July 2016 Internet Security Report


Threats

  • Ransomware delivery through compromised websites continues to be a continued threat for end users despite the slowdown in major ransomware and exploit kit activity over previous months. There have been reports of the SoakSoak botnet performing automated reconnaissance and exploitation of websites through a vulnerable wordpress plugin resulting in the delivery of CryptXXX ransomware via the Neutrino Exploit Kit.With ransomware and access to malware as a service becoming easier for criminals looking to make a quick dollar it is important that user are conscious of their web browsing activities and their interactions with web sites and downloaded files.

http://www.itnews.com.au/news/aussie-site-caught-up-in-cryptxxx-ransomware-spreading-campaign-431101
– https://www.invincea.com/2016/07/major-websites-getting-soaksoakd-delivering-cryptxxx-ransomware/

  • Chimera ransomware private keys have been reportedly leaked on pastebin. Since this announcement the Kaspersky Lab have since updated their RakhniDecrypter to now decrypt files affected by Chimera ransomware. It is believed that the keys have been obtained and leaked by the authors of competing ransomware variants as somewhat of a business strategy to control the ransomware market.

– https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/
– https://threatpost.com/petya-sabotages-rival-ransomware-chimera-leaks-decryption-keys/119543/

  • New Android based malware named ‘SpyNote’ has reportedly surfaced that allows for a malicious actor to steal user messages, contacts and eavesdrop on voice calls. This provides a good reminder to users to keep mobile devices up to date and always double check the permissions you grant applications on installation. Especially when installing from a third party application store.

– http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojan-builder-leaked/

Breaches

  • Although there has been a decrease in major breaches this month there have been some interesting observations being made as a result of mid-year reporting from the wider industry.Some of these key observations were:Continual employee security awareness training and education efforts are essential to ensure that end users are able to identify and understand the threats that face them at both work and home.The increasing need to always consider the security requirements of new technology trends to “eliminate the weaknesses exposed in an evolving computing environment.”The additional risk exposure that mobile devices and the internet of things can introduce into an environment.The importance of securing cloud applications and understanding where your important data is being stored, how it is handled and more importantly how it gets there.

– https://www.paloaltonetworks.com/company/press/2016/cybersecurity-education-efforts-yielding-results
– http://www.pandasecurity.com/mediacenter/src/uploads/2016/05/Pandalabs-2016-T1-EN-LR.pdf-
– http://cdn2.hubspot.net/hubfs/349272/2016-1h-Shadow_Data_Report/ShadowDataReport_1H_2016.pdf

Patches and Updates

  • Google researchers through Project Zero released a report on some critical issues in the cloud based password management system LastPass. The identified issues where confirmed to only affect users who use the LastPass Firefox add on. The issues allowed for a malicious actor to compromise the LastPass account and gain access to the stored passwords through the use of malicious code on a website.The issue has since been resolved by LastPass with updates being pushed to affected versions of the FireFox addon.

-http://thehackernews.com/2016/07/lastpass-password-manager.html
-https://bugs.chromium.org/p/project-zero/issues/detail?id=884
-https://blog.lastpass.com/2016/07/lastpass-security-updates.html/

Other

  • SANS have produced an interesting write up on CEO Fraud in this month’s edition of OUCH!. CEO Fraud also known as Business Email Compromise (BEC) occurs when a malicious actor pretends to be a CEO or senior executive of an organisation as a means to manipulate users through spear phishing emails or phone calls. Examples of these attacks can include requests for urgent money transfers, sensitive and employee information or emails advising the recipient to expect an urgent phone call to discuss confidential matters.Users are advised to always question emails or correspondents that just don’t look or feel right and to always ensure that correct security policy and procedures are followed regardless as to how urgent the situation may appear and when in doubt, ask for a second opinion.

– http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201607_en.pdf