Issue 51 - Week of Feb 8th

1.       IRS defeats 'automated attack' against tax e-filing systems: e-Taxpayers are given a five-digit e-filing code, used to authenticate the user when filing taxes. Hackers used an automated Bot to generate these codes with 464,000 stolen Social Security Numbers. The codes would have given them access to lot of information about those tax payers. Though the bot successfully generated e-filing codes for over 101,000 Social Security numbers, No taxpayer data was compromised or disclosed by IRS systems The tax agency wasn't so lucky last year when it was hit by a data breach, in which hackers pilfered tax information of more than 100,000 Americans.

2.       US Govt. looking for CISO: After a series of high-profile attacks against US government departments, agencies, and systems - President Barack Obama announced a $5 billion hike in cybersecurity spending, taking the total funding to $19 billion, in an effort to make cyber-defenses and protections a top priority. The Obama administration also set out to hire its first chief information security officer to take on federal responsibility for cybersecurity policy and strategy.

3.       Cops arrest teen for hack and leak of Dept. of Homeland Security (DHS), FBI data: A 16-year-old boy living in England has been arrested in connection with the recent hack of FBI and DHS data, as well as the personal email accounts of CIA director. The boy stole and leaked the names, titles and contact information for 20,000 FBI employees and 9,000 DHS employees. This was possible through a compromised Department of Justice email. The teen is suspected of being the leader of a group of hackers who call themselves “Crackas with Attitude” or CWA.

4.       Ukraine railway, mining company attacked with BlackEnergy malware: Weeks after the malware played a role in 'first known hacker-caused power outage' in Ukraine, BlackEnergy and its cohort KillDisk were used in attacks on mining and rail transportation firms as well. BlackEnergy has been floating around since 2011 and was originally used to collect information from industrial control systems. The US ICS-CERT issued a new YARA signature for detecting BlackEnergy. Everything that relies on an industrial control system, whether it be an oil and gas facility, a pipeline, a ship or a power generator could be compromised by this malware.

5.       Poseidon cybercriminals - first hack, then blackmail to sign contract: Poseidon launches spear phishing campaigns specifically tailored for victim companies, and they may include job applications with resumes for specific posts sent to HR. The phishing emails contain malicious RTF or DOC files. If the attachment is opened, the malware connects to the attacker's command and control (C&C) center and launches IGT malware (also called 'treasure stealer'). IGT now knows the apps, commands and vulnerabilities that can exploit this network. Armed with this data, they approach the victim and force them to sign Poseidon as their 'security consultants'. If a company refuses to hire them - they leak all stolen information. There are 35 Enterprise players across the US, France, Kazakhstan, UAE, India and Russia that have become targets, although Poseidon heavily leans upon businesses within Brazil.

6.       AlienSpy RAT strikes over 400,000 victims worldwide: Also known as Adwind, this malware is a Remote Access Tool (RAT) based on Java which is distributed using a malware-as-a-service platform. Hackers rent this platform and begin by sending the payload via Phishing campaigns.  If a victim opens the email attachment, the malware installs itself on the PC and attempts to communicate with the operator's command and control (C&C) server for additional instructions. The malware is able to collect keystrokes, steal cached passwords and data submitted through Web forms, take screenshots and pictures, as well as record video and sound. Half of the RAT's victims were based in the UAE, Germany, India, US, Italy, Russia, Vietnam, Hong Kong, Turkey and Taiwan. It is believed that subscriptions to the MaaS platform generate an annual income of approximately $200,000.

7.       Valentine's Day Inspires DDoS Attacks Against Online Florists: Several online florists experienced a surge in their traffic during the week leading to Valentine's day. Contrary to what some might expect, the traffic did not appear to be opportunistic in nature. Rather, it looked as if the florists were being individually targeted in denial-of-service campaigns apparently designed to extort money from them. The sudden spike in malicious traffic directed at online florists reflects a common tendency among cyber crooks to escalate malware campaigns and attacks around seasonal events and major news happenings.

8.       IoT Could Be Used by Spies, U.S. Intelligence Chief Says: Billions of new systems, devices and sensors connecting each year - widens the attack surface for hackers. Add to this, lack of security in many of these connected devices and their growing popularity in homes and businesses, makes the issue very concerning. But it's not all bad news, especially for spies: while these badly-designed devices will undermine security, the flip-side of that means ‘new opportunities for spies to collect intelligence’. It's not hard to think of scenarios where poorly secured devices in the home, from toys with built-in webcams to home automation systems, could be hacked into and used by intelligence agencies to gather all sorts of information.

9.       Pakistani man admits to massive telephone hacking scheme: Last week, A Pakistani man admitted to his role in a massive hacking scheme, in which he broke into various companies EPABX, found unused numbers and directed them to dial into premium telephone lines controlled by his criminal organization. AT&T paid the phony companies set up by the criminal group for the phone calls and collected the costs from the businesses that got hacked. The man also admitted to laundering $19.6 Million, the money ill-earned through this telecom fraud scam.

10.   Metel APT hacking group rolls back ATM transactions to dupe banks: Metel targets financial institutions through APT-style spying missions and custom malware. It's new tactic- is to gain control over bank machines which have access to transactions - such as support center PCs. Once this is done, the hackers legally withdraw money from the ATM of different Bank. After the cash is drawn, the hackers using their access to support center PCs - cancel the transaction and that rolls back the money drawn, back to the account. Now the hacker goes to another bank's ATM and draws money using the same card which is then  followed by rolling back the transaction. This is repeated several times during one night or on a holiday, the victim bank can only figure this out the next day.