH370 disappeared, “sophisticated” malware was used to steal documents from government officials working the case.

A mysterious attacker in China purloined “classified documents” in “significant amounts”, details of which remained vague – stoking the fires of conspiracy still further.

The Malaysian Star claims that the attack targeted officials with a PDF document which appeared to be a news report about Flight MH370, and was sent to a group of investigators. Around 30 computers were infected by the malware.

“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” CyberSecurity Malaysia chief exec Dr Amirudin Abdul Wahab said.

“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the Flight MH370 investigation.”

Business Insider says that the attack occurred one day after the Boeing 777 went missing, and took the form of an .exe file disguised as a PDF (a common office file format).

It’s unclear who the attacker – or attackers – were, but information from infected computers was transmitted to an IP address in China. Officials in Malaysia blocked the transmission, The Star said.

 

The post Week in security: Nuclear attack, scareware back and traffic-light hack appeared first on We Live Security.