In this week’s Threat Thursday: yet another unsecure server leads to one of the world’s biggest data leaks; Black Friday is set to be ruined by the efforts of cyber criminals; and raccoons are rummaging through your personal data.
Hold onto your hats – it’s only likely to get worse once Christmas rolls in.
Oh, Boy… Billions of Profiles Exposed in Colossal Data Breach
The revealing and sensitive personal data of 1.2 billion people has been leaked online, thanks to 4 terabytes of data held on woefully unsecure servers. While no passwords or financial details were exposed, contact details, addresses and associated social media profiles were.
The server was discovered by Dark Web researchers Vinny Troia and Bob Diachenko, who recognised it as “one of the largest data leaks from a single source organisation in history”. The compromised data was sourced from 2 different data enrichment companies –yet neither can be definitively identified as the owner of the data, making it difficult to know who’s responsible for this breach. Vinny breaks down his investigative process (and his own theories on the people responsible) over on his blog, which makes for some intriguing reading.
While there’s little that can be done about the breach, it does highlight why America needs tighter data protection and disclosure laws. In the EU, a breach as colossal as this would demand accountability, and the ensuing ICO investigation wouldn’t treat the culprits lightly. So while we can’t advise on how to recover from this disastrous breach, we can at least treat it as a cautionary tale for anyone handling bulk personal datasets.
That’s Just Not Pharaoh: Ginp Malware Evolves to Incorporate Anubis Source Code
Having emerged in the middle of this year, Ginp is still a relatively new malware that, in its early stages, functioned as an SMS stealer. Now, in the latest stage of its rapidly-evolving development, it’s adopted the source code from the Anubis banking trojan and is actively targeting its victim’s payment details.
When first discovered, Ginp disguised itself as a Google Play Verification app which did little more than steal incoming and outgoing SMS messages. Presumably being targeted at individuals rather than institutions, it’s hard to imagine that it really offered much of a return for its developers; this might explain why it soon evolved into a card-skimming malware, which hid on social messaging apps.
Affecting Android users, the new Ginp’s Anubis-empowered abilities allow it to conduct overlay attacks, stealing a user’s confidential data by overlaying its own windows over the top of another application. In this instance, that’s a range of Spanish and British banking applications. It hasn’t lost any of its previous powers either, still able to assume control of the victim’s SMS messaging and skim the details of any payments sent via Linkedin, Facebook, and other popular social apps.
Having initially circulated by masquerading as a reputable app, Ginp is a cautionary tale in not trusting everything you download. As such, the age-old advice of only downloading from trusted vendors once again rings true; not least when using the Google Play store, which is no stranger to these dodgy apps.
Bleak Friday: Cyber Scammers Once Again Targeting Holiday Shoppers
Trust cyber criminals to remind us why we can’t have nice things. As per the usual methods – phishing, SMS fraud and dodgy redirects – we can expect a significant rise in online fraud this Christmas, as the festive season becomes hunting season for online scammers.
According to Avira Protection Lab, recognised phishing URLs increase by more than 2.5 times year-on-year, with efforts ramping up significantly in September as thoughts turn to the Christmas season.
Let’s ignore the potentially crazy reasons that people are Christmas shopping any earlier than December, and instead focus on the typical tactics of our festive cyber-Scrooges. The usual techniques, including redirecting to phishing websites or delivering card-skimming malware under the guise of promotional emails, are just as effective as they've always been. Luckily, so too is the usual security advice: treat any unexpected ‘coupon’ offers from unknown vendors or email addresses with the suspicion they deserve; make sure that any online stores you purchase from are verified and trustworthy; and always ensure you’re shopping at a URL with HTTPS protection.
Not a Healthy Outlook: Microsoft’s Email App Suffers Android Security Exploit
Users of Microsoft’s Outlook for Android will want to upgrade to the latest version as soon as possible, as an important vulnerability could allow attackers to conduct XSS (cross-site scripting) attacks on unwitting victims, injecting malicious scripts that compromise their security. As usual, both us and the boffins at Microsoft insist that you make sure you’re running the latest version of Outlook for Android, especially if you don’t have your automatic updates turned on.
Raccoon Stealer is Anything but Adorable
Popularised by Guardians of the Galaxy (or late 80’s Canadian cartoons, depending on your generation), Raccoons are renowned as nature’s cutest kleptomaniacs. Sadly, that reputation isn’t endearing anyone to Raccoon Stealer, a credential-pinching malware that emerged in April and has diversified both its tactics and targets in recent months.
This Malware-as-a-Service is gaining popularity in underground hacker forums for its top-notch customer support (aren’t these hackers virtuous?). It’s an unsophisticated, if effective infection most commonly found in the ‘Fallout’ exploit kit. Now, it’s being delivered in a manner not unsimilar to the Phishing scheme in last week’s Threat Thursday. Using a compromised but trusted email account, criminals are able to get through company defences and direct users to an ‘important’ Dropbox download; an .IMG file readily-infected with the Raccoon Stealer exploit. Once downloaded, the victim’s credit card details, usernames, passwords – you name it – could all be bagged by this virtual trash-panda.
Having successfully infected victims in the finance and utilities sector, it’s easy to see how the Malware-as-a-Service model helps to exponentially spread threats over the world. Only by enacting due diligence with our links, emails and attachments can we overcome them – and start making them worthless.
It's been a busy week this week, and we have a feeling that as more people turn to the internet to do their Christmas shopping, more phishers will be waiting in the shadows to pounce on the security-averse.
Be the first to here the cyber threats making the news this week and subscribe to Threat Thursday cyber news direct to your inbox, every week.
If you'd like some help, we offer FREE Cyber Security Health Checks for businesses, so if your security is up for review, get in touch for impartial advice that won’t cost a thing.